mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-02 12:01:32 +01:00
* encrypt.c (init_dek): Check for too weak algorithms.
* import.c (parse_p12, popen_protect_tool): New. * base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM. Changed all callers. (base64_reader_cb): Handle it here. (gpgsm_reader_eof_seen): New. (base64_reader_cb): Set a flag for EOF. (simple_reader_cb): Ditto.
This commit is contained in:
parent
8b49254b97
commit
1a159fd8e3
18
sm/ChangeLog
18
sm/ChangeLog
@ -1,3 +1,21 @@
|
||||
2004-02-13 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* encrypt.c (init_dek): Check for too weak algorithms.
|
||||
|
||||
* import.c (parse_p12, popen_protect_tool): New.
|
||||
|
||||
* base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
|
||||
Changed all callers.
|
||||
(base64_reader_cb): Handle it here.
|
||||
(gpgsm_reader_eof_seen): New.
|
||||
(base64_reader_cb): Set a flag for EOF.
|
||||
(simple_reader_cb): Ditto.
|
||||
|
||||
2004-02-12 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* gpgsm.h, gpgsm.c: New option --protect-tool-program.
|
||||
* gpgsm.c (run_protect_tool): Use it.
|
||||
|
||||
2004-02-11 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this
|
||||
|
42
sm/base64.c
42
sm/base64.c
@ -48,9 +48,10 @@ struct reader_cb_parm_s {
|
||||
int have_lf;
|
||||
unsigned long line_counter;
|
||||
|
||||
int autodetect; /* try to detect the input encoding */
|
||||
int assume_pem; /* assume input encoding is PEM */
|
||||
int assume_base64; /* assume input is base64 encoded */
|
||||
int allow_multi_pem; /* Allow processing of multiple PEM objects. */
|
||||
int autodetect; /* Try to detect the input encoding. */
|
||||
int assume_pem; /* Assume input encoding is PEM. */
|
||||
int assume_base64; /* Assume input is base64 encoded. */
|
||||
|
||||
int identified;
|
||||
int is_pem;
|
||||
@ -58,6 +59,8 @@ struct reader_cb_parm_s {
|
||||
int stop_seen;
|
||||
int might_be_smime;
|
||||
|
||||
int eof_seen;
|
||||
|
||||
struct {
|
||||
int idx;
|
||||
unsigned char val;
|
||||
@ -171,6 +174,7 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
|
||||
c = getc (parm->fp);
|
||||
if (c == EOF)
|
||||
{
|
||||
parm->eof_seen = 1;
|
||||
if (ferror (parm->fp))
|
||||
return -1;
|
||||
break;
|
||||
@ -268,7 +272,22 @@ base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
|
||||
{
|
||||
parm->identified = 0;
|
||||
parm->linelen = parm->readpos = 0;
|
||||
/* let us return 0 */
|
||||
|
||||
/* If the caller want to read multiple PEM objects from one
|
||||
file, we have to reset our internal state and return a
|
||||
EOF immediately. The caller is the expected to use
|
||||
ksba_reader_clear to clear the EOF condition and continue
|
||||
to read. If we don't want to do that we just return 0
|
||||
bytes which will force the ksba_reader to skip until
|
||||
EOF. */
|
||||
if (parm->allow_multi_pem)
|
||||
{
|
||||
parm->identified = 0;
|
||||
parm->autodetect = 0;
|
||||
parm->assume_pem = 1;
|
||||
parm->stop_seen = 0;
|
||||
return -1; /* Send EOF now. */
|
||||
}
|
||||
}
|
||||
else if (parm->stop_seen)
|
||||
{ /* skip the rest of the line */
|
||||
@ -356,6 +375,7 @@ simple_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
|
||||
c = getc (parm->fp);
|
||||
if (c == EOF)
|
||||
{
|
||||
parm->eof_seen = 1;
|
||||
if ( ferror (parm->fp) )
|
||||
return -1;
|
||||
if (n)
|
||||
@ -494,10 +514,13 @@ base64_finish_write (struct writer_cb_parm_s *parm)
|
||||
The function returns a Base64Context object which must be passed to
|
||||
the gpgme_destroy_reader function. The created KsbaReader object
|
||||
is also returned, but the caller must not call the
|
||||
ksba_reader_release function on. */
|
||||
ksba_reader_release function on. If ALLOW_MULTI_PEM is true, the
|
||||
reader expects that the caller uses ksba_reader_clear after EOF
|
||||
until no more objects were found. */
|
||||
int
|
||||
gpgsm_create_reader (Base64Context *ctx,
|
||||
CTRL ctrl, FILE *fp, ksba_reader_t *r_reader)
|
||||
CTRL ctrl, FILE *fp, int allow_multi_pem,
|
||||
ksba_reader_t *r_reader)
|
||||
{
|
||||
int rc;
|
||||
ksba_reader_t r;
|
||||
@ -506,6 +529,7 @@ gpgsm_create_reader (Base64Context *ctx,
|
||||
*ctx = xtrycalloc (1, sizeof **ctx);
|
||||
if (!*ctx)
|
||||
return OUT_OF_CORE (errno);
|
||||
(*ctx)->u.rparm.allow_multi_pem = allow_multi_pem;
|
||||
|
||||
rc = ksba_reader_new (&r);
|
||||
if (rc)
|
||||
@ -546,6 +570,12 @@ gpgsm_create_reader (Base64Context *ctx,
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
gpgsm_reader_eof_seen (Base64Context ctx)
|
||||
{
|
||||
return ctx && ctx->u.rparm.eof_seen;
|
||||
}
|
||||
|
||||
void
|
||||
gpgsm_destroy_reader (Base64Context ctx)
|
||||
{
|
||||
|
@ -270,7 +270,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, &reader);
|
||||
rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("can't create reader: %s\n", gpg_strerror (rc));
|
||||
|
19
sm/encrypt.c
19
sm/encrypt.c
@ -1,5 +1,5 @@
|
||||
/* encrypt.c - Encrypt a message
|
||||
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
|
||||
* Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -75,6 +75,20 @@ init_dek (DEK dek)
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
|
||||
}
|
||||
|
||||
/* Extra check for algorithms we considere to be to weak for
|
||||
encryption, qlthough we suppor them fro decryption. Note that
|
||||
there is another check below discriminating on the key length. */
|
||||
switch (dek->algo)
|
||||
{
|
||||
case GCRY_CIPHER_DES:
|
||||
case GCRY_CIPHER_RFC2268_40:
|
||||
log_error ("cipher algorithm `%s' not allowed: too weak\n",
|
||||
gcry_cipher_algo_name (dek->algo));
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
|
||||
if (!dek->keylen || dek->keylen > sizeof (dek->key))
|
||||
return gpg_error (GPG_ERR_BUG);
|
||||
@ -83,8 +97,9 @@ init_dek (DEK dek)
|
||||
if (!dek->ivlen || dek->ivlen > sizeof (dek->iv))
|
||||
return gpg_error (GPG_ERR_BUG);
|
||||
|
||||
/* Make sure we don't use weak keys. */
|
||||
if (dek->keylen < 100/8)
|
||||
{ /* make sure we don't use weak keys */
|
||||
{
|
||||
log_error ("key length of `%s' too small\n", dek->algoid);
|
||||
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
|
||||
}
|
||||
|
15
sm/gpgsm.c
15
sm/gpgsm.c
@ -98,6 +98,7 @@ enum cmd_and_opt_values {
|
||||
oLCmessages,
|
||||
|
||||
oDirmngrProgram,
|
||||
oProtectToolProgram,
|
||||
oFakedSystemTime,
|
||||
|
||||
|
||||
@ -370,6 +371,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oLCctype, "lc-ctype", 2, "@" },
|
||||
{ oLCmessages, "lc-messages", 2, "@" },
|
||||
{ oDirmngrProgram, "dirmngr-program", 2 , "@" },
|
||||
{ oProtectToolProgram, "protect-tool-program", 2 , "@" },
|
||||
{ oFakedSystemTime, "faked-system-time", 4, "@" }, /* (epoch time) */
|
||||
|
||||
|
||||
@ -947,6 +949,9 @@ main ( int argc, char **argv)
|
||||
case oLCctype: opt.lc_ctype = xstrdup (pargs.r.ret_str); break;
|
||||
case oLCmessages: opt.lc_messages = xstrdup (pargs.r.ret_str); break;
|
||||
case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
|
||||
case oProtectToolProgram:
|
||||
opt.protect_tool_program = pargs.r.ret_str;
|
||||
break;
|
||||
|
||||
case oFakedSystemTime:
|
||||
gnupg_set_time ( (time_t)pargs.r.ret_ulong, 0);
|
||||
@ -1480,14 +1485,19 @@ open_fwrite (const char *filename)
|
||||
static void
|
||||
run_protect_tool (int argc, char **argv)
|
||||
{
|
||||
char *pgm = GNUPG_DEFAULT_PROTECT_TOOL;
|
||||
const char *pgm;
|
||||
char **av;
|
||||
int i;
|
||||
|
||||
if (!opt.protect_tool_program || !*opt.protect_tool_program)
|
||||
pgm = GNUPG_DEFAULT_PROTECT_TOOL;
|
||||
else
|
||||
pgm = opt.protect_tool_program;
|
||||
|
||||
av = xcalloc (argc+2, sizeof *av);
|
||||
av[0] = strrchr (pgm, '/');
|
||||
if (!av[0])
|
||||
av[0] = pgm;
|
||||
av[0] = xstrdup (pgm);
|
||||
for (i=1; argc; i++, argc--, argv++)
|
||||
av[i] = *argv;
|
||||
av[i] = NULL;
|
||||
@ -1495,4 +1505,3 @@ run_protect_tool (int argc, char **argv)
|
||||
log_error ("error executing `%s': %s\n", pgm, strerror (errno));
|
||||
gpgsm_exit (2);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/* gpgsm.h - Global definitions for GpgSM
|
||||
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
|
||||
* Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -54,6 +54,7 @@ struct {
|
||||
char *lc_messages;
|
||||
|
||||
const char *dirmngr_program;
|
||||
const char *protect_tool_program;
|
||||
char *outfile; /* name of output file */
|
||||
|
||||
int with_key_data;/* include raw key in the column delimted output */
|
||||
@ -176,7 +177,9 @@ char *gpgsm_get_certid (ksba_cert_t cert);
|
||||
|
||||
/*-- base64.c --*/
|
||||
int gpgsm_create_reader (Base64Context *ctx,
|
||||
ctrl_t ctrl, FILE *fp, ksba_reader_t *r_reader);
|
||||
ctrl_t ctrl, FILE *fp, int allow_multi_pem,
|
||||
ksba_reader_t *r_reader);
|
||||
int gpgsm_reader_eof_seen (Base64Context ctx);
|
||||
void gpgsm_destroy_reader (Base64Context ctx);
|
||||
int gpgsm_create_writer (Base64Context *ctx,
|
||||
ctrl_t ctrl, FILE *fp, ksba_writer_t *r_writer);
|
||||
|
320
sm/import.c
320
sm/import.c
@ -1,5 +1,5 @@
|
||||
/* import.c - Import certificates
|
||||
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
|
||||
* Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -26,6 +26,9 @@
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
#include <assert.h>
|
||||
#include <signal.h>
|
||||
#include <fcntl.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
#include "gpgsm.h"
|
||||
#include <gcrypt.h>
|
||||
@ -34,6 +37,13 @@
|
||||
#include "keydb.h"
|
||||
#include "i18n.h"
|
||||
|
||||
#ifdef _POSIX_OPEN_MAX
|
||||
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
|
||||
#else
|
||||
#define MAX_OPEN_FDS 20
|
||||
#endif
|
||||
|
||||
|
||||
struct stats_s {
|
||||
unsigned long count;
|
||||
unsigned long imported;
|
||||
@ -42,6 +52,9 @@ struct stats_s {
|
||||
};
|
||||
|
||||
|
||||
static gpg_error_t parse_p12 (ksba_reader_t reader, FILE **retfp);
|
||||
|
||||
|
||||
|
||||
static void
|
||||
print_imported_status (CTRL ctrl, ksba_cert_t cert)
|
||||
@ -208,6 +221,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
|
||||
ksba_cms_t cms = NULL;
|
||||
FILE *fp = NULL;
|
||||
ksba_content_type_t ct;
|
||||
int any = 0;
|
||||
|
||||
fp = fdopen ( dup (in_fd), "rb");
|
||||
if (!fp)
|
||||
@ -217,13 +231,21 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
rc = gpgsm_create_reader (&b64reader, ctrl, fp, &reader);
|
||||
rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("can't create reader: %s\n", gpg_strerror (rc));
|
||||
goto leave;
|
||||
}
|
||||
|
||||
|
||||
/* We need to loop here to handle multiple PEM objects in one
|
||||
file. */
|
||||
do
|
||||
{
|
||||
ksba_cms_release (cms); cms = NULL;
|
||||
ksba_cert_release (cert); cert = NULL;
|
||||
|
||||
ct = ksba_cms_identify (reader);
|
||||
if (ct == KSBA_CT_SIGNED_DATA)
|
||||
{ /* This is probably a signed-only message - import the certs */
|
||||
@ -242,7 +264,6 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
|
||||
do
|
||||
{
|
||||
rc = ksba_cms_parse (cms, &stopreason);
|
||||
@ -265,6 +286,55 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
|
||||
}
|
||||
if (!i)
|
||||
log_error ("no certificate found\n");
|
||||
else
|
||||
any = 1;
|
||||
}
|
||||
else if (ct == KSBA_CT_PKCS12)
|
||||
{ /* This seems to be a pkcs12 message. We use an external
|
||||
tool to parse the message and to store the private keys.
|
||||
We need to use a another reader here to parse the
|
||||
certificate we included in the p12 file; then we continue
|
||||
to look for other pkcs12 files (works only if they are in
|
||||
PEM format. */
|
||||
FILE *certfp;
|
||||
Base64Context b64p12rdr;
|
||||
ksba_reader_t p12rdr;
|
||||
|
||||
rc = parse_p12 (reader, &certfp);
|
||||
if (!rc)
|
||||
{
|
||||
any = 1;
|
||||
|
||||
rewind (certfp);
|
||||
rc = gpgsm_create_reader (&b64p12rdr, ctrl, certfp, 1, &p12rdr);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("can't create reader: %s\n", gpg_strerror (rc));
|
||||
fclose (certfp);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
do
|
||||
{
|
||||
ksba_cert_release (cert); cert = NULL;
|
||||
rc = ksba_cert_new (&cert);
|
||||
if (!rc)
|
||||
{
|
||||
rc = ksba_cert_read_der (cert, p12rdr);
|
||||
if (!rc)
|
||||
check_and_store (ctrl, stats, cert, 0);
|
||||
}
|
||||
ksba_reader_clear (p12rdr, NULL, NULL);
|
||||
}
|
||||
while (!rc && !gpgsm_reader_eof_seen (b64p12rdr));
|
||||
|
||||
if (gpg_err_code (rc) == GPG_ERR_EOF)
|
||||
rc = 0;
|
||||
gpgsm_destroy_reader (b64p12rdr);
|
||||
fclose (certfp);
|
||||
if (rc)
|
||||
goto leave;
|
||||
}
|
||||
}
|
||||
else if (ct == KSBA_CT_NONE)
|
||||
{ /* Failed to identify this message - assume a certificate */
|
||||
@ -278,6 +348,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
|
||||
goto leave;
|
||||
|
||||
check_and_store (ctrl, stats, cert, 0);
|
||||
any = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -285,7 +356,13 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
|
||||
rc = gpg_error (GPG_ERR_NO_DATA);
|
||||
}
|
||||
|
||||
ksba_reader_clear (reader, NULL, NULL);
|
||||
}
|
||||
while (!gpgsm_reader_eof_seen (b64reader));
|
||||
|
||||
leave:
|
||||
if (any && gpg_err_code (rc) == GPG_ERR_EOF)
|
||||
rc = 0;
|
||||
ksba_cms_release (cms);
|
||||
ksba_cert_release (cert);
|
||||
gpgsm_destroy_reader (b64reader);
|
||||
@ -345,3 +422,240 @@ gpgsm_import_files (CTRL ctrl, int nfiles, char **files,
|
||||
}
|
||||
|
||||
|
||||
/* Fork and exec the protecttool, connect the file descriptor of
|
||||
INFILE to stdin, return a new stream in STATUSFILE, write the
|
||||
output to OUTFILE and the pid of the process in PID. Returns 0 on
|
||||
success or an error code. */
|
||||
static gpg_error_t
|
||||
popen_protect_tool (const char *pgmname,
|
||||
FILE *infile, FILE *outfile, FILE **statusfile, pid_t *pid)
|
||||
{
|
||||
gpg_error_t err;
|
||||
int fd, fdout, rp[2];
|
||||
int n, i;
|
||||
|
||||
fflush (infile);
|
||||
rewind (infile);
|
||||
fd = fileno (infile);
|
||||
fdout = fileno (outfile);
|
||||
if (fd == -1 || fdout == -1)
|
||||
log_fatal ("no file descriptor for temporary file: %s\n",
|
||||
strerror (errno));
|
||||
|
||||
/* Now start the protect-tool. */
|
||||
if (pipe (rp) == -1)
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error (_("error creating a pipe: %s\n"), strerror (errno));
|
||||
return err;
|
||||
}
|
||||
|
||||
*pid = fork ();
|
||||
if (*pid == -1)
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error (_("error forking process: %s\n"), strerror (errno));
|
||||
close (rp[0]);
|
||||
close (rp[1]);
|
||||
return err;
|
||||
}
|
||||
|
||||
if (!*pid)
|
||||
{ /* Child. */
|
||||
const char *arg0;
|
||||
|
||||
arg0 = strrchr (pgmname, '/');
|
||||
if (arg0)
|
||||
arg0++;
|
||||
else
|
||||
arg0 = pgmname;
|
||||
|
||||
/* Connect the infile to stdin. */
|
||||
if (fd != 0 && dup2 (fd, 0) == -1)
|
||||
log_fatal ("dup2 stdin failed: %s\n", strerror (errno));
|
||||
|
||||
/* Connect the outfile to stdout. */
|
||||
if (fdout != 1 && dup2 (fdout, 1) == -1)
|
||||
log_fatal ("dup2 stdout failed: %s\n", strerror (errno));
|
||||
|
||||
/* Connect stderr to our pipe. */
|
||||
if (rp[1] != 2 && dup2 (rp[1], 2) == -1)
|
||||
log_fatal ("dup2 stderr failed: %s\n", strerror (errno));
|
||||
|
||||
/* Close all other files. */
|
||||
n = sysconf (_SC_OPEN_MAX);
|
||||
if (n < 0)
|
||||
n = MAX_OPEN_FDS;
|
||||
for (i=3; i < n; i++)
|
||||
close(i);
|
||||
errno = 0;
|
||||
|
||||
execlp (pgmname, arg0,
|
||||
"--homedir", opt.homedir,
|
||||
"--p12-import",
|
||||
"--store",
|
||||
"--no-fail-on-exist",
|
||||
"--",
|
||||
NULL);
|
||||
/* No way to print anything, as we have closed all streams. */
|
||||
_exit (31);
|
||||
}
|
||||
|
||||
/* Parent. */
|
||||
close (rp[1]);
|
||||
*statusfile = fdopen (rp[0], "r");
|
||||
if (!*statusfile)
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error ("can't fdopen pipe for reading: %s", strerror (errno));
|
||||
kill (*pid, SIGTERM);
|
||||
return err;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Assume that the reader is at a pkcs#12 message and try to import
|
||||
certificates from that stupid format. We will alos store secret
|
||||
keys. All of the pkcs#12 parsing and key storing is handled by the
|
||||
gpg-protect-tool, we merely have to take care of receiving the
|
||||
certificates. On success RETFP returns a temporary file with
|
||||
certificates. */
|
||||
static gpg_error_t
|
||||
parse_p12 (ksba_reader_t reader, FILE **retfp)
|
||||
{
|
||||
const char *pgmname;
|
||||
gpg_error_t err = 0, child_err = 0;
|
||||
int i, c, cont_line;
|
||||
unsigned int pos;
|
||||
FILE *tmpfp, *certfp = NULL, *fp = NULL;
|
||||
char buffer[1024];
|
||||
size_t nread;
|
||||
pid_t pid = -1;
|
||||
|
||||
if (!opt.protect_tool_program || !*opt.protect_tool_program)
|
||||
pgmname = GNUPG_DEFAULT_PROTECT_TOOL;
|
||||
else
|
||||
pgmname = opt.protect_tool_program;
|
||||
|
||||
*retfp = NULL;
|
||||
|
||||
/* To avoid an extra feeder process or doing selects and because
|
||||
gpg-protect-tool will anyway parse the entire pkcs#12 message in
|
||||
memory, we simply use tempfiles here and pass them to
|
||||
the gpg-protect-tool. */
|
||||
tmpfp = tmpfile ();
|
||||
if (!tmpfp)
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error (_("error creating temporary file: %s\n"), strerror (errno));
|
||||
goto cleanup;
|
||||
}
|
||||
while (!(err = ksba_reader_read (reader, buffer, sizeof buffer, &nread)))
|
||||
{
|
||||
if (fwrite (buffer, nread, 1, tmpfp) != 1)
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error (_("error writing to temporary file: %s\n"),
|
||||
strerror (errno));
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
if (gpg_err_code (err) == GPG_ERR_EOF)
|
||||
err = 0;
|
||||
if (err)
|
||||
{
|
||||
log_error (_("error reading input: %s\n"), gpg_strerror (err));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
certfp = tmpfile ();
|
||||
if (!certfp)
|
||||
{
|
||||
err = gpg_error_from_errno (errno);
|
||||
log_error (_("error creating temporary file: %s\n"), strerror (errno));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
err = popen_protect_tool (pgmname, tmpfp, certfp, &fp, &pid);
|
||||
if (err)
|
||||
{
|
||||
pid = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
fclose (tmpfp);
|
||||
tmpfp = NULL;
|
||||
|
||||
/* Read stderr of the protect tool. */
|
||||
pos = 0;
|
||||
cont_line = 0;
|
||||
while ((c=getc (fp)) != EOF)
|
||||
{
|
||||
/* fixme: We could here grep for status information of the
|
||||
protect tool to figure out better error codes for
|
||||
CHILD_ERR. */
|
||||
buffer[pos++] = c;
|
||||
if (pos >= 5 /*sizeof buffer - 1*/ || c == '\n')
|
||||
{
|
||||
buffer[pos - (c == '\n')] = 0;
|
||||
if (cont_line)
|
||||
log_printf ("%s", buffer);
|
||||
else
|
||||
log_info ("%s", buffer);
|
||||
pos = 0;
|
||||
cont_line = (c != '\n');
|
||||
}
|
||||
}
|
||||
|
||||
if (pos)
|
||||
{
|
||||
buffer[pos] = 0;
|
||||
if (cont_line)
|
||||
log_printf ("%s\n", buffer);
|
||||
else
|
||||
log_info ("%s\n", buffer);
|
||||
}
|
||||
|
||||
/* If we found no error in the output of the cild, setup a suitable
|
||||
error code, which will later be reset if the exit status of the
|
||||
child is 0. */
|
||||
if (!child_err)
|
||||
child_err = gpg_error (GPG_ERR_DECRYPT_FAILED);
|
||||
|
||||
|
||||
cleanup:
|
||||
if (tmpfp)
|
||||
fclose (tmpfp);
|
||||
if (fp)
|
||||
fclose (fp);
|
||||
if (pid != -1)
|
||||
{
|
||||
int status;
|
||||
|
||||
while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR)
|
||||
;
|
||||
if (i == -1)
|
||||
log_error (_("waiting for protect-tools to terminate failed: %s\n"),
|
||||
strerror (errno));
|
||||
else if (WIFEXITED (status) && WEXITSTATUS (status) == 31)
|
||||
log_error (_("error running `%s': probably not installed\n"), pgmname);
|
||||
else if (WIFEXITED (status) && WEXITSTATUS (status))
|
||||
log_error (_("error running `%s': exit status %d\n"), pgmname,
|
||||
WEXITSTATUS (status));
|
||||
else if (!WIFEXITED (status))
|
||||
log_error (_("error running `%s': terminated\n"), pgmname);
|
||||
else
|
||||
child_err = 0;
|
||||
}
|
||||
if (!err)
|
||||
err = child_err;
|
||||
if (err)
|
||||
{
|
||||
if (certfp)
|
||||
fclose (certfp);
|
||||
}
|
||||
else
|
||||
*retfp = certfp;
|
||||
return err;
|
||||
}
|
||||
|
@ -118,7 +118,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
rc = gpgsm_create_reader (&b64reader, ctrl, fp, &reader);
|
||||
rc = gpgsm_create_reader (&b64reader, ctrl, fp, 0, &reader);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("can't create reader: %s\n", gpg_strerror (rc));
|
||||
|
Loading…
x
Reference in New Issue
Block a user