2013-10-11 Niibe Yutaka <gniibe@fsij.org>
+ * src/ac.c (verify_user_0, verify_admin_00): Fix conditions.
+
* src/openpgp-do.c (gpg_do_write_prvkey): Delete keystring
information from data object of NR_DO_KEYSTRING_PW3.
+ Fix conditions.
+ (gpg_do_keygen): Likewise.
+
+ * src/openpgp.c (cmd_reset_user_password): Likewise.
2013-10-10 Niibe Yutaka <gniibe@fsij.org>
if (r1 < 0 || r2 < 0
|| (r1 == 0 && r2 == 0 && ks_pw1 != NULL
- && memcmp (KS_GET_KEYSTRING (ks_pw1),
- keystring, KEYSTRING_MD_SIZE) != 0))
+ && ((ks_pw1[0] & PW_LEN_KEYSTRING_BIT) == 0
+ || memcmp (KS_GET_KEYSTRING (ks_pw1),
+ keystring, KEYSTRING_MD_SIZE) != 0)))
{
failure:
gpg_pw_increment_err_counter (PW_ERR_PW1);
if (r1 < 0 || r2 < 0)
return -1;
else if (r1 == 0 && r2 == 0)
- if (memcmp (KS_GET_KEYSTRING (ks), keystring, KEYSTRING_MD_SIZE) != 0)
+ if ((ks[0] & PW_LEN_KEYSTRING_BIT) == 0
+ || memcmp (KS_GET_KEYSTRING (ks), keystring, KEYSTRING_MD_SIZE) != 0)
return -1;
return pw_len;
memcpy (pd->iv, iv, INITIAL_VECTOR_SIZE);
memcpy (pd->checksum_encrypted, kdi.checksum, DATA_ENCRYPTION_KEY_SIZE);
- if (ks_pw1)
+ if (ks_pw1 && ((ks_pw1_len = ks_pw1[0]) & PW_LEN_KEYSTRING_BIT))
{
- ks_pw1_len = ks_pw1[0];
+ ks_info0[0] = ks_pw1_len & PW_LEN_MASK;
+ memcpy (KS_GET_SALT (ks_info0), KS_GET_SALT (ks_pw1), SALT_SIZE);
encrypt_dek (KS_GET_KEYSTRING (ks_pw1), pd->dek_encrypted_1);
- if ((ks_pw1_len & PW_LEN_KEYSTRING_BIT))
- {
- ks_info0[0] = ks_pw1_len & PW_LEN_MASK;
- memcpy (KS_GET_SALT (ks_info0), KS_GET_SALT (ks_pw1), SALT_SIZE);
- }
}
else
{
encrypt_dek (ks, pd->dek_encrypted_1);
}
- if (ks_rc)
+ if (ks_rc && ((ks_rc_len = ks_rc[0]) & PW_LEN_KEYSTRING_BIT))
{
- ks_rc_len = ks_rc[0];
+ ks_info1[0] = ks_rc_len & PW_LEN_MASK;
+ memcpy (KS_GET_SALT (ks_info1), KS_GET_SALT (ks_rc), SALT_SIZE);
encrypt_dek (KS_GET_KEYSTRING (ks_rc), pd->dek_encrypted_2);
- if ((ks_rc_len & PW_LEN_KEYSTRING_BIT))
- {
- ks_info1[0] = ks_rc_len & PW_LEN_MASK;
- memcpy (KS_GET_SALT (ks_info1), KS_GET_SALT (ks_rc), SALT_SIZE);
- }
}
else
memset (pd->dek_encrypted_2, 0, DATA_ENCRYPTION_KEY_SIZE);
/* GnuPG expects it's ready for signing. */
/* Don't call ac_reset_pso_cds here, but load the private key */
- if (ks_pw1)
- ks = KS_GET_KEYSTRING (ks_pw1);
- else
+ if (ks_pw1 == NULL)
{
const uint8_t * pw = (const uint8_t *)OPENPGP_CARD_INITIAL_PW1;
s2k (NULL, 0, pw, strlen (OPENPGP_CARD_INITIAL_PW1), keystring);
ks = keystring;
}
+ else
+ if ((ks_pw1[0] & PW_LEN_KEYSTRING_BIT) != 0)
+ ks = KS_GET_KEYSTRING (ks_pw1);
+ else
+ {
+ GPG_ERROR ();
+ return;
+ }
gpg_do_load_prvkey (GPG_KEY_FOR_SIGNING, BY_USER, ks);
}
}
else if (r == 0)
{
- if (memcmp (KS_GET_KEYSTRING (ks_rc), old_ks, KEYSTRING_MD_SIZE) != 0)
+ if ((ks_rc[0] & PW_LEN_KEYSTRING_BIT) == 0
+ || memcmp (KS_GET_KEYSTRING (ks_rc),
+ old_ks, KEYSTRING_MD_SIZE) != 0)
goto sec_fail;
DEBUG_INFO ("done (no prvkey).\r\n");
new_ks0[0] |= PW_LEN_KEYSTRING_BIT;
projects / gnuk / gnuk.git / commitdiff