1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Preparing another release

This commit is contained in:
Werner Koch 2006-10-24 14:45:34 +00:00
parent 86852e7eed
commit a2786169f2
8 changed files with 68 additions and 22 deletions

View File

@ -1,3 +1,7 @@
2006-10-24 Werner Koch <wk@g10code.com>
Released 1.9.94.
2006-10-20 Werner Koch <wk@g10code.com>
* Makefile.am (stowinstall): Add convenience target.

2
NEWS
View File

@ -1,4 +1,4 @@
Noteworthy changes in version 1.9.94
Noteworthy changes in version 1.9.94 (2006-10-24)
-------------------------------------------------
* Keys for gpgsm may now be specified using a keygrip. A keygrip is

10
TODO
View File

@ -53,7 +53,7 @@ might want to have an agent context for each service request
** Return an error code or a status info per user ID.
* scd/tlv.c
The parse_sexp fucntion should not go into this file. Check whether
The parse_sexp function should not go into this file. Check whether
we can change all S-expression handling code to make use of this
function.
@ -66,12 +66,8 @@ might want to have an agent context for each service request
** Detecting a removed card works only after the ticker detected it.
We should check the card status in open-card to make this smoother.
Needs to be integrated with the status file update, though. It is
not a real problem because application will get a card removed status
and should the send a reset to try solving the problem.
** app-p15.c:do_auth
We assume SHA1 here. However we should also allow for TLS-MD5SHA1.
To properly inplement this we need to extend the inetrnal API. A
simple workaround by looking at the digest size if possible.
not a real problem because application will get a card removed
status and should the send a reset to try solving the problem.
** Add a test to check the extkeyusage.

View File

@ -27,7 +27,7 @@ min_automake_version="1.9.3"
# Set my_issvn to "yes" for non-released code. Remember to run an
# "svn up" and "autogen.sh" right before creating a distribution.
m4_define([my_version], [1.9.94])
m4_define([my_issvn], [yes])
m4_define([my_issvn], [no])
m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \

View File

@ -2394,6 +2394,18 @@ source distribution for the details of which configuration items may be
listed. @option{--list-config} is only usable with
@option{--with-colons} set.
@item --gpgconf-list
@opindex gpgconf-list
This command is simliar to @option{--list-config} but in general only
internally used by the @command{gpgconf} tool.
@item --gpgconf-test
@opindex gpgconf-test
This is more or less dummy action. However it parses the configuration
file and returns with failure if the configuraion file would prevent
@command{gpg} from startup. Thus it may be used to run a syntax check
on the configuration file.
@end table
@c *******************************

View File

@ -1,3 +1,11 @@
2006-10-24 Werner Koch <wk@g10code.com>
* scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New.
(MAX_DIGEST_LEN): Increased to 36.
* app-p15.c (do_sign): Support for TLS_MD5SHA1.
(do_auth): Detect TLS_MD5SHA1.
(do_sign): Tweaks for that digest.
2006-10-23 Werner Koch <wk@g10code.com>
* scdaemon.c (main): New command --gpgconf-test.

View File

@ -2868,8 +2868,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
gpg_error_t err;
int i;
unsigned char data[35]; /* Must be large enough for a SHA-1 digest
+ the largest OID prefix above. */
unsigned char data[36]; /* Must be large enough for a SHA-1 digest
+ the largest OID prefix above and also
fit the 36 bytes of md5sha1. */
prkdf_object_t prkdf; /* The private key object. */
aodf_object_t aodf; /* The associated authentication object. */
int no_data_padding = 0; /* True if the card want the data without padding.*/
@ -2877,7 +2878,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
if (indatalen != 20 && indatalen != 16 && indatalen != 35)
if (indatalen != 20 && indatalen != 16 && indatalen != 35 && indatalen != 36)
return gpg_error (GPG_ERR_INV_VALUE);
err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
@ -2948,7 +2949,10 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
mse[0] = 4; /* Length of the template. */
mse[1] = 0x80; /* Algorithm reference tag. */
mse[2] = 0x02; /* Algorithm: RSASSA-PKCS1-v1.5 using SHA1. */
if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
mse[2] = 0x01; /* Let card do pkcs#1 0xFF padding. */
else
mse[2] = 0x02; /* RSASSA-PKCS1-v1.5 using SHA1. */
mse[3] = 0x84; /* Private key reference tag. */
mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82;
@ -3118,7 +3122,14 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
}
/* Prepare the DER object from INDATA. */
if (indatalen == 35)
if (indatalen == 36)
{
/* No ASN.1 container used. */
if (hashalgo != GCRY_MD_USER_TLS_MD5SHA1)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
memcpy (data, indata, indatalen);
}
else if (indatalen == 35)
{
/* Alright, the caller was so kind to send us an already
prepared DER object. Check that it is what we want and that
@ -3177,7 +3188,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
return err;
}
if (no_data_padding)
if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
err = iso7816_compute_ds (app->slot, data, 36, outdata, outdatalen);
else if (no_data_padding)
err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen);
else
err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen);
@ -3200,6 +3213,7 @@ do_auth (app_t app, const char *keyidstr,
{
gpg_error_t err;
prkdf_object_t prkdf;
int algo;
if (!keyidstr || !*keyidstr)
return gpg_error (GPG_ERR_INV_VALUE);
@ -3212,7 +3226,9 @@ do_auth (app_t app, const char *keyidstr,
log_error ("key %s may not be used for authentication\n", keyidstr);
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
return do_sign (app, keyidstr, GCRY_MD_SHA1, pincb, pincb_arg,
algo = indatalen == 36? GCRY_MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
return do_sign (app, keyidstr, algo, pincb, pincb_arg,
indata, indatalen, outdata, outdatalen);
}

View File

@ -34,7 +34,17 @@
#include "../common/errors.h"
#define MAX_DIGEST_LEN 24
/* To convey some special hash algorithms we use algorithm numbers
reserved for application use. */
#ifndef GCRY_MD_USER
#define GCRY_MD_USER 1024
#endif
#define GCRY_MD_USER_TLS_MD5SHA1 (GCRY_MD_USER+1)
/* Maximum length of a digest. */
#define MAX_DIGEST_LEN 36
/* A large struct name "opt" to keep global flags. */
struct