[svn] GnuPG - r4645 - branches/STABLE-BRANCH-1-4/g10

svn author wk cvs at cvs.gnupg.org
Mon Dec 10 16:34:22 CET 2007 

Author: wk
Date: 2007-12-10 16:34:20 +0100 (Mon, 10 Dec 2007)
New Revision: 4645

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/app-openpgp.c
   branches/STABLE-BRANCH-1-4/g10/cardglue.h
   branches/STABLE-BRANCH-1-4/g10/import.c
   branches/STABLE-BRANCH-1-4/g10/misc.c
Log:
Fixed  auto generation of the key stub.
Fixed bug 851.
Allow decryption using type 20 Elgamal keys.


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2007-12-10 15:19:34 UTC (rev 4644)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2007-12-10 15:34:20 UTC (rev 4645)
@@ -1,3 +1,20 @@
+2007-12-10  Werner Koch  <wk at g10code.com>
+
+	* cardglue.h (gpg_error_from_syserror): New.
+
+	* app-openpgp.c (do_decipher): Take care of cryptograms shorter
+	that 128 bytes.  Fixes bug#851.
+
+	* import.c (auto_create_card_key_stub):  Do not clear the entire
+	fingerprint.  This finally makes the stub creation work.  My past
+	tests seemed to work because there was a key with a all zero
+	fingerprint available (Elgamal signing keys).
+
+2007-12-08  Werner Koch  <wk at g10code.com>
+
+	* misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for
+	encryption.
+
 2007-12-03  Werner Koch  <wk at g10code.com>
 
 	* keygen.c (ask_key_flags): Add a translation remark and implement

Modified: branches/STABLE-BRANCH-1-4/g10/app-openpgp.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/app-openpgp.c	2007-12-10 15:19:34 UTC (rev 4644)
+++ branches/STABLE-BRANCH-1-4/g10/app-openpgp.c	2007-12-10 15:34:20 UTC (rev 4645)
@@ -1,5 +1,5 @@
 /* app-openpgp.c - The OpenPGP card application.
- *	Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *	Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -2315,8 +2315,49 @@
 
   rc = verify_chv2 (app, pincb, pincb_arg);
   if (!rc)
-    rc = iso7816_decipher (app->slot, indata, indatalen, 0,
-                           outdata, outdatalen);
+    {
+      size_t fixuplen;
+
+      /* We might encounter a couple of leading zeroes in the
+         cryptogram.  Due to internal use of MPIs thease leading
+         zeroes are stripped.  However the OpenPGP card expects
+         exactly 128 bytes for the cryptogram (for a 1k key).  Thus we
+         need to fix it up.  We do this for up to 16 leading zero
+         bytes; a cryptogram with more than this is with a very high
+         probability anyway broken.  */
+      if (indatalen >= (128-16) && indatalen < 128)      /* 1024 bit key.  */
+        fixuplen = 128 - indatalen;
+      else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key.  */
+        fixuplen = 256 - indatalen;
+      else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key.  */
+        fixuplen = 192 - indatalen;
+      else
+        fixuplen = 0;
+      if (fixuplen)
+        {
+          unsigned char *fixbuf;
+
+          /* While we have to prepend stuff anyway, we can also
+             include the padding byte here so that iso1816_decipher
+             does not need to do yet another data mangling.  */
+          fixuplen++;
+          fixbuf = xtrymalloc (fixuplen + indatalen);
+          if (!fixbuf)
+            rc = gpg_error_from_syserror ();
+          else
+            {
+              memset (fixbuf, 0, fixuplen);
+              memcpy (fixbuf+fixuplen, indata, indatalen);
+              rc = iso7816_decipher (app->slot, fixbuf, fixuplen+indatalen, -1,
+                                     outdata, outdatalen);
+              xfree (fixbuf);
+            }
+        }
+      else
+        rc = iso7816_decipher (app->slot, indata, indatalen, 0,
+                               outdata, outdatalen);
+    }
+
   return rc;
 }
 

Modified: branches/STABLE-BRANCH-1-4/g10/cardglue.h
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/cardglue.h	2007-12-10 15:19:34 UTC (rev 4644)
+++ branches/STABLE-BRANCH-1-4/g10/cardglue.h	2007-12-10 15:34:20 UTC (rev 4645)
@@ -127,6 +127,7 @@
 #define gpg_strerror(n) g10_errstr ((n))
 #define gpg_error_from_errno(n) (G10ERR_GENERAL) /*FIXME*/
 #define gpg_err_code_from_errno(n) (G10ERR_GENERAL)
+#define gpg_error_from_syserror()  (G10ERR_GENERAL) /*FIXME*/
 
 /* We are not using it in a library, so we even let xtrymalloc
    abort. Because we won't never return from these malloc functions,

Modified: branches/STABLE-BRANCH-1-4/g10/import.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/import.c	2007-12-10 15:19:34 UTC (rev 4644)
+++ branches/STABLE-BRANCH-1-4/g10/import.c	2007-12-10 15:34:20 UTC (rev 4645)
@@ -2348,7 +2348,8 @@
     size_t an;
 
     fingerprint_from_pk (pk, afp, &an);
-    memset (afp, 0, MAX_FINGERPRINT_LEN);
+    if (an < MAX_FINGERPRINT_LEN)
+      memset (afp+an, 0, MAX_FINGERPRINT_LEN-an);
     rc = keydb_search_fpr (hd, afp);
   }
 

Modified: branches/STABLE-BRANCH-1-4/g10/misc.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/misc.c	2007-12-10 15:19:34 UTC (rev 4644)
+++ branches/STABLE-BRANCH-1-4/g10/misc.c	2007-12-10 15:34:20 UTC (rev 4645)
@@ -413,6 +413,7 @@
       case PUBKEY_ALGO_RSA_S:
           use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
           break;
+      case PUBKEY_ALGO_ELGAMAL:
       case PUBKEY_ALGO_ELGAMAL_E:
           use = PUBKEY_USAGE_ENC;
           break;

More information about the Gnupg-commits mailing list