1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Preparing another release

This commit is contained in:
Werner Koch 2006-10-24 14:45:34 +00:00
parent 86852e7eed
commit a2786169f2
8 changed files with 68 additions and 22 deletions

View File

@ -1,3 +1,7 @@
2006-10-24 Werner Koch <wk@g10code.com>
Released 1.9.94.
2006-10-20 Werner Koch <wk@g10code.com> 2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am (stowinstall): Add convenience target. * Makefile.am (stowinstall): Add convenience target.

2
NEWS
View File

@ -1,4 +1,4 @@
Noteworthy changes in version 1.9.94 Noteworthy changes in version 1.9.94 (2006-10-24)
------------------------------------------------- -------------------------------------------------
* Keys for gpgsm may now be specified using a keygrip. A keygrip is * Keys for gpgsm may now be specified using a keygrip. A keygrip is

20
TODO
View File

@ -2,14 +2,14 @@
* src/base64 * src/base64
** Make parsing more robust ** Make parsing more robust
Currently we don't cope with overlong lines in the best way. Currently we don't cope with overlong lines in the best way.
** Check that we really release the ksba reader/writer objects. ** Check that we really release the ksba reader/writer objects.
* sm/call-agent.c * sm/call-agent.c
** Some code should go into import.c ** Some code should go into import.c
** When we allow concurrent service request in gpgsm, we ** When we allow concurrent service request in gpgsm, we
might want to have an agent context for each service request might want to have an agent context for each service request
(i.e. Assuan context). (i.e. Assuan context).
* sm/certchain.c * sm/certchain.c
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent. ** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
@ -53,7 +53,7 @@ might want to have an agent context for each service request
** Return an error code or a status info per user ID. ** Return an error code or a status info per user ID.
* scd/tlv.c * scd/tlv.c
The parse_sexp fucntion should not go into this file. Check whether The parse_sexp function should not go into this file. Check whether
we can change all S-expression handling code to make use of this we can change all S-expression handling code to make use of this
function. function.
@ -64,14 +64,10 @@ might want to have an agent context for each service request
would be better to do this just at one place. First we need to see would be better to do this just at one place. First we need to see
how we can support cards with multiple applications. how we can support cards with multiple applications.
** Detecting a removed card works only after the ticker detected it. ** Detecting a removed card works only after the ticker detected it.
We should check the card status in open-card to make this smoother. We should check the card status in open-card to make this smoother.
Needs to be integrated with the status file update, though. It is Needs to be integrated with the status file update, though. It is
not a real problem because application will get a card removed status not a real problem because application will get a card removed
and should the send a reset to try solving the problem. status and should the send a reset to try solving the problem.
** app-p15.c:do_auth
We assume SHA1 here. However we should also allow for TLS-MD5SHA1.
To properly inplement this we need to extend the inetrnal API. A
simple workaround by looking at the digest size if possible.
** Add a test to check the extkeyusage. ** Add a test to check the extkeyusage.

View File

@ -27,7 +27,7 @@ min_automake_version="1.9.3"
# Set my_issvn to "yes" for non-released code. Remember to run an # Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh" right before creating a distribution. # "svn up" and "autogen.sh" right before creating a distribution.
m4_define([my_version], [1.9.94]) m4_define([my_version], [1.9.94])
m4_define([my_issvn], [yes]) m4_define([my_issvn], [no])
m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \

View File

@ -2394,6 +2394,18 @@ source distribution for the details of which configuration items may be
listed. @option{--list-config} is only usable with listed. @option{--list-config} is only usable with
@option{--with-colons} set. @option{--with-colons} set.
@item --gpgconf-list
@opindex gpgconf-list
This command is simliar to @option{--list-config} but in general only
internally used by the @command{gpgconf} tool.
@item --gpgconf-test
@opindex gpgconf-test
This is more or less dummy action. However it parses the configuration
file and returns with failure if the configuraion file would prevent
@command{gpg} from startup. Thus it may be used to run a syntax check
on the configuration file.
@end table @end table
@c ******************************* @c *******************************

View File

@ -1,3 +1,11 @@
2006-10-24 Werner Koch <wk@g10code.com>
* scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New.
(MAX_DIGEST_LEN): Increased to 36.
* app-p15.c (do_sign): Support for TLS_MD5SHA1.
(do_auth): Detect TLS_MD5SHA1.
(do_sign): Tweaks for that digest.
2006-10-23 Werner Koch <wk@g10code.com> 2006-10-23 Werner Koch <wk@g10code.com>
* scdaemon.c (main): New command --gpgconf-test. * scdaemon.c (main): New command --gpgconf-test.

View File

@ -2868,8 +2868,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
gpg_error_t err; gpg_error_t err;
int i; int i;
unsigned char data[35]; /* Must be large enough for a SHA-1 digest unsigned char data[36]; /* Must be large enough for a SHA-1 digest
+ the largest OID prefix above. */ + the largest OID prefix above and also
fit the 36 bytes of md5sha1. */
prkdf_object_t prkdf; /* The private key object. */ prkdf_object_t prkdf; /* The private key object. */
aodf_object_t aodf; /* The associated authentication object. */ aodf_object_t aodf; /* The associated authentication object. */
int no_data_padding = 0; /* True if the card want the data without padding.*/ int no_data_padding = 0; /* True if the card want the data without padding.*/
@ -2877,7 +2878,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
if (!keyidstr || !*keyidstr) if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
if (indatalen != 20 && indatalen != 16 && indatalen != 35) if (indatalen != 20 && indatalen != 16 && indatalen != 35 && indatalen != 36)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf); err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
@ -2948,7 +2949,10 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
mse[0] = 4; /* Length of the template. */ mse[0] = 4; /* Length of the template. */
mse[1] = 0x80; /* Algorithm reference tag. */ mse[1] = 0x80; /* Algorithm reference tag. */
mse[2] = 0x02; /* Algorithm: RSASSA-PKCS1-v1.5 using SHA1. */ if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
mse[2] = 0x01; /* Let card do pkcs#1 0xFF padding. */
else
mse[2] = 0x02; /* RSASSA-PKCS1-v1.5 using SHA1. */
mse[3] = 0x84; /* Private key reference tag. */ mse[3] = 0x84; /* Private key reference tag. */
mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82; mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82;
@ -3118,7 +3122,14 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
} }
/* Prepare the DER object from INDATA. */ /* Prepare the DER object from INDATA. */
if (indatalen == 35) if (indatalen == 36)
{
/* No ASN.1 container used. */
if (hashalgo != GCRY_MD_USER_TLS_MD5SHA1)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
memcpy (data, indata, indatalen);
}
else if (indatalen == 35)
{ {
/* Alright, the caller was so kind to send us an already /* Alright, the caller was so kind to send us an already
prepared DER object. Check that it is what we want and that prepared DER object. Check that it is what we want and that
@ -3177,7 +3188,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
return err; return err;
} }
if (no_data_padding) if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
err = iso7816_compute_ds (app->slot, data, 36, outdata, outdatalen);
else if (no_data_padding)
err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen); err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen);
else else
err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen); err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen);
@ -3200,6 +3213,7 @@ do_auth (app_t app, const char *keyidstr,
{ {
gpg_error_t err; gpg_error_t err;
prkdf_object_t prkdf; prkdf_object_t prkdf;
int algo;
if (!keyidstr || !*keyidstr) if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE); return gpg_error (GPG_ERR_INV_VALUE);
@ -3212,7 +3226,9 @@ do_auth (app_t app, const char *keyidstr,
log_error ("key %s may not be used for authentication\n", keyidstr); log_error ("key %s may not be used for authentication\n", keyidstr);
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
} }
return do_sign (app, keyidstr, GCRY_MD_SHA1, pincb, pincb_arg,
algo = indatalen == 36? GCRY_MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
return do_sign (app, keyidstr, algo, pincb, pincb_arg,
indata, indatalen, outdata, outdatalen); indata, indatalen, outdata, outdatalen);
} }

View File

@ -34,7 +34,17 @@
#include "../common/errors.h" #include "../common/errors.h"
#define MAX_DIGEST_LEN 24 /* To convey some special hash algorithms we use algorithm numbers
reserved for application use. */
#ifndef GCRY_MD_USER
#define GCRY_MD_USER 1024
#endif
#define GCRY_MD_USER_TLS_MD5SHA1 (GCRY_MD_USER+1)
/* Maximum length of a digest. */
#define MAX_DIGEST_LEN 36
/* A large struct name "opt" to keep global flags. */ /* A large struct name "opt" to keep global flags. */
struct struct