security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

agent: Allow to use SETHASH for arbitrary data.

Browse source 
* agent/agent.h (struct server_control_s): Add field digest.data.
* agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
* agent/command.c (reset_notify): Ditto.
(start_command_handler): ditto.
(cmd_sethash): Add new option --inquire.
* agent/call-scd.c (agent_card_pksign): For now return an error if
inquire mode was used.
* agent/command-ssh.c (ssh_handler_sign_request): Make sure
digest.data is cleared.
* agent/divert-scd.c (divert_pksign): Implement inquire mode.
* agent/pksign.c (agent_pksign_do): Ditto.
--

This is required to support EdDSA according to RFC8410.

GnuPG-bug-id: 4888
This commit is contained in:
Werner Koch 2020-05-18 19:24:41 +02:00
parent b1694987bb
commit b18fb0264a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
7 changed files with 100 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

9
agent/divert-scd.c
View file

@ -437,7 +437,14 @@ divert_pksign (ctrl_t ctrl, const char *desc_text, const unsigned char *grip,
/* Note that the KID may be an keyref or a keygrip. The signing
* functions handle both. */
if (algo == MD_USER_TLS_MD5SHA1)
if (!algo)
{
/* This is the PureEdDSA case. (DIGEST,DIGESTLEN) this the
* entire data which will be signed. */
rc = agent_card_pksign (ctrl, kid, getpin_cb, ctrl, NULL,
0, digest, digestlen, &sigval, &siglen);
}
else if (algo == MD_USER_TLS_MD5SHA1)
{
int save = ctrl->use_auth_call;
ctrl->use_auth_call = 1;