[svn] GnuPG - r5283 - in branches/STABLE-BRANCH-2-0: . g10

svn author wk cvs at cvs.gnupg.org
Tue Mar 9 10:55:25 CET 2010 

Author: wk
Date: 2010-03-09 10:55:24 +0100 (Tue, 09 Mar 2010)
New Revision: 5283

Modified:
   branches/STABLE-BRANCH-2-0/ChangeLog
   branches/STABLE-BRANCH-2-0/configure.ac
   branches/STABLE-BRANCH-2-0/g10/ChangeLog
   branches/STABLE-BRANCH-2-0/g10/sign.c
Log:
Add configure option --disable-ccid-driver


Modified: branches/STABLE-BRANCH-2-0/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-2-0/ChangeLog	2010-03-08 18:19:21 UTC (rev 5282)
+++ branches/STABLE-BRANCH-2-0/ChangeLog	2010-03-09 09:55:24 UTC (rev 5283)
@@ -1,3 +1,7 @@
+2010-03-09  Werner Koch  <wk at g10code.com>
+
+	* configure.ac: Add option --disable-ccid-driver.
+
 2010-02-18  Werner Koch  <wk at g10code.com>
 
 	Release 2.0.15rc1.

Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-2-0/g10/ChangeLog	2010-03-08 18:19:21 UTC (rev 5282)
+++ branches/STABLE-BRANCH-2-0/g10/ChangeLog	2010-03-09 09:55:24 UTC (rev 5283)
@@ -1,3 +1,8 @@
+2010-02-25  Werner Koch  <wk at g10code.com>
+
+	* sign.c (hash_for): Force SHA1 only for v1 OpenPGP cards.  Fixes
+	bug#1194.
+
 2010-02-17  Werner Koch  <wk at g10code.com>
 
 	* keygen.c (ask_user_id): Avoid infinite loop in case of invalid

Modified: branches/STABLE-BRANCH-2-0/configure.ac
===================================================================
--- branches/STABLE-BRANCH-2-0/configure.ac	2010-03-08 18:19:21 UTC (rev 5282)
+++ branches/STABLE-BRANCH-2-0/configure.ac	2010-03-09 09:55:24 UTC (rev 5283)
@@ -74,8 +74,8 @@
 use_bzip2=yes
 use_exec=yes
 disable_keyserver_path=no
+use_ccid_driver=yes
 
-
 GNUPG_BUILD_PROGRAM(gpg, yes)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
 GNUPG_BUILD_PROGRAM(agent, yes)
@@ -298,7 +298,20 @@
 [use_capabilities="$withval"],[use_capabilities=no])
 AC_MSG_RESULT($use_capabilities)
 
+
 #
+# Allow disabling of internal CCID support.
+# It is defined only after we confirm the library is available later
+#
+AC_MSG_CHECKING([whether to enable the internal CCID driver])
+AC_ARG_ENABLE(ccid-driver,
+              AC_HELP_STRING([--disable-ccid-driver],
+                             [disable the internal CCID driver]),
+              use_ccid_driver=$enableval)
+AC_MSG_RESULT($use_ccid_driver)
+
+
+#
 # To avoid double inclusion of config.h which might happen at some
 # places, we add the usual double inclusion protection at the top of
 # config.h.
@@ -629,14 +642,16 @@
 # libusb allows us to use the integrated CCID smartcard reader driver.
 #
 # FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
-AC_CHECK_LIB(usb, usb_bulk_write,
-              [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
-                AC_DEFINE(HAVE_LIBUSB,1,
-                         [defined if libusb is available])
-                have_libusb=yes
-             ])
+if test "$use_ccid_driver" = yes ; then
+  AC_CHECK_LIB(usb, usb_bulk_write,
+                [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
+                  AC_DEFINE(HAVE_LIBUSB,1,
+                           [defined if libusb is available])
+                  have_libusb=yes
+               ])
+  AC_CHECK_FUNCS(usb_create_match)
+fi
 AC_SUBST(LIBUSB_LIBS)
-AC_CHECK_FUNCS(usb_create_match)
 
 #
 # Check wether it is necessary to link against libdl.

Modified: branches/STABLE-BRANCH-2-0/g10/sign.c
===================================================================
--- branches/STABLE-BRANCH-2-0/g10/sign.c	2010-03-08 18:19:21 UTC (rev 5282)
+++ branches/STABLE-BRANCH-2-0/g10/sign.c	2010-03-09 09:55:24 UTC (rev 5283)
@@ -415,12 +415,15 @@
 
       return match_dsa_hash(qbytes);
     }
-  else if (sk->is_protected && sk->protect.s2k.mode==1002)
+  else if (sk->is_protected && sk->protect.s2k.mode == 1002
+           && sk->protect.ivlen == 16
+           && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01\x01", 7))
     {
-      /* The sk lives on a smartcard, and current smartcards only
-	 handle SHA-1 and RIPEMD/160.  This is correct now, but may
-	 need revision as the cards add algorithms. */
-
+      /* The sk lives on a smartcard, and old smartcards only handle
+	 SHA-1 and RIPEMD/160.  Newer smartcards (v2.0) don't have
+	 this restriction anymore.  Fortunately the serial number
+	 encodes the version of the card and thus we know that this
+	 key is on a v1 card. */
       if(opt.personal_digest_prefs)
 	{
 	  prefitem_t *prefs;

More information about the Gnupg-commits mailing list