[svn] GnuPG - r5453 - in trunk: agent dirmngr g10 scd tools
svn author wk
cvs at cvs.gnupg.org
Mon Oct 18 14:59:20 CEST 2010
Author: wk
Date: 2010-10-18 14:59:19 +0200 (Mon, 18 Oct 2010)
New Revision: 5453
Modified:
trunk/agent/ChangeLog
trunk/agent/call-scd.c
trunk/dirmngr/crlcache.c
trunk/g10/ChangeLog
trunk/g10/sign.c
trunk/scd/ChangeLog
trunk/scd/app-openpgp.c
trunk/tools/mail-signed-keys
Log:
Fix a signing problem with the card
Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/agent/ChangeLog 2010-10-18 12:59:19 UTC (rev 5453)
@@ -1,3 +1,8 @@
+2010-10-18 Werner Koch <wk at g10code.com>
+
+ * call-scd.c (agent_card_pksign): Make sure to return an unsigned
+ number.
+
2010-10-14 Werner Koch <wk at g10code.com>
* command.c (cmd_genkey): Add option --no-protection.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/g10/ChangeLog 2010-10-18 12:59:19 UTC (rev 5453)
@@ -1,3 +1,7 @@
+2010-10-18 Werner Koch <wk at g10code.com>
+
+ * sign.c (do_sign): Remove warning and commented old code.
+
2010-10-14 Werner Koch <wk at g10code.com>
* call-agent.c (agent_genkey): Add arg NO_PROTECTION.
Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/scd/ChangeLog 2010-10-18 12:59:19 UTC (rev 5453)
@@ -1,3 +1,8 @@
+2010-10-18 Werner Koch <wk at g10code.com>
+
+ * app-openpgp.c (parse_algorithm_attribute): Remove extra const in
+ definition of DESC.
+
2010-08-16 Werner Koch <wk at g10code.com>
* scdaemon.c: Replace remaining printf by es_printf.
Modified: trunk/agent/call-scd.c
===================================================================
--- trunk/agent/call-scd.c 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/agent/call-scd.c 2010-10-18 12:59:19 UTC (rev 5453)
@@ -1,5 +1,5 @@
/* call-scd.c - fork of the scdaemon to do SC operations
- * Copyright (C) 2001, 2002, 2005, 2007 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2005, 2007, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -812,6 +812,7 @@
size_t len;
unsigned char *sigbuf;
size_t sigbuflen;
+ int prepend_nul;
*r_buf = NULL;
rc = start_scd (ctrl);
@@ -850,15 +851,20 @@
sigbuf = get_membuf (&data, &sigbuflen);
/* Create an S-expression from it which is formatted like this:
- "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))" */
- *r_buflen = 21 + 11 + sigbuflen + 4;
+ "(7:sig-val(3:rsa(1:sSIGBUFLEN:SIGBUF)))". We better make sure
+ that this won't be interpreted as a negative number. */
+ prepend_nul = (sigbuflen && (*sigbuf & 0x80));
+
+ *r_buflen = 21 + 11 + prepend_nul + sigbuflen + 4;
p = xtrymalloc (*r_buflen);
*r_buf = (unsigned char*)p;
if (!p)
return unlock_scd (ctrl, out_of_core ());
p = stpcpy (p, "(7:sig-val(3:rsa(1:s" );
- sprintf (p, "%u:", (unsigned int)sigbuflen);
+ sprintf (p, "%u:", (unsigned int)sigbuflen + prepend_nul);
p += strlen (p);
+ if (prepend_nul)
+ *p++ = 0;
memcpy (p, sigbuf, sigbuflen);
p += sigbuflen;
strcpy (p, ")))");
Modified: trunk/dirmngr/crlcache.c
===================================================================
--- trunk/dirmngr/crlcache.c 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/dirmngr/crlcache.c 2010-10-18 12:59:19 UTC (rev 5453)
@@ -1943,7 +1943,19 @@
/* Insert the CRL retrieved using URL into the cache specified by
CACHE. The CRL itself will be read from the stream FP and is
- expected in binary format. */
+ expected in binary format.
+
+ Called by:
+ crl_cache_load
+ cmd_loadcrl
+ --load-crl
+ crl_cache_reload_crl
+ cmd_isvalid
+ cmd_checkcrl
+ cmd_loadcrl
+ --fetch-crl
+
+ */
gpg_error_t
crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
{
Modified: trunk/g10/sign.c
===================================================================
--- trunk/g10/sign.c 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/g10/sign.c 2010-10-18 12:59:19 UTC (rev 5453)
@@ -251,6 +251,7 @@
gpg_error_t err;
gcry_mpi_t frame;
byte *dp;
+ char *hexgrip;
if (pksk->timestamp > sig->timestamp )
{
@@ -277,64 +278,33 @@
sig->data[0] = NULL;
sig->data[1] = NULL;
-#warning fixme: Use the agent for the card
-/* if (pksk->is_protected && pksk->protect.s2k.mode == 1002) */
-/* { */
-/* #ifdef ENABLE_CARD_SUPPORT */
-/* unsigned char *rbuf; */
-/* size_t rbuflen; */
-/* char *snbuf; */
-
-/* snbuf = serialno_and_fpr_from_sk (sk->protect.iv, */
-/* sk->protect.ivlen, sk); */
-/* rc = agent_scd_pksign (snbuf, digest_algo, */
-/* gcry_md_read (md, digest_algo), */
-/* gcry_md_get_algo_dlen (digest_algo), */
-/* &rbuf, &rbuflen); */
-/* xfree (snbuf); */
-/* if (!rc) */
-/* { */
-/* if (gcry_mpi_scan (&sig->data[0], GCRYMPI_FMT_USG, */
-/* rbuf, rbuflen, NULL)) */
-/* BUG (); */
-/* xfree (rbuf); */
-/* } */
-/* #else */
-/* return gpg_error (GPG_ERR_NOT_SUPPORTED); */
-/* #endif /\* ENABLE_CARD_SUPPORT *\/ */
-/* } */
-/* else */
- if (1)
+
+ err = hexkeygrip_from_pk (pksk, &hexgrip);
+ if (!err)
{
- char *hexgrip;
+ char *desc;
+ gcry_sexp_t s_sigval;
- err = hexkeygrip_from_pk (pksk, &hexgrip);
- if (!err)
- {
- char *desc;
- gcry_sexp_t s_sigval;
-
- desc = gpg_format_keydesc (pksk, 0, 1);
- err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc,
- dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
- &s_sigval);
- xfree (desc);
-
- if (err)
- ;
- else if (pksk->pubkey_algo == GCRY_PK_RSA
- || pksk->pubkey_algo == GCRY_PK_RSA_S)
- sig->data[0] = mpi_from_sexp (s_sigval, "s");
- else
- {
- sig->data[0] = mpi_from_sexp (s_sigval, "r");
- sig->data[1] = mpi_from_sexp (s_sigval, "s");
- }
+ desc = gpg_format_keydesc (pksk, 0, 1);
+ err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc,
+ dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
+ &s_sigval);
+ xfree (desc);
- gcry_sexp_release (s_sigval);
+ if (err)
+ ;
+ else if (pksk->pubkey_algo == GCRY_PK_RSA
+ || pksk->pubkey_algo == GCRY_PK_RSA_S)
+ sig->data[0] = mpi_from_sexp (s_sigval, "s");
+ else
+ {
+ sig->data[0] = mpi_from_sexp (s_sigval, "r");
+ sig->data[1] = mpi_from_sexp (s_sigval, "s");
}
- xfree (hexgrip);
+
+ gcry_sexp_release (s_sigval);
}
+ xfree (hexgrip);
/* Check that the signature verification worked and nothing is
* fooling us e.g. by a bug in the signature create code or by
Modified: trunk/scd/app-openpgp.c
===================================================================
--- trunk/scd/app-openpgp.c 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/scd/app-openpgp.c 2010-10-18 12:59:19 UTC (rev 5453)
@@ -3596,7 +3596,7 @@
unsigned char *buffer;
size_t buflen;
void *relptr;
- const char const desc[3][5] = {"sign", "encr", "auth"};
+ const char desc[3][5] = {"sign", "encr", "auth"};
assert (keyno >=0 && keyno <= 2);
Modified: trunk/tools/mail-signed-keys
===================================================================
--- trunk/tools/mail-signed-keys 2010-10-18 10:28:58 UTC (rev 5452)
+++ trunk/tools/mail-signed-keys 2010-10-18 12:59:19 UTC (rev 5453)
@@ -81,7 +81,7 @@
print "Hi," | sendmail
print "" | sendmail
print "Here you get back the signed key." | sendmail
- print "Please send it yourself to a keyserver." | sendmail
+ print "I already sent them to the keyservers." | sendmail
print "" | sendmail
print "Peace," | sendmail
print " " signame | sendmail
More information about the Gnupg-commits
mailing list