[svn] GnuPG - r5301 - branches/STABLE-BRANCH-1-4/g10

svn author wk cvs at cvs.gnupg.org
Fri Mar 26 19:11:31 CET 2010 

Author: wk
Date: 2010-03-26 19:11:30 +0100 (Fri, 26 Mar 2010)
New Revision: 5301

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/sign.c
Log:
Force SHA1 only for v1 cards


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2010-03-26 16:57:09 UTC (rev 5300)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2010-03-26 18:11:30 UTC (rev 5301)
@@ -4,6 +4,11 @@
 	succeeded, so we can't lose data when using gpg in a pipeline.
 	Fixes bug #1207.
 
+2010-02-25  Werner Koch  <wk at g10code.com>
+
+	* sign.c (hash_for): Force SHA1 only for v1 OpenPGP cards.  Fixes
+	bug#1194.
+
 2010-02-17  Werner Koch  <wk at g10code.com>
 
 	* keygen.c (ask_user_id): Avoid infinite loop in case of invalid

Modified: branches/STABLE-BRANCH-1-4/g10/sign.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/sign.c	2010-03-26 16:57:09 UTC (rev 5300)
+++ branches/STABLE-BRANCH-1-4/g10/sign.c	2010-03-26 18:11:30 UTC (rev 5301)
@@ -1,6 +1,6 @@
 /* sign.c - sign data
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- *               2007 Free Software Foundation, Inc.
+ *               2007, 2010 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -414,12 +414,15 @@
 
       return match_dsa_hash(qbytes);
     }
-  else if(sk->is_protected && sk->protect.s2k.mode==1002)
+  else if (sk->is_protected && sk->protect.s2k.mode == 1002
+           && sk->protect.ivlen == 16
+           && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01\x01", 7))
     {
-      /* The sk lives on a smartcard, and current smartcards only
-	 handle SHA-1 and RIPEMD/160.  This is correct now, but may
-	 need revision as the cards add algorithms. */
-
+      /* The sk lives on a smartcard, and old smartcards only handle
+	 SHA-1 and RIPEMD/160.  Newer smartcards (v2.0) don't have
+	 this restriction anymore.  Fortunately the serial number
+	 encodes the version of the card and thus we know that this
+	 key is on a v1 card. */
       if(opt.personal_digest_prefs)
 	{
 	  prefitem_t *prefs;

More information about the Gnupg-commits mailing list