security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

* findkey.c (agent_public_key_from_file): Fixed array assignment.

Browse Source 
This was the cause for random segvs.

* call-agent.c (gpgsm_agent_readkey): New.
This commit is contained in:
Werner Koch 2005-07-25 14:35:04 +00:00
parent 99f403b015
commit a2d1673d66
8 changed files with 91 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@ -1,6 +1,10 @@
Noteworthy changes in version 1.9.18 Noteworthy changes in version 1.9.18
------------------------------------------------- -------------------------------------------------
* [gpgsm] Now allows for more than one email address as well as URIs
and dnsNames in certificate request generation. A keygrip may be
given to create a request from an existing key.
Noteworthy changes in version 1.9.17 (2005-06-20) Noteworthy changes in version 1.9.17 (2005-06-20)
------------------------------------------------- -------------------------------------------------

12
TODO
View File

@ -28,11 +28,6 @@ might want to have an agent context for each service request
** mark all unimplemented commands and options. ** mark all unimplemented commands and options.
** Print a hint when MD2 is the cause for a problem. ** Print a hint when MD2 is the cause for a problem.
** Implement --default-key ** Implement --default-key
** Using --export-secret-key-p12 with a non-pth agent
This leads to a lockup because gpgsm is still accessing the agent
while gpg-protect-tool wants to pop up the pinentry. Solution is
to release the connection. This is not trivial, thus we are going
to do that while changing gpgsm to allow concurrent operations.
** support the anyPolicy semantic ** support the anyPolicy semantic
** Check that we are really following the verification procedures in rfc3280. ** Check that we are really following the verification procedures in rfc3280.
** Implement a --card-status command. ** Implement a --card-status command.
@ -45,11 +40,6 @@ might want to have an agent context for each service request
** Remove the inter-module dependencies between gpgsm and keybox ** Remove the inter-module dependencies between gpgsm and keybox
** Add an source_of_key field ** Add an source_of_key field
* agent/gpg-agent.c
** A SIGHUP should also restart the scdaemon
But do this only after all connections terminated. As of now we
only send a RESET.
* agent/command.c * agent/command.c
** Make sure that secure memory is used where appropriate ** Make sure that secure memory is used where appropriate
@ -104,4 +94,4 @@ might want to have an agent context for each service request
* sm/ * sm/
** --include-certs seems to be a dummy option. ** --include-certs is as of now still a dummy command line option

5
agent/ChangeLog
View File

@ -1,3 +1,8 @@
2005-07-25 Werner Koch <wk@g10code.com>
* findkey.c (agent_public_key_from_file): Fixed array assignment.
This was the cause for random segvs.
2005-06-29 Werner Koch <wk@g10code.com> 2005-06-29 Werner Koch <wk@g10code.com>
* command-ssh.c (data_sign): Removed empty statement. * command-ssh.c (data_sign): Removed empty statement.

2
agent/findkey.c
View File

@ -671,7 +671,7 @@ agent_public_key_from_file (ctrl_t ctrl,
*p++ = *s; *p++ = *s;
p = stpcpy (p, " %m)"); p = stpcpy (p, " %m)");
assert (argidx < DIM (args)); assert (argidx < DIM (args));
args[argidx++] = array[idx]; args[argidx++] = &array[idx];
} }
*p++ = ')'; *p++ = ')';
if (uri) if (uri)

4
doc/gpgsm.texi
View File

@ -790,8 +790,8 @@ client must provide it.
This is used to generate a new keypair, store the secret part in the This is used to generate a new keypair, store the secret part in the
@acronym{PSE} and the public key in the key database. We will probably @acronym{PSE} and the public key in the key database. We will probably
add optional commands to allow the client to select whether a hardware add optional commands to allow the client to select whether a hardware
token is used to store the key. Configuration options to @command{GPGSM} can be token is used to store the key. Configuration options to
used to restrict the use of this command. @command{GPGSM} can be used to restrict the use of this command.
@example @example
GENKEY GENKEY

47
sm/call-agent.c
View File

@ -1,5 +1,5 @@
/* call-agent.c - divert operations to the agent /* call-agent.c - divert operations to the agent
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -432,6 +432,51 @@ gpgsm_agent_genkey (ctrl_t ctrl,
return 0; return 0;
} }
/* Call the agent to read the public key part for a given keygrip. */
int
gpgsm_agent_readkey (ctrl_t ctrl, const char *hexkeygrip,
ksba_sexp_t *r_pubkey)
{
int rc;
membuf_t data;
size_t len;
unsigned char *buf;
char line[ASSUAN_LINELENGTH];
*r_pubkey = NULL;
rc = start_agent (ctrl);
if (rc)
return rc;
rc = assuan_transact (agent_ctx, "RESET",NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
return map_assuan_err (rc);
snprintf (line, DIM(line)-1, "READKEY %s", hexkeygrip);
line[DIM(line)-1] = 0;
init_membuf (&data, 1024);
rc = assuan_transact (agent_ctx, line,
membuf_data_cb, &data,
NULL, NULL, NULL, NULL);
if (rc)
{
xfree (get_membuf (&data, &len));
return map_assuan_err (rc);
}
buf = get_membuf (&data, &len);
if (!buf)
return gpg_error (GPG_ERR_ENOMEM);
if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
{
xfree (buf);
return gpg_error (GPG_ERR_INV_SEXP);
}
*r_pubkey = buf;
return 0;
}
/* Ask the agent whether the certificate is in the list of trusted /* Ask the agent whether the certificate is in the list of trusted
keys */ keys */

23
sm/certreqgen.c
View File

@ -63,6 +63,9 @@ The format of the native parameter file is follows:
algorithm is "rsa". algorithm is "rsa".
Key-Length: <length-in-bits> Key-Length: <length-in-bits>
Length of the key in bits. Default is 1024. Length of the key in bits. Default is 1024.
Key-Grip: hexstring
This is optional and used to generate a request for an already
existsing key. Key-Length will be ignored when given,
Key-Usage: <usage-list> Key-Usage: <usage-list>
Space or comma delimited list of key usage, allowed values are Space or comma delimited list of key usage, allowed values are
"encrypt" and "sign". This is used to generate the KeyUsage extension. "encrypt" and "sign". This is used to generate the KeyUsage extension.
@ -111,6 +114,7 @@ EOF
enum para_name { enum para_name {
pKEYTYPE, pKEYTYPE,
pKEYLENGTH, pKEYLENGTH,
pKEYGRIP,
pKEYUSAGE, pKEYUSAGE,
pNAMEDN, pNAMEDN,
pNAMEEMAIL, pNAMEEMAIL,
@ -252,6 +256,7 @@ read_parameters (ctrl_t ctrl, FILE *fp, ksba_writer_t writer)
} keywords[] = { } keywords[] = {
{ "Key-Type", pKEYTYPE}, { "Key-Type", pKEYTYPE},
{ "Key-Length", pKEYLENGTH }, { "Key-Length", pKEYLENGTH },
{ "Key-Grip", pKEYGRIP },
{ "Key-Usage", pKEYUSAGE }, { "Key-Usage", pKEYUSAGE },
{ "Name-DN", pNAMEDN }, { "Name-DN", pNAMEDN },
{ "Name-Email", pNAMEEMAIL, 1 }, { "Name-Email", pNAMEEMAIL, 1 },
@ -502,9 +507,24 @@ proc_parameters (ctrl_t ctrl,
} }
} }
s = get_parameter_value (para, pKEYGRIP, 0);
if (s) /* Use existing key. */
{
rc = gpgsm_agent_readkey (ctrl, s, &public);
if (rc)
{
r = get_parameter (para, pKEYTYPE, 0);
log_error (_("line %d: error getting key by keygrip `%s': %s\n"),
r->lnr, s, gpg_strerror (rc));
return rc;
}
}
else /* Generate new key. */
{
sprintf (numbuf, "%u", nbits); sprintf (numbuf, "%u", nbits);
snprintf ((char*)keyparms, DIM (keyparms)-1, snprintf ((char*)keyparms, DIM (keyparms)-1,
"(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf); "(6:genkey(3:rsa(5:nbits%d:%s)))",
(int)strlen (numbuf), numbuf);
rc = gpgsm_agent_genkey (ctrl, keyparms, &public); rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
if (rc) if (rc)
{ {
@ -513,6 +533,7 @@ proc_parameters (ctrl_t ctrl,
r->lnr, gpg_strerror (rc)); r->lnr, gpg_strerror (rc));
return rc; return rc;
} }
}
rc = create_request (ctrl, para, public, outctrl); rc = create_request (ctrl, para, public, outctrl);
xfree (public); xfree (public);

2
sm/gpgsm.h
View File

@ -299,6 +299,8 @@ int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
char **r_buf, size_t *r_buflen); char **r_buf, size_t *r_buflen);
int gpgsm_agent_genkey (ctrl_t ctrl, int gpgsm_agent_genkey (ctrl_t ctrl,
ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey); ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
int gpgsm_agent_readkey (ctrl_t ctrl, const char *hexkeygrip,
ksba_sexp_t *r_pubkey);
int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert); int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert);
int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip); int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert); int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);