From 158a69aff7b75fa3a6bd5e6990520852c602ae03 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 5 Oct 2006 11:06:42 +0000
Subject: [PATCH] bug fixes

---
 NEWS               |  4 ++++
 TODO               | 22 ++++++++++------------
 agent/ChangeLog    |  4 ++++
 agent/command.c    |  4 ++--
 agent/divert-scd.c |  2 ++
 configure.ac       |  4 ++--
 doc/gpg-agent.texi |  7 ++++---
 g10/ChangeLog      |  8 ++++++++
 g10/seskey.c       |  4 +++-
 g10/status.c       | 22 +++++++++++-----------
 scd/app-openpgp.c  |  2 +-
 sm/ChangeLog       |  4 ++++
 sm/certcheck.c     |  2 ++
 13 files changed, 57 insertions(+), 32 deletions(-)

diff --git a/NEWS b/NEWS
index fc0db2b25..28a674b0f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.9.92
+-------------------------------------------------
+
+
 Noteworthy changes in version 1.9.91 (2006-10-04)
 -------------------------------------------------
 
diff --git a/TODO b/TODO
index 6d0c35015..c43aabe55 100644
--- a/TODO
+++ b/TODO
@@ -69,12 +69,6 @@ might want to have an agent context for each service request
  not a real problem because application will get a card removed status
  and should the send a reset to try solving the problem.
 
-* tests
-** Makefile.am
-  We use printf(1) to setup the library path, this is not portable.
-  Furthermore LD_LIBRARY_PATH is not used on all systems.  It doesn't
-  matter for now, because we use some GNU/*BSDish features anyway.
-
 ** Add a test to check the extkeyusage.
 
 * Windows port
@@ -93,15 +87,19 @@ might want to have an agent context for each service request
 
 * g10/
 ** issue a NO_SECKEY xxxx if a -u key was not found.
-** Replace DIGEST_ALGO_SHA224
-   We can't do that right now because it is only defined by newer
-   versions of libgcrypt.  Change this if we require libgcrypt 1.3
-   anyway.
 ** qbits
    We pass a new qbit parameter to genkey - implement this in libgcrypt.
+
+* When switching to libgcrypt 1.3
+** scd#encode_md_for_card, g10#encode_md_value, sm@do_encode_md
+   Remove the extra test for a valid algorithm as libgcrypt will do it
+   then in gcry_md_algo_info.
 ** skclist.c
-   As soon as we switch to libgcrypt 1.3 we should remove the hard
-   coded constant in random_is_faked.
+   Remove the hard coded constant in random_is_faked.
+** g10/ Replace DIGEST_ALGO_SHA224
+   We can't do that right now because it is only defined by newer
+   versions of libgcrypt. 
+
 
 * Extend selinux support to other modules
 
diff --git a/agent/ChangeLog b/agent/ChangeLog
index fc0308255..d95b040df 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,3 +1,7 @@
+2006-10-05  Werner Koch  <wk@g10code.com>
+
+	* divert-scd.c (encode_md_for_card): Check that the algo is valid.
+
 2006-10-04  Werner Koch  <wk@g10code.com>
 
 	* call-pinentry.c (agent_get_passphrase): Changed to return the
diff --git a/agent/command.c b/agent/command.c
index 900bfee01..a8a701f95 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -470,7 +470,7 @@ cmd_sethash (assuan_context_t ctx, char *line)
   char *endp;
   int algo;
 
-  /* parse the algo number and check it */
+  /* Parse the algo number and check it. */
   algo = (int)strtoul (line, &endp, 10);
   for (line = endp; *line == ' ' || *line == '\t'; line++)
     ;
@@ -478,7 +478,7 @@ cmd_sethash (assuan_context_t ctx, char *line)
     return set_error (GPG_ERR_UNSUPPORTED_ALGORITHM, NULL);
   ctrl->digest.algo = algo;
 
-  /* parse the hash value */
+  /* Parse the hash value. */
   rc = parse_hexstring (ctx, line, &n);
   if (rc)
     return rc;
diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index 9ba0b3b6d..89f177e64 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -148,6 +148,8 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
   *r_len = 0;
 
   asnlen = DIM(asn);
+  if (!algo || gcry_md_test_algo (algo))
+    return gpg_error (GPG_ERR_DIGEST_ALGO);
   if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
     {
       log_error ("no object identifier for algo %d\n", algo);
diff --git a/configure.ac b/configure.ac
index 12c9ce939..00aa140f4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,8 +26,8 @@ min_automake_version="1.9.3"
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [1.9.91])
-m4_define([my_issvn], [no])
+m4_define([my_version], [1.9.92])
+m4_define([my_issvn], [yes])
 
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 8e3424044..0912ea681 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -740,11 +740,12 @@ test whether the key is a valid key to sign something and responds with
 okay.
 
 @example
-   SETHASH <hexstring>
+   SETHASH <algo> <hexstring>
 @end example
 
-The client can use this command to tell the server about the data
-(which usually is a hash) to be signed.  
+The client can use this command to tell the server about the data <hexstring>
+(which usually is a hash) to be signed. <algo> is the decimal encoded hash
+algorithm number as used by Libgcrypt.
 
 The actual signing is done using
 
diff --git a/g10/ChangeLog b/g10/ChangeLog
index c3f9ce50b..c91022a1e 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,11 @@
+2006-10-05  Werner Koch  <wk@g10code.com>
+
+	* status.c (progress_cb): Changed to libgcrypt API.
+	(set_status_fd): Register the progress cb.
+
+	* seskey.c (encode_md_value): Check that the hash algo is valid
+	before getting the OID. 
+
 2006-10-04  Werner Koch  <wk@g10code.com>
 
 	* passphrase.c: Allow for a static passphrase in batch mode.
diff --git a/g10/seskey.c b/g10/seskey.c
index 2ef00869f..c0efc3ae7 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -267,7 +267,9 @@ encode_md_value (PKT_public_key *pk, PKT_secret_key *sk,
       byte *asn;
       size_t asnlen;
 
-      rc = gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, NULL, &asnlen);
+      rc = gcry_md_test_algo (hash_algo);
+      if (!rc)
+        rc = gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, NULL, &asnlen);
       if (rc)
         log_fatal ("can't get OID of algo %d: %s\n",
                    hash_algo, gpg_strerror (rc));
diff --git a/g10/status.c b/g10/status.c
index 2098d6738..b0d0cd74c 100644
--- a/g10/status.c
+++ b/g10/status.c
@@ -45,15 +45,17 @@ static FILE *statusfp;
 
 
 static void
-progress_cb ( void *ctx, int c )
+progress_cb (void *ctx, const char *what, int printchar,
+             int current, int total)
 {
-    char buf[50];
+  char buf[50];
 
-    if ( c == '\n' )
-	sprintf ( buf, "%.20s X 100 100", (char*)ctx );
-    else
-	sprintf ( buf, "%.20s %c 0 0", (char*)ctx, c );
-    write_status_text ( STATUS_PROGRESS, buf );
+  if ( printchar == '\n' && !strcmp (what, "primegen") )
+    snprintf (buf, sizeof buf -1, "%.20s X 100 100", what );
+  else
+    snprintf (buf, sizeof buf -1, "%.20s %c %d %d",
+              what, printchar=='\n'?'X':printchar, current, total );
+  write_status_text (STATUS_PROGRESS, buf);
 }
 
 static const char *
@@ -209,10 +211,8 @@ set_status_fd ( int fd )
                   fd, strerror(errno));
     }
     last_fd = fd;
-#warning Use libgrypt calls for progress indicators
-/*     register_primegen_progress ( progress_cb, "primegen" ); */
-/*     register_pk_dsa_progress ( progress_cb, "pk_dsa" ); */
-/*     register_pk_elg_progress ( progress_cb, "pk_elg" ); */
+
+    gcry_set_progress_handler ( progress_cb, NULL );
 }
 
 int
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 597ef437c..4de465ee1 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1926,7 +1926,7 @@ do_genkey (app_t app, ctrl_t ctrl,  const char *keynostr, unsigned int flags,
   start_at = time (NULL);
   rc = iso7816_generate_keypair 
 #else
-#warning key generation temporary replaced by reading an existing key.
+# warning key generation temporary replaced by reading an existing key.
   rc = iso7816_read_public_key
 #endif
     (app->slot, (const unsigned char*)(keyno == 0? "\xB6" :
diff --git a/sm/ChangeLog b/sm/ChangeLog
index dd469ae16..1a4157717 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,7 @@
+2006-10-05  Werner Koch  <wk@g10code.com>
+
+	* certcheck.c (do_encode_md): Check that the has algo is valid.
+
 2006-10-02  Marcus Brinkmann  <marcus@g10code.de>
 
 	* server.c (register_commands): New commands DUMPKEYS and
diff --git a/sm/certcheck.c b/sm/certcheck.c
index e8b842b88..efb1414cc 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -68,6 +68,8 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
       nframe = (nbits+7) / 8;
 
       asnlen = DIM(asn);
+      if (!algo || gcry_md_test_algo (algo))
+        return gpg_error (GPG_ERR_DIGEST_ALGO);
       if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
         {
           log_error ("no object identifier for algo %d\n", algo);