mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
Preparing another release
This commit is contained in:
parent
86852e7eed
commit
a2786169f2
@ -1,3 +1,7 @@
|
||||
2006-10-24 Werner Koch <wk@g10code.com>
|
||||
|
||||
Released 1.9.94.
|
||||
|
||||
2006-10-20 Werner Koch <wk@g10code.com>
|
||||
|
||||
* Makefile.am (stowinstall): Add convenience target.
|
||||
|
2
NEWS
2
NEWS
@ -1,4 +1,4 @@
|
||||
Noteworthy changes in version 1.9.94
|
||||
Noteworthy changes in version 1.9.94 (2006-10-24)
|
||||
-------------------------------------------------
|
||||
|
||||
* Keys for gpgsm may now be specified using a keygrip. A keygrip is
|
||||
|
16
TODO
16
TODO
@ -2,14 +2,14 @@
|
||||
|
||||
* src/base64
|
||||
** Make parsing more robust
|
||||
Currently we don't cope with overlong lines in the best way.
|
||||
Currently we don't cope with overlong lines in the best way.
|
||||
** Check that we really release the ksba reader/writer objects.
|
||||
|
||||
* sm/call-agent.c
|
||||
** Some code should go into import.c
|
||||
** When we allow concurrent service request in gpgsm, we
|
||||
might want to have an agent context for each service request
|
||||
(i.e. Assuan context).
|
||||
might want to have an agent context for each service request
|
||||
(i.e. Assuan context).
|
||||
|
||||
* sm/certchain.c
|
||||
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
|
||||
@ -53,7 +53,7 @@ might want to have an agent context for each service request
|
||||
** Return an error code or a status info per user ID.
|
||||
|
||||
* scd/tlv.c
|
||||
The parse_sexp fucntion should not go into this file. Check whether
|
||||
The parse_sexp function should not go into this file. Check whether
|
||||
we can change all S-expression handling code to make use of this
|
||||
function.
|
||||
|
||||
@ -66,12 +66,8 @@ might want to have an agent context for each service request
|
||||
** Detecting a removed card works only after the ticker detected it.
|
||||
We should check the card status in open-card to make this smoother.
|
||||
Needs to be integrated with the status file update, though. It is
|
||||
not a real problem because application will get a card removed status
|
||||
and should the send a reset to try solving the problem.
|
||||
** app-p15.c:do_auth
|
||||
We assume SHA1 here. However we should also allow for TLS-MD5SHA1.
|
||||
To properly inplement this we need to extend the inetrnal API. A
|
||||
simple workaround by looking at the digest size if possible.
|
||||
not a real problem because application will get a card removed
|
||||
status and should the send a reset to try solving the problem.
|
||||
|
||||
** Add a test to check the extkeyusage.
|
||||
|
||||
|
@ -27,7 +27,7 @@ min_automake_version="1.9.3"
|
||||
# Set my_issvn to "yes" for non-released code. Remember to run an
|
||||
# "svn up" and "autogen.sh" right before creating a distribution.
|
||||
m4_define([my_version], [1.9.94])
|
||||
m4_define([my_issvn], [yes])
|
||||
m4_define([my_issvn], [no])
|
||||
|
||||
|
||||
m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \
|
||||
|
12
doc/gpg.texi
12
doc/gpg.texi
@ -2394,6 +2394,18 @@ source distribution for the details of which configuration items may be
|
||||
listed. @option{--list-config} is only usable with
|
||||
@option{--with-colons} set.
|
||||
|
||||
@item --gpgconf-list
|
||||
@opindex gpgconf-list
|
||||
This command is simliar to @option{--list-config} but in general only
|
||||
internally used by the @command{gpgconf} tool.
|
||||
|
||||
@item --gpgconf-test
|
||||
@opindex gpgconf-test
|
||||
This is more or less dummy action. However it parses the configuration
|
||||
file and returns with failure if the configuraion file would prevent
|
||||
@command{gpg} from startup. Thus it may be used to run a syntax check
|
||||
on the configuration file.
|
||||
|
||||
@end table
|
||||
|
||||
@c *******************************
|
||||
|
@ -1,3 +1,11 @@
|
||||
2006-10-24 Werner Koch <wk@g10code.com>
|
||||
|
||||
* scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New.
|
||||
(MAX_DIGEST_LEN): Increased to 36.
|
||||
* app-p15.c (do_sign): Support for TLS_MD5SHA1.
|
||||
(do_auth): Detect TLS_MD5SHA1.
|
||||
(do_sign): Tweaks for that digest.
|
||||
|
||||
2006-10-23 Werner Koch <wk@g10code.com>
|
||||
|
||||
* scdaemon.c (main): New command --gpgconf-test.
|
||||
|
@ -2868,8 +2868,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
|
||||
gpg_error_t err;
|
||||
int i;
|
||||
unsigned char data[35]; /* Must be large enough for a SHA-1 digest
|
||||
+ the largest OID prefix above. */
|
||||
unsigned char data[36]; /* Must be large enough for a SHA-1 digest
|
||||
+ the largest OID prefix above and also
|
||||
fit the 36 bytes of md5sha1. */
|
||||
prkdf_object_t prkdf; /* The private key object. */
|
||||
aodf_object_t aodf; /* The associated authentication object. */
|
||||
int no_data_padding = 0; /* True if the card want the data without padding.*/
|
||||
@ -2877,7 +2878,7 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
|
||||
if (!keyidstr || !*keyidstr)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
if (indatalen != 20 && indatalen != 16 && indatalen != 35)
|
||||
if (indatalen != 20 && indatalen != 16 && indatalen != 35 && indatalen != 36)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
|
||||
err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
|
||||
@ -2948,7 +2949,10 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
|
||||
mse[0] = 4; /* Length of the template. */
|
||||
mse[1] = 0x80; /* Algorithm reference tag. */
|
||||
mse[2] = 0x02; /* Algorithm: RSASSA-PKCS1-v1.5 using SHA1. */
|
||||
if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
|
||||
mse[2] = 0x01; /* Let card do pkcs#1 0xFF padding. */
|
||||
else
|
||||
mse[2] = 0x02; /* RSASSA-PKCS1-v1.5 using SHA1. */
|
||||
mse[3] = 0x84; /* Private key reference tag. */
|
||||
mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82;
|
||||
|
||||
@ -3118,7 +3122,14 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
}
|
||||
|
||||
/* Prepare the DER object from INDATA. */
|
||||
if (indatalen == 35)
|
||||
if (indatalen == 36)
|
||||
{
|
||||
/* No ASN.1 container used. */
|
||||
if (hashalgo != GCRY_MD_USER_TLS_MD5SHA1)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
|
||||
memcpy (data, indata, indatalen);
|
||||
}
|
||||
else if (indatalen == 35)
|
||||
{
|
||||
/* Alright, the caller was so kind to send us an already
|
||||
prepared DER object. Check that it is what we want and that
|
||||
@ -3177,7 +3188,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
|
||||
return err;
|
||||
}
|
||||
|
||||
if (no_data_padding)
|
||||
if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
|
||||
err = iso7816_compute_ds (app->slot, data, 36, outdata, outdatalen);
|
||||
else if (no_data_padding)
|
||||
err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen);
|
||||
else
|
||||
err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen);
|
||||
@ -3200,6 +3213,7 @@ do_auth (app_t app, const char *keyidstr,
|
||||
{
|
||||
gpg_error_t err;
|
||||
prkdf_object_t prkdf;
|
||||
int algo;
|
||||
|
||||
if (!keyidstr || !*keyidstr)
|
||||
return gpg_error (GPG_ERR_INV_VALUE);
|
||||
@ -3212,7 +3226,9 @@ do_auth (app_t app, const char *keyidstr,
|
||||
log_error ("key %s may not be used for authentication\n", keyidstr);
|
||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||
}
|
||||
return do_sign (app, keyidstr, GCRY_MD_SHA1, pincb, pincb_arg,
|
||||
|
||||
algo = indatalen == 36? GCRY_MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
|
||||
return do_sign (app, keyidstr, algo, pincb, pincb_arg,
|
||||
indata, indatalen, outdata, outdatalen);
|
||||
}
|
||||
|
||||
|
@ -34,7 +34,17 @@
|
||||
#include "../common/errors.h"
|
||||
|
||||
|
||||
#define MAX_DIGEST_LEN 24
|
||||
/* To convey some special hash algorithms we use algorithm numbers
|
||||
reserved for application use. */
|
||||
#ifndef GCRY_MD_USER
|
||||
#define GCRY_MD_USER 1024
|
||||
#endif
|
||||
#define GCRY_MD_USER_TLS_MD5SHA1 (GCRY_MD_USER+1)
|
||||
|
||||
/* Maximum length of a digest. */
|
||||
#define MAX_DIGEST_LEN 36
|
||||
|
||||
|
||||
|
||||
/* A large struct name "opt" to keep global flags. */
|
||||
struct
|
||||
|
Loading…
x
Reference in New Issue
Block a user