[git] GnuPG - branch, master, updated. gnupg-2.1.8-69-g4a5bd17

by NIIBE Yutaka cvs at cvs.gnupg.org
Tue Oct 6 08:14:16 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  4a5bd1720f5a3dbb26f5daeb03725cae29be7e24 (commit)
      from  ce2a84b58833fd308d5fe11756721f39c953280a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4a5bd1720f5a3dbb26f5daeb03725cae29be7e24
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Oct 6 15:10:25 2015 +0900

    agent: Fix verification of signature for smartcard.
    
    * agent/pksign.c (agent_pksign_do): Use public key smartcard.
    
    --
    
    Since gcry_pk_verify can't handle shadowed private key, public
    key SEXP should be prepared for smartcard.

diff --git a/agent/pksign.c b/agent/pksign.c
index 243c49d..e079c3f 100644
--- a/agent/pksign.c
+++ b/agent/pksign.c
@@ -291,6 +291,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
 {
   gcry_sexp_t s_skey = NULL, s_sig = NULL;
   gcry_sexp_t s_hash = NULL;
+  gcry_sexp_t s_pkey = NULL;
   unsigned char *shadow_info = NULL;
   unsigned int rc = 0;		/* FIXME: gpg-error? */
   const unsigned char *data;
@@ -331,6 +332,13 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
       int is_ECDSA = 0;
       int is_EdDSA = 0;
 
+      rc = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey);
+      if (rc)
+        {
+          log_error ("failed to read the public key\n");
+          goto leave;
+        }
+
       if (agent_is_eddsa_key (s_skey))
         is_EdDSA = 1;
       else
@@ -497,7 +505,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
                                ctrl->digest.raw_value);
         }
 
-      rc = gcry_pk_verify (s_sig, s_hash, s_skey);
+      rc = gcry_pk_verify (s_sig, s_hash, s_pkey? s_pkey: s_skey);
 
       if (rc)
         {
@@ -512,6 +520,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce,
 
   *signature_sexp = s_sig;
 
+  gcry_sexp_release (s_pkey);
   gcry_sexp_release (s_skey);
   gcry_sexp_release (s_hash);
   xfree (shadow_info);

-----------------------------------------------------------------------

Summary of changes:
 agent/pksign.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list