* scd/command.c (cmd_readkey): avoid double-free of cert
--
When ksba_cert_new() fails, cert will be double-freed.
Debian-Bug-Id: 773471
Original patch changed by wk to do the free only at leave.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt): Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--
Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available. Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/command.c (update_reader_status_file): Add condition
vr->status == 0.
--
To reproduce the bug: (1) insert card,
(2) run "gpg2 --card-status",
(3) remove card, (4) invoke "gpg2 --card-edit",
(5) invoke some command like "verify"
The last step fails (but with no error message to user).
* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.
* scd/apdu.c (pcsc_no_service): Remove.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
pcsc_no_service support.
(apdu_open_reader): Remove R_NO_SERVICE.
* scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
* scd/command.c (reader_disabled): Remove.
(get_current_reader): Follow the change of R_NO_SERVICE.
(open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
support.
* scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
--
Daemon should handle all possible cases. Even if such a difficult
case like reader_disabled, it should not exit.
* scd/command.c (update_reader_status_file): Don't call
get_current_reader.
--
This fix has a impact that the insertion of a card reader will not be
detected upon the insertion, but will be deferred until user tries to
access his card.
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* agent/call-scd.c (agent_card_pkdecrypt): Use new option for long
data.
* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.
--
Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
* scd/command.c (update_card_removed): Do no act on an invalid VRDR.
(do_reset): Ignore apdu_reset error codes for no and inactive card.
Close the reader before setting the slot to -1.
(update_reader_status_file): Notify the application before closing the
reader.
--
With this change the scd now works as it did in the past. In
particular there is no more endless loop trying to open the reader by
the update_reader_status_file ticker function. That bug basically
blocked all card operations until the scdaemon was killed.
The vreader table makes the code more clear by explicitly talking
about APDU slots and reader indices. It also accommodates for future
extensions.
* scd/scdaemon.h (server_control_s): Remove READER_SLOT.
* scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT.
* scd/app.c (check_application_conflict): Add arg SLOT.
* scd/command.c (slot_status_s): Rename to vreader_s.
(server_local_s): Add field VREADER_IDX as replacement for
the READER_SLOT in server_control_s. Change all users.
(slot_table): Rename to vreader_table. Change all users.
(vreader_slot): New.
(do_reset, cmd_apdu): Map vreader to apdu slot.
(get_reader_slot): Rename to get_current_reader. Return -1 on error.
(open_card): Map vreader toapdu slot. Pass slot to
check_application_conflict.
(scd_command_handler): Init VREADER_IDX.
(update_reader_status_file): Reset SLOT field on error.
* scd/apdu.c (apdu_connect): Return status codes for no card available
and inactive card.
* scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
(open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
This patch implementes a chunk mode to pass the key parameters from
scdaemon to gpg. This allows to pass arbitrary long key paremeters;
it is used for keys larger than 3072 bit.
Note: the card key generation in gpg is currently broken. The keys
are generated but it is not possible to create the self-signature
because at that time the gpg-agent does not yet know about the new
keys and thus can't divert the sign request to the card. We either
need to run the learn command right after calling agent_scd_genkey or
implement a way to sign using the currently inserted card. Another
option would be to get rid of agent_scd_genkey and implement the
feature directly in agent_genkey.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
From Grant Olsons's mail to gnupg-devel@:
This is three-quarters NIIBE and one-quarter me, but I though it would
be easier to have a single complete patch that applies to
STABLE-BRANCH-2-0 than two patches floating around.
This is basically NIIBE Yatuka's patch here:
http://lists.gnupg.org/pipermail/gnupg-devel/2010-November/025828.html
Plus another check that closes down the reader explicitly if we get a
SW_HOST_NO_READER error, so that an unplugged reader doesn't hold onto
the first slot, preventing us from getting to the active plugged reader.
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* command.c (start_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
scd/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* command.c (scd_command_handler): Use assuan_fd_t and
assuan_fdopen on fds.
sm/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (gpgsm_server): Use assuan_fd_t and assuan_fdopen on
fds.
g10/
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (gpg_server): Use assuan_fd_t and assuan_fdopen on fds.
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* call-pinentry.c (start_pinentry): Call assuan_pipe_connect, not
assuan_pipe_connect_ext.
* command.c (start_command_handler): Change
assuan_init_socket_server_ext into assuan_init_socket_server.
* call-scd.c (start_scd): Update use of assuan_socket_connect and
assuan_pipe_connect.
* gpg-agent.c (check_own_socket_thread, check_for_running_agent):
Update use of assuan_socket_connect.
common/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
scd/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* command.c (scd_command_handler): Call assuan_init_socket_server,
not assuan_init_socket_server_ext.
sm/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* call-dirmngr.c (start_dirmngr_ext): Update use of
assuan_pipe_connect and assuan_socket_connect.
tools/
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (start_agent): Update use of
assuan_socket_connect and assuan_pipe_connect.
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* command.c (reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
common/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* get-passphrase.c (default_inq_cb, membuf_data_cb): Change return
type to gpg_error_t.
g10/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(register_commands): Use assuan_handler_t.
scd/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* command.c (reset_notify): Take LINE arg and return error.
(register_commands): Use assuan_handler_t type.
sm/
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
* server.c (reset_notify, input_notify, output_notify): Update to
new assuan interface.
(register_commands): Use assuan_handler_t.
* call-agent.c (membuf_data_cb, default_inq_cb)
(inq_ciphertext_cb, scd_serialno_status_cb)
(scd_keypairinfo_status_cb, istrusted_status_cb)
(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
* configure.ac (NEED_LIBASSUAN_API, NEED_LIBASSUAN_VERSION):
Update to new API (2, 1.1.0).
agent/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-agent.c (parse_rereadable_options): Don't set global assuan
log file (there ain't one anymore).
(main): Update to new API.
(check_own_socket_pid_cb): Return gpg_error_t instead of int.
(check_own_socket_thread, check_for_running_agent): Create assuan
context before connecting to server.
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(write_and_clear_outbuf): Use gpg_error_t instead of
assuan_error_t.
(cmd_geteventcounter, cmd_istrusted, cmd_listtrusted)
(cmd_marktrusted, cmd_havekey, cmd_sigkey, cmd_setkeydesc)
(cmd_sethash, cmd_pksign, cmd_pkdecrypt, cmd_genkey, cmd_readkey)
(cmd_keyinfo, cmd_get_passphrase, cmd_clear_passphrase)
(cmd_get_confirmation, cmd_learn, cmd_passwd)
(cmd_preset_passphrase, cmd_scd, cmd_getval, cmd_putval)
(cmd_updatestartuptty, cmd_killagent, cmd_reloadagent)
(cmd_getinfo, option_handler): Return gpg_error_t instead of int.
(post_cmd_notify): Change type of ERR to gpg_error_t from int.
(io_monitor): Add hook argument. Use symbols for constants.
(register_commands): Change return type of HANDLER to gpg_error_t.
(start_command_handler): Allocate assuan context before starting
server.
* call-pinentry.c: Include "scdaemon.h" before <assuan.h> because
of GPG_ERR_SOURCE_DEFAULT check.
(unlock_pinentry): Call assuan_release instead of
assuan_disconnect.
(getinfo_pid_cb, getpin_cb): Return gpg_error_t instead of int.
(start_pinentry): Allocate assuan context before connecting to
server.
* call-scd.c (membuf_data_cb, learn_status_cb, get_serialno_cb)
(membuf_data_cb, inq_needpin, card_getattr_cb, pass_status_thru)
(pass_data_thru): Change return type to gpg_error_t.
(start_scd): Allocate assuan context before connecting to server.
common/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* asshelp.c (start_new_gpg_agent): Allocate assuan context before
starting server.
g10/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(learn_status_cb, dummy_data_cb, get_serialno_cb, default_inq_cb)
(learn_status_cb, inq_writecert_parms, inq_writekey_parms)
(scd_genkey_cb, membuf_data_cb): Return gpg_error_t instead of
int.
* gpg.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(main): Update to new Assuan API.
* server.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, do_listkeys, cmd_listkeys)
(cmd_listsecretkeys, cmd_genkey, cmd_getinfo): Return gpg_error_t
instead of int.
(register_commands): Allocate assuan context before starting
server.
(gpg_server): Allocate assuan_context before starting server.
scd/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* command.c: Include "scdaemon.h" before <assuan.h> because of
GPG_ERR_SOURCE_DEFAULT check.
(option_handler, open_card, cmd_serialno, cmd_lean, cmd_readcert)
(cmd_readkey, cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt)
(cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_lock)
(cmd_unlock, cmd_getinfo, cmd_restart, cmd_disconnect, cmd_apdu)
(cmd_killscd): Return gpg_error_t instead of int.
(scd_command_handler): Allocate assuan context before starting server.
* scdaemon.c (main): Update to new Assuan API.
sm/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.c (main): Update to new assuan API.
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
(register_commands): Same for member HANDLER in table.
(gpgsm_server): Allocate assuan context before starting server.
* sm/call-dirmngr.c:
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
setting LDAPSERVER.
(start_dirmngr_ext): Allocate assuan context before starting
server.
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
(run_command_cb, run_command_inq_cb, run_command_status_cb):
Return gpg_error_t instead of int.
tools/
2009-09-23 Marcus Brinkmann <marcus@g10code.de>
* gpg-connect-agent.c (getinfo_pid_cb, read_and_print_response)
(main): Update to new Assuan API.
* scdaemon.c (main): Use estream_asprintf instead of asprintf.
* command.c (update_reader_status_file): Likewise.
(cmd_serialno): Use estream_asprintf instead of asprintf
and xfree instead of free to release memory allocated
through (estream_)asprintf.
(cmd_learn): Likewise.
(pin_cb): Likewise.
* app-openpgp.c (get_public_key): Likewise.
* command.c (get_reader_slot): Return the slot_table index, not
the APDU slot number.
(update_reader_status_file): Use the slot_table index in the
update_card_removed invocation.
char * vs. unsigned char * warnings. The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
* gpg-agent.c: New option --write-env-file.
* gpg-agent.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
* scdaemon.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
(handle_connections): Include the file descriptor into the name of
the thread.
(show_file): Implement it.
* keyformat.txt: Define the created-at attribute for keys.
* ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level.
(parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good.
(ccid_transceive): Arghhh. The seqno is another bit in the
R-block than in the I block, this was wrong at one place.
* scdaemon.c: New options --debug-ccid-driver and
--debug-disable-ticker.
* app-openpgp.c (do_genkey, do_writekey): Factored code to check
for existing key out into ..
(does_key_exist): .. New function.
* gpg-connect-agent.c (add_definq, show_definq, clear_definq)
(handle_inquire): New.
(read_and_print_response): Handle INQUIRE command.
(main): Implement control commands.
* acinclude.m4: Ditto.
* scdaemon.texi: Removed OpenSC specific options.
* app-p15.c: New. Basic support for pkcs15 cards without OpenSC.
There are quite a couple of things missing but at least I can use
my old TCOS cards from the Aegypten-1 development for signing.
* app.c (select_application): Detect pkcs15 applications.
* Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h
and card-p15.c because they are now obsolete. Added app-p15.c.
Removed all OpenSC stuff.
* command.c (do_reset, open_card, cmd_serialno, cmd_learn)
(cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed
all special cases for the old card.c based mechanisms.
* scdaemon.c, apdu.c: Removed all special cases for OpenSC.
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.
* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature
verification an expired key is fine whereas a revoked one is not.
* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
proper error code.
(retrieve_next_token): Removed.
(retrieve_fpr_from_card): Rewritten to make use of DO caching and
to take the KEYNO as arg.
(get_public_key): Renamed variable for clarity.
../g10/call-agent.c
(card_getattr_cb, agent_card_getattr): New.
* command-ssh.c (card_key_available): New.
(ssh_handler_request_identities): First see whether a card key is
available.
* app.c (app_getattr): Return APPTYPE or SERIALNO type even if the
application does dot support the getattr call.
* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that. Don't use the
fallback if no card is present. Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.
(scd_update_reader_status_file): Set the error flag on all changes.
select returns with -1.
* tools.texi (gpg-connect-agent): New.
* app-openpgp.c (get_one_do): Never try to get a non cacheable
object from the cache.
(get_one_do): Add new arg to return an error code. Changed all
callers.
(do_getattr): Let it return a proper error code.
* app.c (select_application): Return an error code and the
application context in an new arg.
* command.c (open_card): Adjusted for that. Don't use the
fallback if no card is present. Return an error if the card has
been removed without a reset.
(do_reset, cmd_serialno): Clear that error flag.
(TEST_CARD_REMOVAL): New. Use it with all command handlers.
* scdaemon.c (ticker_thread): Termintate if a shutdown is pending.
* apdu.c: Added some PCSC error codes.
(pcsc_error_to_sw): New.
(reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu)
(open_pcsc_reader): Do proper error code mapping.
* gpg-connect-agent.c: New.
* Makefile.am: Add it.
the client.
(option_handler): Parse the new event-signal option.
* scdaemon.c (handle_signal): Do not use SIGUSR{1,2} anymore for
changing the verbosity.
* app-help.c (app_help_read_length_of_cert): Fixed calculation of
R_CERTOFF.
* pcsc-wrapper.c: New.
* Makefile.am (pkglib_PROGRAMS): Install it here.
* apdu.c (writen, readn): New.
(open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the
pcsc-wrapper if we are using Pth.
(apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED
like SW_SUCCESS.
* Makefile.am (pkglib_PROGRAMS): Install it here.
* apdu.c (writen, readn): New.
(open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the
pcsc-wrapper if we are using Pth.
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build. Detect a keygrip and construct the filename in that
case. Unprotcet a key if needed. Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.
* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.
* simple-pwquery.c (agent_open): Don't mangle INFOSTR.
* export.c (export_p12, popen_protect_tool)
(gpgsm_p12_export): New.
* gpgsm.c (main): New command --export-secret-key-p12.
* app.c (app_setattr): New.
(do_getattr): New.
(do_learn_status): Reimplemented in terms of do_getattr.
* app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are
always synced.
(verify_chv2, verify_chv3): New. Factored out common code.
(do_setattr, do_sign, do_auth, do_decipher): Change the names of
the prompts to match that we have only 2 different PINs.
(app_select_openpgp): Check whether the card enforced CHV1.
(convert_sig_counter_value): New. Factor out code from
get_sig_counter.
* card-common.h (struct p15_private_s): Forward declaration. Add
it to card_ctx_s.
* card.c (card_close): Make sure private data is released.
(card_enum_certs): New.
* card-p15.c (p15_release_private_data): New.
(init_private_data): New to work around an OpenSC weirdness.
(p15_enum_keypairs): Do an OpenSC get_objects only once.
(p15_enum_certs): New.
(card_p15_bind): Bind new function.
* command.c (cmd_learn): Return information about the certificates.
* gpgsm.c: New command --learn-card
* call-agent.c (learn_cb,gpgsm_agent_learn): New.
* gpgsm.c (main): Print error messages for non-implemented commands.
agent/
* learncard.c: New.
* divert-scd.c (ask_for_card): The serial number is binary so
convert it to hex here.
* findkey.c (agent_write_private_key): New.
* genkey.c (store_key): And use it here.
scd/
* pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done.
* divert-scd.c (divert_pkdecrypt): Changed interface and
implemented it.