[svn] GnuPG - r4158 - trunk/g10
svn author dshaw
cvs at cvs.gnupg.org
Sat Jun 10 06:11:07 CEST 2006
Author: dshaw
Date: 2006-06-10 06:11:05 +0200 (Sat, 10 Jun 2006)
New Revision: 4158
Modified:
trunk/g10/ChangeLog
trunk/g10/keygen.c
Log:
* keygen.c (gen_card_key): Add optional argument to return a pointer
(not a copy) of the stub secret key for the secret key we just
generated on the card. (generate_card_subkeypair): Use it here so
that the signing key on the card can use the card to generate the 0x19
backsig on the primary key. Noted by Janko Heilgeist and Jonas Oberg.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2006-06-09 19:45:19 UTC (rev 4157)
+++ trunk/g10/ChangeLog 2006-06-10 04:11:05 UTC (rev 4158)
@@ -1,5 +1,12 @@
2006-06-09 David Shaw <dshaw at jabberwocky.com>
+ * keygen.c (gen_card_key): Add optional argument to return a
+ pointer (not a copy) of the stub secret key for the secret key we
+ just generated on the card.
+ (generate_card_subkeypair): Use it here so that the signing key on
+ the card can use the card to generate the 0x19 backsig on the
+ primary key. Noted by Janko Heilgeist and Jonas Oberg.
+
* parse-packet.c (parse_user_id): Cap the user ID size at 2048
bytes. This prevents a memory allocation attack with a very large
user ID. A very large packet length could even cause the
Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c 2006-06-09 19:45:19 UTC (rev 4157)
+++ trunk/g10/keygen.c 2006-06-10 04:11:05 UTC (rev 4158)
@@ -122,6 +122,7 @@
static int write_keyblock( IOBUF out, KBNODE node );
static int gen_card_key (int algo, int keyno, int is_primary,
KBNODE pub_root, KBNODE sec_root,
+ PKT_secret_key **ret_sk,
u32 expireval, struct para_data_s *para);
static int gen_card_key_with_backup (int algo, int keyno, int is_primary,
KBNODE pub_root, KBNODE sec_root,
@@ -937,7 +938,6 @@
return rc;
}
-/* sub_sk is currently unused (reserved for backsigs) */
static int
write_keybinding( KBNODE root, KBNODE pub_root,
PKT_secret_key *pri_sk, PKT_secret_key *sub_sk,
@@ -2908,7 +2908,7 @@
}
else
{
- rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root,
+ rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root, NULL,
get_parameter_u32 (para, pKEYEXPIRE), para);
if (!rc)
{
@@ -2944,7 +2944,7 @@
if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
{
- rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root,
+ rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL,
get_parameter_u32 (para, pKEYEXPIRE), para);
if (!rc)
@@ -2980,6 +2980,7 @@
}
else
rc = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, sec_root,
+ NULL,
get_parameter_u32 (para, pKEYEXPIRE), para);
}
@@ -3238,7 +3239,7 @@
{
int okay=0, rc=0;
KBNODE node;
- PKT_secret_key *pri_sk = NULL;
+ PKT_secret_key *pri_sk = NULL, *sub_sk;
int algo;
unsigned int use;
u32 expire;
@@ -3318,11 +3319,12 @@
if (passphrase)
set_next_passphrase (passphrase);
- rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock, expire, para);
+ rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock,
+ &sub_sk, expire, para);
if (!rc)
- rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, NULL, use);
+ rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk, use);
if (!rc)
- rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, NULL, use);
+ rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk, use);
if (!rc)
{
okay = 1;
@@ -3369,7 +3371,7 @@
static int
gen_card_key (int algo, int keyno, int is_primary,
- KBNODE pub_root, KBNODE sec_root,
+ KBNODE pub_root, KBNODE sec_root, PKT_secret_key **ret_sk,
u32 expireval, struct para_data_s *para)
{
#ifdef ENABLE_CARD_SUPPORT
@@ -3430,6 +3432,9 @@
sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
}
+ if( ret_sk )
+ *ret_sk = sk;
+
pkt = xcalloc (1,sizeof *pkt);
pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
pkt->pkt.public_key = pk;
More information about the Gnupg-commits
mailing list