security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-24 15:17:02 +01:00
Code Activity

* primegen.c (is_prime): Free A2. Noted by pmike2001@mail.ru.

Browse Source 
Fixes #423.

* DETAILS: Document new status codes.

* cardglue.c (agent_scd_pkdecrypt, agent_scd_pksign)
(agent_scd_genkey, agent_scd_setattr, agent_scd_change_pin)
(agent_scd_checkpin, agent_openpgp_storekey): Make sure to send a
SC_OP_FAILURE after card operations which might change data.
* card-util.c (change_pin): Send a SC_OP_SUCCESS after a PIN has
been changed.
(change_name): Removed a debug output.
* status.h, status.c: New codes BAD_PASSPHRASE_PIN, SC_OP_FAILURE
and SC_OP_SUCCESS.

* de.po: Updated. Translation is still in the works, though.
This commit is contained in:
Werner Koch 2005-03-07 13:59:59 +00:00
parent db82cdd26a
commit c91e30fda4
11 changed files with 420 additions and 394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cipher/ChangeLog
View File

@ -1,3 +1,8 @@
2005-03-07 Werner Koch <wk@g10code.com>
* primegen.c (is_prime): Free A2. Noted by pmike2001@mail.ru.
Fixes #423.
2004-11-30 David Shaw <dshaw@jabberwocky.com> 2004-11-30 David Shaw <dshaw@jabberwocky.com>
* md.c (string_to_digest_algo): Allow read/write SHA384 and * md.c (string_to_digest_algo): Allow read/write SHA384 and

14
cipher/primegen.c
View File

@ -462,15 +462,16 @@ is_prime( MPI n, int steps, int *count )
mpi_set_ui( x, 2 ); mpi_set_ui( x, 2 );
} }
else { else {
/*mpi_set_bytes( x, nbits-1, get_random_byte, 0 );*/ char *p;
{ char *p = get_random_bits( nbits, 0, 0 );
p = get_random_bits( nbits, 0, 0 );
mpi_set_buffer( x, p, (nbits+7)/8, 0 ); mpi_set_buffer( x, p, (nbits+7)/8, 0 );
m_free(p); m_free(p);
}
/* make sure that the number is smaller than the prime /* Make sure that the number is smaller than the prime
* and keep the randomness of the high bit */ * and keep the randomness of the high bit. */
if( mpi_test_bit( x, nbits-2 ) ) { if( mpi_test_bit( x, nbits-2 ) ) {
mpi_set_highbit( x, nbits-2 ); /* clear all higher bits */ mpi_set_highbit( x, nbits-2 ); /* Clear all higher bits */
} }
else { else {
mpi_set_highbit( x, nbits-2 ); mpi_set_highbit( x, nbits-2 );
@ -498,6 +499,7 @@ is_prime( MPI n, int steps, int *count )
mpi_free( z ); mpi_free( z );
mpi_free( nminus1 ); mpi_free( nminus1 );
mpi_free( q ); mpi_free( q );
mpi_free (a2);
return rc; return rc;
} }

5
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2005-03-07 Werner Koch <wk@g10code.com>
* DETAILS: Document new status codes.
2005-02-15 Werner Koch <wk@g10code.com> 2005-02-15 Werner Koch <wk@g10code.com>
* faq.raw: Add htmlcharset header line as suggested by Maxim * faq.raw: Add htmlcharset header line as suggested by Maxim
@ -6,7 +10,6 @@
* gpg.ru.sgml: Updated from upstream. Added a closing PARA. * gpg.ru.sgml: Updated from upstream. Added a closing PARA.
* gpg.sgml: Add bkuptocard command for --edit-key. * gpg.sgml: Add bkuptocard command for --edit-key.
2005-02-05 David Shaw <dshaw@jabberwocky.com> 2005-02-05 David Shaw <dshaw@jabberwocky.com>

13
doc/DETAILS
View File

@ -349,6 +349,9 @@ more arguments in future versions.
The supplied passphrase was good and the secret key material The supplied passphrase was good and the secret key material
is therefore usable. is therefore usable.
BAD_PASSPHRASE_PIN
Reserved for future use.
DECRYPTION_FAILED DECRYPTION_FAILED
The symmetric decryption failed - one reason could be a wrong The symmetric decryption failed - one reason could be a wrong
passphrase for a symmetrical encrypted message. passphrase for a symmetrical encrypted message.
@ -570,6 +573,16 @@ more arguments in future versions.
This indicates that a signature subpacket was seen. The This indicates that a signature subpacket was seen. The
format is the same as the "spk" record above. format is the same as the "spk" record above.
SC_OP_FAILURE
An operation on a smartcard definitely failed. Currently
there is no indication of the actual error code, but
application should be prepared to later accept more arguments.
SC_OP_SUCCESS
A smart card operaion succeeded. This status is only printed
for certain operation and is mostly useful to check whether a
PIN change really worked.
Format of the "--attribute-fd" output Format of the "--attribute-fd" output
===================================== =====================================

12
g10/ChangeLog
View File

@ -1,3 +1,15 @@
2005-03-07 Werner Koch <wk@g10code.com>
* cardglue.c (agent_scd_pkdecrypt, agent_scd_pksign)
(agent_scd_genkey, agent_scd_setattr, agent_scd_change_pin)
(agent_scd_checkpin, agent_openpgp_storekey): Make sure to send a
SC_OP_FAILURE after card operations which might change data.
* card-util.c (change_pin): Send a SC_OP_SUCCESS after a PIN has
been changed.
(change_name): Removed a debug output.
* status.h, status.c: New codes BAD_PASSPHRASE_PIN, SC_OP_FAILURE
and SC_OP_SUCCESS.
2005-02-24 David Shaw <dshaw@jabberwocky.com> 2005-02-24 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (keyedit_menu): Only print the key signing hint when * keyedit.c (keyedit_menu): Only print the key signing hint when

13
g10/card-util.c
View File

@ -77,8 +77,11 @@ change_pin (int chvno, int allow_admin)
if (rc) if (rc)
tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc)); tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
else else
{
write_status (STATUS_SC_OP_SUCCESS);
tty_printf ("PIN changed.\n"); tty_printf ("PIN changed.\n");
} }
}
else else
for (;;) for (;;)
{ {
@ -103,24 +106,33 @@ change_pin (int chvno, int allow_admin)
if (rc) if (rc)
tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc)); tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
else else
{
write_status (STATUS_SC_OP_SUCCESS);
tty_printf ("PIN changed.\n"); tty_printf ("PIN changed.\n");
} }
}
else if (*answer == '2') else if (*answer == '2')
{ {
rc = agent_scd_change_pin (101); rc = agent_scd_change_pin (101);
if (rc) if (rc)
tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc)); tty_printf ("Error unblocking the PIN: %s\n", gpg_strerror (rc));
else else
{
write_status (STATUS_SC_OP_SUCCESS);
tty_printf ("PIN unblocked and new PIN set.\n"); tty_printf ("PIN unblocked and new PIN set.\n");
} }
}
else if (*answer == '3') else if (*answer == '3')
{ {
rc = agent_scd_change_pin (3); rc = agent_scd_change_pin (3);
if (rc) if (rc)
tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc)); tty_printf ("Error changing the PIN: %s\n", gpg_strerror (rc));
else else
{
write_status (STATUS_SC_OP_SUCCESS);
tty_printf ("PIN changed.\n"); tty_printf ("PIN changed.\n");
} }
}
else if (*answer == 'q' || *answer == 'Q') else if (*answer == 'q' || *answer == 'Q')
{ {
break; break;
@ -529,7 +541,6 @@ change_name (void)
return -1; return -1;
} }
log_debug ("setting Name to `%s'\n", isoname);
rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname) ); rc = agent_scd_setattr ("DISP-NAME", isoname, strlen (isoname) );
if (rc) if (rc)
log_error ("error setting Name: %s\n", gpg_strerror (rc)); log_error ("error setting Name: %s\n", gpg_strerror (rc));

49
g10/cardglue.c
View File

@ -1,5 +1,5 @@
/* cardglue.c - mainly dispatcher for card related functions. /* cardglue.c - mainly dispatcher for card related functions.
* Copyright (C) 2003, 2004 Free Software Foundation, Inc. * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -737,12 +737,17 @@ agent_scd_setattr (const char *name,
const unsigned char *value, size_t valuelen) const unsigned char *value, size_t valuelen)
{ {
APP app; APP app;
int rc;
app = current_app? current_app : open_card (); app = current_app? current_app : open_card ();
if (!app) if (!app)
return gpg_error (GPG_ERR_CARD); return gpg_error (GPG_ERR_CARD);
return app->fnc.setattr (app, name, pin_cb, NULL, value, valuelen); rc = app->fnc.setattr (app, name, pin_cb, NULL, value, valuelen);
if (rc)
write_status (STATUS_SC_OP_FAILURE);
return rc;
} }
@ -805,6 +810,7 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force)
APP app; APP app;
char keynostr[20]; char keynostr[20];
struct ctrl_ctx_s ctrl; struct ctrl_ctx_s ctrl;
int rc;
app = current_app? current_app : open_card (); app = current_app? current_app : open_card ();
if (!app) if (!app)
@ -815,9 +821,12 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force)
ctrl.status_cb = genkey_status_cb; ctrl.status_cb = genkey_status_cb;
ctrl.status_cb_arg = info; ctrl.status_cb_arg = info;
return app->fnc.genkey (app, &ctrl, keynostr, rc = app->fnc.genkey (app, &ctrl, keynostr,
force? 1:0, force? 1:0,
pin_cb, NULL); pin_cb, NULL);
if (rc)
write_status (STATUS_SC_OP_FAILURE);
return rc;
} }
/* Send a PKSIGN command to the SCdaemon. */ /* Send a PKSIGN command to the SCdaemon. */
@ -840,13 +849,15 @@ agent_scd_pksign (const char *serialno, int hashalgo,
rc = check_card_serialno (app, serialno); rc = check_card_serialno (app, serialno);
if (rc == -1) if (rc == -1)
goto retry; goto retry;
if (rc)
return rc;
return app->fnc.sign (app, serialno, hashalgo, if (!rc)
rc = app->fnc.sign (app, serialno, hashalgo,
pin_cb, NULL, pin_cb, NULL,
indata, indatalen, indata, indatalen,
r_buf, r_buflen); r_buf, r_buflen);
if (rc)
write_status (STATUS_SC_OP_FAILURE);
return rc;
} }
@ -870,13 +881,15 @@ agent_scd_pkdecrypt (const char *serialno,
rc = check_card_serialno (app, serialno); rc = check_card_serialno (app, serialno);
if (rc == -1) if (rc == -1)
goto retry; goto retry;
if (rc)
return rc;
return app->fnc.decipher (app, serialno, if (!rc)
rc = app->fnc.decipher (app, serialno,
pin_cb, NULL, pin_cb, NULL,
indata, indatalen, indata, indatalen,
r_buf, r_buflen); r_buf, r_buflen);
if (rc)
write_status (STATUS_SC_OP_FAILURE);
return rc;
} }
/* Change the PIN of an OpenPGP card or reset the retry counter. */ /* Change the PIN of an OpenPGP card or reset the retry counter. */
@ -886,6 +899,7 @@ agent_scd_change_pin (int chvno)
APP app; APP app;
char chvnostr[20]; char chvnostr[20];
int reset = 0; int reset = 0;
int rc;
reset = (chvno >= 100); reset = (chvno >= 100);
chvno %= 100; chvno %= 100;
@ -895,8 +909,11 @@ agent_scd_change_pin (int chvno)
return gpg_error (GPG_ERR_CARD); return gpg_error (GPG_ERR_CARD);
sprintf (chvnostr, "%d", chvno); sprintf (chvnostr, "%d", chvno);
return app->fnc.change_pin (app, NULL, chvnostr, reset, rc = app->fnc.change_pin (app, NULL, chvnostr, reset,
pin_cb, NULL); pin_cb, NULL);
if (rc)
write_status (STATUS_SC_OP_FAILURE);
return rc;
} }
/* Perform a CHECKPIN operation. SERIALNO should be the serial /* Perform a CHECKPIN operation. SERIALNO should be the serial
@ -906,12 +923,16 @@ int
agent_scd_checkpin (const char *serialnobuf) agent_scd_checkpin (const char *serialnobuf)
{ {
APP app; APP app;
int rc;
app = current_app? current_app : open_card (); app = current_app? current_app : open_card ();
if (!app) if (!app)
return gpg_error (GPG_ERR_CARD); return gpg_error (GPG_ERR_CARD);
return app->fnc.check_pin (app, serialnobuf, pin_cb, NULL); rc = app->fnc.check_pin (app, serialnobuf, pin_cb, NULL);
if (rc)
write_status (STATUS_SC_OP_FAILURE);
return rc;
} }
@ -924,12 +945,16 @@ agent_openpgp_storekey (int keyno,
const unsigned char *e, size_t elen) const unsigned char *e, size_t elen)
{ {
APP app; APP app;
int rc;
app = current_app? current_app : open_card (); app = current_app? current_app : open_card ();
if (!app) if (!app)
return gpg_error (GPG_ERR_CARD); return gpg_error (GPG_ERR_CARD);
return app_openpgp_storekey (app, keyno, template, template_len, rc = app_openpgp_storekey (app, keyno, template, template_len,
created_at, m, mlen, e, elen, created_at, m, mlen, e, elen,
pin_cb, NULL); pin_cb, NULL);
if (rc)
write_status (STATUS_SC_OP_FAILURE);
return rc;
} }

3
g10/status.c
View File

@ -112,6 +112,7 @@ get_status_string ( int no )
case STATUS_ENC_TO : s = "ENC_TO"; break; case STATUS_ENC_TO : s = "ENC_TO"; break;
case STATUS_NODATA : s = "NODATA"; break; case STATUS_NODATA : s = "NODATA"; break;
case STATUS_BAD_PASSPHRASE : s = "BAD_PASSPHRASE"; break; case STATUS_BAD_PASSPHRASE : s = "BAD_PASSPHRASE"; break;
case STATUS_BAD_PASSPHRASE_PIN: s = "BAD_PASSPHRASE_PIN"; break;
case STATUS_NO_PUBKEY : s = "NO_PUBKEY"; break; case STATUS_NO_PUBKEY : s = "NO_PUBKEY"; break;
case STATUS_NO_SECKEY : s = "NO_SECKEY"; break; case STATUS_NO_SECKEY : s = "NO_SECKEY"; break;
case STATUS_NEED_PASSPHRASE_SYM: s = "NEED_PASSPHRASE_SYM"; break; case STATUS_NEED_PASSPHRASE_SYM: s = "NEED_PASSPHRASE_SYM"; break;
@ -159,6 +160,8 @@ get_status_string ( int no )
case STATUS_PLAINTEXT : s = "PLAINTEXT"; break; case STATUS_PLAINTEXT : s = "PLAINTEXT"; break;
case STATUS_PLAINTEXT_LENGTH:s = "PLAINTEXT_LENGTH"; break; case STATUS_PLAINTEXT_LENGTH:s = "PLAINTEXT_LENGTH"; break;
case STATUS_SIG_SUBPACKET : s = "SIG_SUBPACKET"; break; case STATUS_SIG_SUBPACKET : s = "SIG_SUBPACKET"; break;
case STATUS_SC_OP_SUCCESS : s = "SC_OP_SUCCESS"; break;
case STATUS_SC_OP_FAILURE : s = "SC_OP_FAILURE"; break;
default: s = "?"; break; default: s = "?"; break;
} }
return s; return s;

7
g10/status.h
View File

@ -107,6 +107,13 @@
#define STATUS_NEED_PASSPHRASE_PIN 76 #define STATUS_NEED_PASSPHRASE_PIN 76
#define STATUS_SIG_SUBPACKET 77 #define STATUS_SIG_SUBPACKET 77
/* Extra status codes for certain smartcard operations. Primary
useful to double check that change PIN worked as expected. */
#define STATUS_BAD_PASSPHRASE_PIN 78
#define STATUS_SC_OP_FAILURE 79
#define STATUS_SC_OP_SUCCESS 80
/*-- status.c --*/ /*-- status.c --*/
void set_status_fd ( int fd ); void set_status_fd ( int fd );
int is_status_enabled ( void ); int is_status_enabled ( void );

664
po/de.po
View File

File diff suppressed because it is too large Load Diff

3
scripts/ChangeLog
View File

@ -428,7 +428,8 @@ Wed Oct 14 09:55:25 1998 Werner Koch (wk@isil.d.shuttle.de)
* config.sub: (freebsd): Add to maybe_os * config.sub: (freebsd): Add to maybe_os
Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without unlimited permission to copy and/or distribute it, with or without