[svn] GnuPG - r4317 - in trunk: . doc scd

svn author wk cvs at cvs.gnupg.org
Tue Oct 24 16:45:35 CEST 2006 

Author: wk
Date: 2006-10-24 16:45:34 +0200 (Tue, 24 Oct 2006)
New Revision: 4317

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/TODO
   trunk/configure.ac
   trunk/doc/gpg.texi
   trunk/scd/ChangeLog
   trunk/scd/app-p15.c
   trunk/scd/scdaemon.h
Log:
Preparing another release


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/ChangeLog	2006-10-24 14:45:34 UTC (rev 4317)
@@ -1,3 +1,7 @@
+2006-10-24  Werner Koch  <wk at g10code.com>
+
+	Released 1.9.94.
+
 2006-10-20  Werner Koch  <wk at g10code.com>
 
 	* Makefile.am (stowinstall): Add convenience target.

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/NEWS	2006-10-24 14:45:34 UTC (rev 4317)
@@ -1,4 +1,4 @@
-Noteworthy changes in version 1.9.94
+Noteworthy changes in version 1.9.94 (2006-10-24)
 -------------------------------------------------
 
  * Keys for gpgsm may now be specified using a keygrip.  A keygrip is

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/TODO	2006-10-24 14:45:34 UTC (rev 4317)
@@ -2,14 +2,14 @@
 
 * src/base64
 ** Make parsing more robust
-Currently we don't cope with overlong lines in the best way.
+   Currently we don't cope with overlong lines in the best way.
 ** Check that we really release the ksba reader/writer objects.
 
 * sm/call-agent.c
 ** Some code should go into import.c
 ** When we allow concurrent service request in gpgsm, we
-might want to have an agent context for each service request
-(i.e. Assuan context).
+   might want to have an agent context for each service request
+   (i.e. Assuan context).
 
 * sm/certchain.c
 ** When a certificate chain was sucessfully verified, make ephemeral certs used  in this chain permanent.
@@ -53,7 +53,7 @@
 ** Return an error code or a status info per user ID.
 
 * scd/tlv.c
-  The parse_sexp fucntion should not go into this file.  Check whether
+  The parse_sexp function should not go into this file.  Check whether
   we can change all S-expression handling code to make use of this
   function.
 
@@ -64,14 +64,10 @@
   would be better to do this just at one place. First we need to see
   how we can support cards with multiple applications.
 ** Detecting a removed card works only after the ticker detected it.
- We should check the card status in open-card to make this smoother.
- Needs to be integrated with the status file update, though.  It is
- not a real problem because application will get a card removed status
- and should the send a reset to try solving the problem.
-** app-p15.c:do_auth
-  We assume SHA1 here.  However we should also allow for TLS-MD5SHA1.
-  To properly inplement this we need to extend the inetrnal API.  A
-  simple workaround by looking at the digest size if possible.
+  We should check the card status in open-card to make this smoother.
+  Needs to be integrated with the status file update, though.  It is
+  not a real problem because application will get a card removed
+  status and should the send a reset to try solving the problem.
 
 ** Add a test to check the extkeyusage.
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/configure.ac	2006-10-24 14:45:34 UTC (rev 4317)
@@ -27,7 +27,7 @@
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
 m4_define([my_version], [1.9.94])
-m4_define([my_issvn], [yes])
+m4_define([my_issvn], [no])
 
 
 m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/doc/gpg.texi	2006-10-24 14:45:34 UTC (rev 4317)
@@ -2394,6 +2394,18 @@
 listed. @option{--list-config} is only usable with
 @option{--with-colons} set.
 
+ at item --gpgconf-list
+ at opindex gpgconf-list
+This command is simliar to @option{--list-config} but in general only
+internally used by the @command{gpgconf} tool.
+
+ at item --gpgconf-test
+ at opindex gpgconf-test
+This is more or less dummy action.  However it parses the configuration
+file and returns with failure if the configuraion file would prevent
+ at command{gpg} from startup.  Thus it may be used to run a syntax check
+on the configuration file.
+
 @end table
 
 @c *******************************

Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/scd/ChangeLog	2006-10-24 14:45:34 UTC (rev 4317)
@@ -1,3 +1,11 @@
+2006-10-24  Werner Koch  <wk at g10code.com>
+
+	* scdaemon.h (GCRY_MD_USER_TLS_MD5SHA1): New.
+	(MAX_DIGEST_LEN): Increased to 36.
+	* app-p15.c (do_sign): Support for TLS_MD5SHA1.
+	(do_auth): Detect TLS_MD5SHA1.
+	(do_sign): Tweaks for that digest.
+
 2006-10-23  Werner Koch  <wk at g10code.com>
 
 	* scdaemon.c (main): New command --gpgconf-test.

Modified: trunk/scd/app-p15.c
===================================================================
--- trunk/scd/app-p15.c	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/scd/app-p15.c	2006-10-24 14:45:34 UTC (rev 4317)
@@ -2868,8 +2868,9 @@
 
   gpg_error_t err;
   int i;
-  unsigned char data[35];   /* Must be large enough for a SHA-1 digest
-                               + the largest OID prefix above. */
+  unsigned char data[36];   /* Must be large enough for a SHA-1 digest
+                               + the largest OID prefix above and also
+                               fit the 36 bytes of md5sha1.  */
   prkdf_object_t prkdf;    /* The private key object. */
   aodf_object_t aodf;      /* The associated authentication object. */
   int no_data_padding = 0; /* True if the card want the data without padding.*/
@@ -2877,7 +2878,7 @@
 
   if (!keyidstr || !*keyidstr)
     return gpg_error (GPG_ERR_INV_VALUE);
-  if (indatalen != 20 && indatalen != 16 && indatalen != 35)
+  if (indatalen != 20 && indatalen != 16 && indatalen != 35 && indatalen != 36)
     return gpg_error (GPG_ERR_INV_VALUE);
 
   err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
@@ -2948,7 +2949,10 @@
       
       mse[0] = 4;    /* Length of the template. */
       mse[1] = 0x80; /* Algorithm reference tag. */
-      mse[2] = 0x02; /* Algorithm: RSASSA-PKCS1-v1.5 using SHA1. */
+      if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
+        mse[2] = 0x01; /* Let card do pkcs#1 0xFF padding. */
+      else
+        mse[2] = 0x02; /* RSASSA-PKCS1-v1.5 using SHA1. */
       mse[3] = 0x84; /* Private key reference tag. */
       mse[4] = prkdf->key_reference_valid? prkdf->key_reference : 0x82;
 
@@ -3118,8 +3122,15 @@
     }
 
   /* Prepare the DER object from INDATA. */
-  if (indatalen == 35)
+  if (indatalen == 36)
     {
+      /* No ASN.1 container used. */
+      if (hashalgo != GCRY_MD_USER_TLS_MD5SHA1)
+        return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+      memcpy (data, indata, indatalen);
+    }
+  else if (indatalen == 35)
+    {
       /* Alright, the caller was so kind to send us an already
          prepared DER object.  Check that it is what we want and that
          it matches the hash algorithm. */
@@ -3177,7 +3188,9 @@
       return err;
     }
 
-  if (no_data_padding)
+  if (hashalgo == GCRY_MD_USER_TLS_MD5SHA1)
+    err = iso7816_compute_ds (app->slot, data, 36, outdata, outdatalen);
+  else if (no_data_padding)
     err = iso7816_compute_ds (app->slot, data+15, 20, outdata, outdatalen);
   else
     err = iso7816_compute_ds (app->slot, data, 35, outdata, outdatalen);
@@ -3200,6 +3213,7 @@
 {
   gpg_error_t err;
   prkdf_object_t prkdf;
+  int algo;
 
   if (!keyidstr || !*keyidstr)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -3212,7 +3226,9 @@
       log_error ("key %s may not be used for authentication\n", keyidstr);
       return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
     }
-  return do_sign (app, keyidstr, GCRY_MD_SHA1, pincb, pincb_arg, 
+
+  algo = indatalen == 36? GCRY_MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
+  return do_sign (app, keyidstr, algo, pincb, pincb_arg, 
                   indata, indatalen, outdata, outdatalen);
 }
 

Modified: trunk/scd/scdaemon.h
===================================================================
--- trunk/scd/scdaemon.h	2006-10-24 14:28:01 UTC (rev 4316)
+++ trunk/scd/scdaemon.h	2006-10-24 14:45:34 UTC (rev 4317)
@@ -34,8 +34,18 @@
 #include "../common/errors.h"
 
 
-#define MAX_DIGEST_LEN 24 
+/* To convey some special hash algorithms we use algorithm numbers
+   reserved for application use. */
+#ifndef GCRY_MD_USER
+#define GCRY_MD_USER 1024
+#endif
+#define GCRY_MD_USER_TLS_MD5SHA1 (GCRY_MD_USER+1)
 
+/* Maximum length of a digest.  */
+#define MAX_DIGEST_LEN 36
+
+
+
 /* A large struct name "opt" to keep global flags. */
 struct
 {

More information about the Gnupg-commits mailing list