This status message is used to inform the client of the maximum length
of an inquired passphrase and is used in pinentry-mode=loopback.
* agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status
message before doing the inquire.
* agent/gpg-agent.c (main): Supply omitted "break" statement for
lc-messages option. Otherwise, control would fall through to the
following oXauthority case and use the same value there.
Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN.
* agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED
when returning from the PKDECRYPT operation of scdaemon and cancel the
inquire.
(agent_card_pksign): Ditto.
(cancel_inquire): New.
* g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
(pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to
GCRY_PK_RSA.
--
The problem is that Libgcrypt has no more support for the alternate
RSA ids and thus if asking for the number of parameters, they will
return zero. Now, this leads to packing the key parameters into an
opaque MPI but because the algorithm id is actually known to GPG, it
assumes valid RSA parameters.
An example key with RSA_S is 0x5434509D.
This change might help to c+p a fingerprint from an HTML page without
being enclosed in a "pre" tag.
* common/userids.c (classify_user_id): Skip a second blank in the
middle of a fingerprint.
* scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
(open_ccid_reader): Use ccid_keypad_operation for verify and modify.
* scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
(ccid_transceive_apdu_level): Permit sending packet where
apdulen <= 289. Support receiving packets in a chain.
(ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.
* common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return
value of link().
* g13/g13.c: Make sure err is initialized.
* scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR.
* agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
(USE_GCRY_THREAD_CBS): New macro, defined if
GCRY_THREAD_OPTION_VERSION is 0.
(fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
(main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
* scd/apdu.c (apdu_connect): Do not test for zero atrlen.
--
When gpg-agent prompts for insertion of a card this error would be
returned.
Co-authored-by: Ben Kibbey <bjk@luxsci.net>
* scd/app.c (select_application): Reorder application tests.
--
Although the DINSIG application is available on most German cards, it
is in reality not used. Thus showing the Geldkarte application is
more desirable for a good user experience.
* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".
* scd/command.c (update_card_removed): Do no act on an invalid VRDR.
(do_reset): Ignore apdu_reset error codes for no and inactive card.
Close the reader before setting the slot to -1.
(update_reader_status_file): Notify the application before closing the
reader.
--
With this change the scd now works as it did in the past. In
particular there is no more endless loop trying to open the reader by
the update_reader_status_file ticker function. That bug basically
blocked all card operations until the scdaemon was killed.
* scd/scdaemon.c (oDebugAssuanLogCats): New.
(opts): Add option --debug-assuan-log-cats.
(main): Implement option.
* common/asshelp.c (set_libassuan_log_cats): New.
--
The old way of setting the logging categories with an environment
variable is awkward if sdaemon is spawned from a running gpg-agent.
The vreader table makes the code more clear by explicitly talking
about APDU slots and reader indices. It also accommodates for future
extensions.
* scd/scdaemon.h (server_control_s): Remove READER_SLOT.
* scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT.
* scd/app.c (check_application_conflict): Add arg SLOT.
* scd/command.c (slot_status_s): Rename to vreader_s.
(server_local_s): Add field VREADER_IDX as replacement for
the READER_SLOT in server_control_s. Change all users.
(slot_table): Rename to vreader_table. Change all users.
(vreader_slot): New.
(do_reset, cmd_apdu): Map vreader to apdu slot.
(get_reader_slot): Rename to get_current_reader. Return -1 on error.
(open_card): Map vreader toapdu slot. Pass slot to
check_application_conflict.
(scd_command_handler): Init VREADER_IDX.
(update_reader_status_file): Reset SLOT field on error.
* scd/apdu.c (apdu_connect): Return status codes for no card available
and inactive card.
* scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
(open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
* scripts/gitlog-to-changelog: Ignore lines after a "--" line.
--
The first line with two dashes at the start of a line (optionally
followed by white space) stops copying the commit log lines to the
ChangeLog entry in "make dist". This is useful to allow adding
comments to the log which are not useful in a ChangeLog.
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
