diff --git a/g10/ChangeLog b/g10/ChangeLog index 15840393e..a44f26d23 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,15 @@ +2007-12-10 Werner Koch + + * import.c (auto_create_card_key_stub): Do not clear the entire + fingerprint. This finally makes the stub creation work. My past + tests seemed to work because there was a key with a all zero + fingerprint available (Elgamal signing keys). + +2007-12-08 Werner Koch + + * misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for + encryption. + 2007-12-04 Werner Koch * helptext.c (get_help_from_file): New. diff --git a/g10/import.c b/g10/import.c index a58637c9d..66aa875c4 100644 --- a/g10/import.c +++ b/g10/import.c @@ -2355,7 +2355,8 @@ auto_create_card_key_stub ( const char *serialnostr, size_t an; fingerprint_from_pk (pk, afp, &an); - memset (afp, 0, MAX_FINGERPRINT_LEN); + if (an < MAX_FINGERPRINT_LEN) + memset (afp+an, 0, MAX_FINGERPRINT_LEN-an); rc = keydb_search_fpr (hd, afp); } @@ -2410,4 +2411,3 @@ auto_create_card_key_stub ( const char *serialnostr, keydb_release (hd); return rc; } - diff --git a/g10/misc.c b/g10/misc.c index f02601fc4..5f9af54c3 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -379,6 +379,7 @@ openpgp_pk_algo_usage ( int algo ) case PUBKEY_ALGO_RSA_S: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; + case PUBKEY_ALGO_ELGAMAL: case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; diff --git a/scd/ChangeLog b/scd/ChangeLog index 678083692..166f30891 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,8 @@ +2007-12-10 Werner Koch + + * app-openpgp.c (do_decipher): Take care of cryptograms shiorther + that 128 bytes. Fixes bug#851. + 2007-11-14 Werner Koch * scdaemon.c (main): Pass STANDARD_SOCKET flag to diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index bf7c0afc5..5cfec0407 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1,5 +1,5 @@ /* app-openpgp.c - The OpenPGP card application. - * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -2456,8 +2456,49 @@ do_decipher (app_t app, const char *keyidstr, rc = verify_chv2 (app, pincb, pincb_arg); if (!rc) - rc = iso7816_decipher (app->slot, indata, indatalen, 0, - outdata, outdatalen); + { + size_t fixuplen; + + /* We might encounter a couple of leading zeroes in the + cryptogram. Due to internal use of MPIs thease leading + zeroes are stripped. However the OpenPGp card expects + exactly 128 bytes for the cryptogram (for a 1k key). Thus we + need to fix it up. We do this for up to 16 leading zero + bytes; a cryptogram with more than this is with a very high + probability anyway broken. */ + if (indatalen >= (128-16) && indatalen < 128) /* 1024 bit key. */ + fixuplen = 128 - indatalen; + else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key. */ + fixuplen = 256 - indatalen; + else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key. */ + fixuplen = 192 - indatalen; + else + fixuplen = 0; + if (fixuplen) + { + unsigned char *fixbuf; + + /* While we have to prepend stuff anyway, we can also + include the padding byte here so that iso1816_decipher + does not need to do yet another data mangling. */ + fixuplen++; + fixbuf = xtrymalloc (fixuplen + indatalen); + if (!fixbuf) + rc = gpg_error_from_syserror (); + else + { + memset (fixbuf, 0, fixuplen); + memcpy (fixbuf+fixuplen, indata, indatalen); + rc = iso7816_decipher (app->slot, fixbuf, fixuplen+indatalen, -1, + outdata, outdatalen); + xfree (fixbuf); + } + + } + else + rc = iso7816_decipher (app->slot, indata, indatalen, 0, + outdata, outdatalen); + } return rc; }