Version 1.2.19.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

ChangeLog

@@ -1,3 +1,32 @@
+2021-10-12  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* VERSION: 1.2.19.
+	* chopstx: Update to 1.20.
+
+2021-10-11  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/configure (kdf_do): It can be overridden, now.
+
+2021-07-01  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/configure (CONFIG): Add KDF configuration.
+
+2021-06-10  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* tool/stlinkv2.py: Switch to Python3.
+
+	* tool/upgrade_by_passwd.py: Fix option handling.
+
+2021-04-30  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/openpgp-do.c (rw_algorithm_attr): Fix writing algorithm
+	attribute, which may cause GC.  Note that flash_enum_write needs
+	to call flash_enum_clear beforehand.
+
+2021-04-28  Bertrand Jacquin <bertrand@jacquin.bzh>
+
+	* regnual/regnual.c: Include <string.h>.
+
 2021-04-02  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* VERSION: 1.2.18.

NEWS

@@ -1,6 +1,34 @@
 Gnuk NEWS - User visible changes
 
 
+* Major changes in Gnuk 1.2.19
+
+  Released 2021-10-12, by NIIBE Yutaka
+
+** KDF Data Object configuration
+KDF Data Object should be highly recommended for all configurations.
+Nevertheless, for backward compatibillity, in Gnuk 1.2, it is optional
+by default; It is up to user to configure KDF Data Object before
+importing private keys.  In this situation, it is not good to
+introduce new build-time option like --enable-always-require-kdf-do,
+because it might wrongly encourage use of Gnuk with no KDF Data Object
+setting, by confusion.  If needed, please run configure:
+
+  kdf_do=required ./configure --enable-factory-reset --target...
+
+or
+
+  kdf_do=optional ./configure --enable-factory-reset --target...
+
+Please note that such a use of variable by shell command line is not
+well supported by the configure script (for other variables), but
+override of kdf_do is needed in some situations.
+
+** Upgrade of Chopstx
+We use Chopstx 1.20.  This enables use with PC/SC for GNU/Linux
+emulation.
+
+
 * Major changes in Gnuk 1.2.18
 
   Released 2021-04-02, by NIIBE Yutaka

README

@@ -1,14 +1,14 @@
 Gnuk - An Implementation of USB Cryptographic Token for GnuPG
 
-							 Version 1.2.18
-							     2021-04-02
+							 Version 1.2.19
+							     2021-10-12
 							   Niibe Yutaka
 				      Free Software Initiative of Japan
 
 Release Notes
 =============
 
-This is the release of Gnuk, version 1.2.18, which has major
+This is the release of Gnuk, version 1.2.19, which has major
 incompatible changes to Gnuk 1.0.x.  Specifically, it now supports
 overriding key import, but importing keys (or generating keys) results
 password reset.  Also, you need to import private keys before changing
@@ -243,7 +243,7 @@ External source code
 
 Gnuk is distributed with external source code.
 
-* chopstx/  -- Chopstx 1.19
+* chopstx/  -- Chopstx 1.20
 
   We use Chopstx as the kernel for Gnuk.
 

THANKS

@@ -18,6 +18,7 @@ Clint Adams		clint@softwarefreedom.org
 Daniel Kahn Gillmor	dkg@fifthhorseman.net
 Elliott Mitchell
 Fabio Utzig		utzig@apache.org
+Heiko Schaefer		heiko.schaefer@posteo.de
 Hironobu SUZUKI		hironobu@h2np.net
 Jan Suhr		jan@suhr.info
 Jeremy Drake		jeremydrake+gnuk@eacceleration.com

VERSION

@@ -1 +1 @@
-release/1.2.18
+release/1.2.19

regnual/regnual.c

@@ -26,6 +26,8 @@
  * ReGNUal
  */
 
+#include <string.h>
+
 #include "types.h"
 #include "usb_lld.h"
 #include "sys.h"

src/configure

@@ -46,7 +46,7 @@ hid_card_change=no
 factory_reset=no
 ackbtn_support=yes
 flash_override=""
-kdf_do_required=no
+kdf_do=${kdf_do:-optional}
 # For emulation
 prefix=/usr/local
 exec_prefix='${prefix}'
@@ -219,7 +219,7 @@ if test "$target" = "GNU_LINUX"; then
   emulation="yes"
   cross=""
   mcu="none"
-  kdf_do_required=yes
+  kdf_do=${kdf_do:-required}
   def_emulation="-DGNU_LINUX_EMULATION"
   def_memory_size="-DMEMORY_SIZE=1024"
   enable_hexoutput=""
@@ -341,7 +341,7 @@ else
 fi
 
 # KDF Data Object is always required for GNU/Linux emulation
-if test "$kdf_do_required" = "yes"; then
+if test "$kdf_do" = "required"; then
   KDF_DO_REQUIRED_DEFINE="#define KDF_DO_REQUIRED 1"
   echo "KDF DO is required before key import/generation"
 else
@@ -355,7 +355,7 @@ SERIALNO_STR_LEN_DEFINE="#define SERIALNO_STR_LEN ${#SERIALNO}"
 
 
 if test "$sys1_compat" = "yes"; then
-  CONFIG="$target:dfu=$with_dfu:debug=$debug:pinpad=$pinpad:certdo=$certdo:factory_reset=$factory_reset"
+  CONFIG="$target:dfu=$with_dfu:debug=$debug:pinpad=$pinpad:certdo=$certdo:factory_reset=$factory_reset:kdf=$kdf_do"
 else
   if test "$with_dfu" = "yes"; then
     echo "Common binary can't support DFU loader, don't use --with-dfu." >&2
@@ -365,7 +365,7 @@ else
   FLASH_PAGE_SIZE=2048
   FLASH_SIZE=128
   MEMORY_SIZE=20
-  CONFIG="common:debug=$debug:pinpad=$pinpad:certdo=$certdo:factory_reset=$factory_reset"
+  CONFIG="common:debug=$debug:pinpad=$pinpad:certdo=$certdo:factory_reset=$factory_reset:kdf=$kdf_do"
 fi
 
 output_vid_pid_version () {

src/openpgp-do.c

@@ -815,6 +815,8 @@ rw_algorithm_attr (uint16_t tag, int with_tag,
       else if (algo == ALGO_RSA2K && *algo_attr_pp != NULL)
 	{
 	  gpg_reset_algo_attr (kk);
+          /* Read it again, since GC may occur.  */
+          algo_attr_pp = get_algo_attr_pointer (kk);
 	  flash_enum_clear (algo_attr_pp);
 	  if (*algo_attr_pp != NULL)
 	    return 0;
@@ -823,6 +825,10 @@ rw_algorithm_attr (uint16_t tag, int with_tag,
                (*algo_attr_pp != NULL && (*algo_attr_pp)[1] != algo))
 	{
 	  gpg_reset_algo_attr (kk);
+          /* Read it again, since GC may occur.  */
+          algo_attr_pp = get_algo_attr_pointer (kk);
+          if (*algo_attr_pp)
+            flash_enum_clear (algo_attr_pp);
 	  *algo_attr_pp = flash_enum_write (kk_to_nr (kk), algo);
 	  if (*algo_attr_pp == NULL)
 	    return 0;

tool/stlinkv2.py

@@ -1,4 +1,4 @@
-#! /usr/bin/python
+#! /usr/bin/python3
 
 """
 stlinkv2.py - a tool to control ST-Link/V2

tool/upgrade_by_passwd.py

@@ -131,19 +131,25 @@ if __name__ == '__main__':
     skip_check = False
     while len(sys.argv) > 1:
         option = sys.argv[1]
-        sys.argv.pop(1)
         if option == '-f':      # F for Factory setting
+            sys.argv.pop(1)
             passwd = DEFAULT_PW3
         elif option == '-e':    # E for Enumeration
+            sys.argv.pop(1)
             wait_e = int(sys.argv[1])
             sys.argv.pop(1)
         elif option == '-k':    # K for Key number
+            sys.argv.pop(1)
             keyno = int(sys.argv[1])
             sys.argv.pop(1)
         elif option == '-s':    # S for skip the check of target
+            sys.argv.pop(1)
             skip_check = True
         else:
-            raise ValueError("unknown option", option)
+            if option[0] == '-':
+                raise ValueError("unknown option", option)
+            else:
+                break
     if not passwd:
         passwd = getpass("Admin password: ")
     if len(sys.argv) > 1: