diff options
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | cipher/ChangeLog | 7 | ||||
-rw-r--r-- | cipher/ecc.c | 41 | ||||
-rw-r--r-- | cipher/pubkey.c | 1 | ||||
-rw-r--r-- | src/ChangeLog | 4 | ||||
-rw-r--r-- | src/sexp.c | 90 |
6 files changed, 88 insertions, 57 deletions
@@ -20,6 +20,8 @@ Noteworthy changes in version 1.5.x (unreleased) * Support ECDH. + * gcry_sexp_build does now support opaque MPIs with "%m". + * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_CIPHER_MODE_AESWRAP NEW. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 36773ab4..0f33f7a5 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,10 @@ +2011-01-31 Werner Koch <wk@g10code.com> + + * ecc.c (ecc_encrypt_raw, ecc_decrypt_raw): Do not free passed + parameters. + (ecc_sk_free, ecc_pk_free): Remove. + (test_keys): Replace ecc_pk_free by point_free and curve_free. + 2011-01-28 Werner Koch <wk@g10code.com> * pubkey.c (gcry_pk_genkey): Hack to insert the used curve name. diff --git a/cipher/ecc.c b/cipher/ecc.c index 45617491..8b608955 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -351,29 +351,6 @@ curve_free (elliptic_curve_t *E) /* - * Release a PK object. - */ -static void -ecc_pk_free (ECC_public_key *pk) -{ - point_free (&pk->Q); - curve_free (&pk->E); -} - - -/* - * Release a SK object. - */ -static void -ecc_sk_free (ECC_secret_key *sk) -{ - point_free (&sk->Q); - curve_free (&sk->E); - mpi_free (sk->d); sk->d = NULL; -} - - -/* * Return a copy of a curve object. */ static elliptic_curve_t @@ -447,7 +424,8 @@ gen_k (gcry_mpi_t p, int security_level) nbits = mpi_get_nbits (p); k = mpi_snew (nbits); if (DBG_CIPHER) - log_debug ("choosing a random k of %u bits\n", nbits); + log_debug ("choosing a random k of %u bits at seclevel %d\n", + nbits, security_level); gcry_mpi_randomize (k, nbits, security_level); @@ -562,9 +540,6 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name, } random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM; - if (DBG_CIPHER) - log_debug ("choosing a random x of size %u%s\n", nbits, - transient_key? " (transient-key)":""); d = gen_k (E.n, random_level); /* Compute Q. */ @@ -648,7 +623,8 @@ test_keys (ECC_secret_key *sk, unsigned int nbits) if (DBG_CIPHER) log_debug ("ECDSA operation: sign, verify ok.\n"); - ecc_pk_free (&pk); + point_free (&pk.Q); + curve_free (&pk.E); point_free (&R_); mpi_free (s); @@ -1368,7 +1344,8 @@ ecc_encrypt_raw (int algo, gcry_mpi_t *resarr, gcry_mpi_t k, } _gcry_mpi_ec_free (ctx); - ecc_pk_free (&pk); + point_free (&pk.E.G); + point_free (&pk.Q); if (!result[0] || !result[1]) { @@ -1469,7 +1446,9 @@ ecc_decrypt_raw (int algo, gcry_mpi_t *result, gcry_mpi_t *data, point_free (&R); _gcry_mpi_ec_free (ctx); - ecc_sk_free (&sk) ; + point_free (&kG); + point_free (&sk.E.G); + point_free (&sk.Q); if (!r) return GPG_ERR_ENOMEM; @@ -1678,7 +1657,7 @@ gcry_pk_spec_t _gcry_pubkey_spec_ecdsa = gcry_pk_spec_t _gcry_pubkey_spec_ecdh = { "ECDH", ecdh_names, - "pabgnq", "pabgnqd", "rs", "", "pabgnq", + "pabgnq", "pabgnqd", "se", "", "pabgnq", GCRY_PK_USAGE_ENCR, ecc_generate, ecc_check_secret_key, diff --git a/cipher/pubkey.c b/cipher/pubkey.c index d540866f..b2de4e60 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -2274,7 +2274,6 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) while (nelem < DIM (mpis)) mpis[nelem++] = NULL; - log_debug ("-->%s<-- %d\n", string, percent_s_idx); { int elem_n = strlen (pub_elems) + strlen (sec_elems); void **arg_list; diff --git a/src/ChangeLog b/src/ChangeLog index fe267b03..f2fbb327 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-01-31 Werner Koch <wk@g10code.com> + + * sexp.c (vsexp_sscan): Allow opaque MPIs in "%m". + 2010-08-27 Werner Koch <wk@g10code.com> * g10lib.h (HWF_INTEL_AES): New. @@ -1257,36 +1257,76 @@ vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff, ARG_NEXT (m, gcry_mpi_t); - if (gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &nm, m)) - BUG (); + if (gcry_mpi_get_flag (m, GCRYMPI_FLAG_OPAQUE)) + { + void *mp; + unsigned int nbits; - MAKE_SPACE (nm); - if (!gcry_is_secure (c.sexp->d) - && gcry_mpi_get_flag ( m, GCRYMPI_FLAG_SECURE)) - { - /* We have to switch to secure allocation. */ - gcry_sexp_t newsexp; - byte *newhead; + mp = gcry_mpi_get_opaque (m, &nbits); + nm = (nbits+7)/8; + if (mp && nm) + { + MAKE_SPACE (nm); + if (!gcry_is_secure (c.sexp->d) + && gcry_mpi_get_flag (m, GCRYMPI_FLAG_SECURE)) + { + /* We have to switch to secure allocation. */ + gcry_sexp_t newsexp; + byte *newhead; + + newsexp = gcry_malloc_secure (sizeof *newsexp + + c.allocated - 1); + if (!newsexp) + { + err = gpg_err_code_from_errno (errno); + goto leave; + } + newhead = newsexp->d; + memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); + c.pos = newhead + (c.pos - c.sexp->d); + gcry_free (c.sexp); + c.sexp = newsexp; + } + + *c.pos++ = ST_DATA; + STORE_LEN (c.pos, nm); + memcpy (c.pos, mp, nm); + c.pos += nm; + } + } + else + { + if (gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &nm, m)) + BUG (); - newsexp = gcry_malloc_secure (sizeof *newsexp - + c.allocated - 1); - if (!newsexp) + MAKE_SPACE (nm); + if (!gcry_is_secure (c.sexp->d) + && gcry_mpi_get_flag ( m, GCRYMPI_FLAG_SECURE)) { - err = gpg_err_code_from_errno (errno); - goto leave; + /* We have to switch to secure allocation. */ + gcry_sexp_t newsexp; + byte *newhead; + + newsexp = gcry_malloc_secure (sizeof *newsexp + + c.allocated - 1); + if (!newsexp) + { + err = gpg_err_code_from_errno (errno); + goto leave; + } + newhead = newsexp->d; + memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); + c.pos = newhead + (c.pos - c.sexp->d); + gcry_free (c.sexp); + c.sexp = newsexp; } - newhead = newsexp->d; - memcpy (newhead, c.sexp->d, (c.pos - c.sexp->d)); - c.pos = newhead + (c.pos - c.sexp->d); - gcry_free (c.sexp); - c.sexp = newsexp; - } - *c.pos++ = ST_DATA; - STORE_LEN (c.pos, nm); - if (gcry_mpi_print (GCRYMPI_FMT_STD, c.pos, nm, &nm, m)) - BUG (); - c.pos += nm; + *c.pos++ = ST_DATA; + STORE_LEN (c.pos, nm); + if (gcry_mpi_print (GCRYMPI_FMT_STD, c.pos, nm, &nm, m)) + BUG (); + c.pos += nm; + } } else if (*p == 's') { |