diff --git a/ChangeLog b/ChangeLog index c367fe05c..1d85ee505 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2010-03-09 Werner Koch + + * configure.ac: Add option --disable-ccid-driver. + 2010-02-18 Werner Koch Release 2.0.15rc1. diff --git a/configure.ac b/configure.ac index 8b7f2c1ab..77b5f6e67 100644 --- a/configure.ac +++ b/configure.ac @@ -74,7 +74,7 @@ have_adns=no use_bzip2=yes use_exec=yes disable_keyserver_path=no - +use_ccid_driver=yes GNUPG_BUILD_PROGRAM(gpg, yes) GNUPG_BUILD_PROGRAM(gpgsm, yes) @@ -298,6 +298,19 @@ AC_ARG_WITH(capabilities, [use_capabilities="$withval"],[use_capabilities=no]) AC_MSG_RESULT($use_capabilities) + +# +# Allow disabling of internal CCID support. +# It is defined only after we confirm the library is available later +# +AC_MSG_CHECKING([whether to enable the internal CCID driver]) +AC_ARG_ENABLE(ccid-driver, + AC_HELP_STRING([--disable-ccid-driver], + [disable the internal CCID driver]), + use_ccid_driver=$enableval) +AC_MSG_RESULT($use_ccid_driver) + + # # To avoid double inclusion of config.h which might happen at some # places, we add the usual double inclusion protection at the top of @@ -629,14 +642,16 @@ AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no) # libusb allows us to use the integrated CCID smartcard reader driver. # # FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs. -AC_CHECK_LIB(usb, usb_bulk_write, - [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb" - AC_DEFINE(HAVE_LIBUSB,1, - [defined if libusb is available]) - have_libusb=yes - ]) +if test "$use_ccid_driver" = yes ; then + AC_CHECK_LIB(usb, usb_bulk_write, + [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb" + AC_DEFINE(HAVE_LIBUSB,1, + [defined if libusb is available]) + have_libusb=yes + ]) + AC_CHECK_FUNCS(usb_create_match) +fi AC_SUBST(LIBUSB_LIBS) -AC_CHECK_FUNCS(usb_create_match) # # Check wether it is necessary to link against libdl. diff --git a/g10/ChangeLog b/g10/ChangeLog index 4d686dd7e..5f3b0aade 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2010-02-25 Werner Koch + + * sign.c (hash_for): Force SHA1 only for v1 OpenPGP cards. Fixes + bug#1194. + 2010-02-17 Werner Koch * keygen.c (ask_user_id): Avoid infinite loop in case of invalid diff --git a/g10/sign.c b/g10/sign.c index 0528427db..f54e0d9d5 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -415,12 +415,15 @@ hash_for(PKT_secret_key *sk) return match_dsa_hash(qbytes); } - else if (sk->is_protected && sk->protect.s2k.mode==1002) + else if (sk->is_protected && sk->protect.s2k.mode == 1002 + && sk->protect.ivlen == 16 + && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01\x01", 7)) { - /* The sk lives on a smartcard, and current smartcards only - handle SHA-1 and RIPEMD/160. This is correct now, but may - need revision as the cards add algorithms. */ - + /* The sk lives on a smartcard, and old smartcards only handle + SHA-1 and RIPEMD/160. Newer smartcards (v2.0) don't have + this restriction anymore. Fortunately the serial number + encodes the version of the card and thus we know that this + key is on a v1 card. */ if(opt.personal_digest_prefs) { prefitem_t *prefs;