* call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)

(gpgsm_agent_genkey, gpgsm_agent_istrusted) (gpgsm_agent_marktrusted, gpgsm_agent_havekey) (gpgsm_agent_passwd): Add new arg CTRL and changed all callers. (start_agent): New arg CTRL. Send progress item when starting a new agent. * sign.c (gpgsm_get_default_cert, get_default_signer): New arg CTRL to be passed down to the agent function. * decrypt.c (prepare_decryption): Ditto. * certreqgen.c (proc_parameters, read_parameters): Ditto. * certcheck.c (gpgsm_create_cms_signature): Ditto.
2025-01-17 14:07:03 +01:00 · 2004-04-26 13:29:09 +00:00 · 2004-04-26 13:29:09 +00:00 · 388218891b
commit 388218891b
parent 1101deced5
13 changed files with 90 additions and 66 deletions
--- a/1
+++ b/1
@ -11,7 +11,6 @@ We should always use valid S-Exp and not just parts.
 ** When we allow concurrent service request in gpgsm, we
 might want to have an agent context for each service request
 (i.e. Assuan context).
 ** There is no error report if GPG_AGENT_INFO has been set but the agent is not anymore running. 
 * sm/certreqgen.c
 ** Improve error reporting
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,17 @@
 2004-04-26  Werner Koch  <wk@gnupg.org>
 	* call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt) 
 	(gpgsm_agent_genkey, gpgsm_agent_istrusted) 
 	(gpgsm_agent_marktrusted, gpgsm_agent_havekey) 
 	(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
 	(start_agent): New arg CTRL.  Send progress item when starting a
 	new agent.
 	* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
 	CTRL to be passed down to the agent function.
 	* decrypt.c (prepare_decryption): Ditto.
 	* certreqgen.c (proc_parameters, read_parameters): Ditto.
 	* certcheck.c (gpgsm_create_cms_signature): Ditto.
 2004-04-23  Werner Koch  <wk@gnupg.org>
 	* keydb.c (keydb_add_resource): Try to compress the file on init.
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -65,7 +65,7 @@ struct learn_parm_s {
 /* Try to connect to the agent via socket or fork it off and work by
   pipes.  Handle the server's initial greeting */
 static int
-start_agent (void)
+start_agent (ctrl_t ctrl)
 {
  int rc = 0;
  char *infostr, *p;
@ -86,6 +86,8 @@ start_agent (void)
      if (opt.verbose)
        log_info (_("no running gpg-agent - starting one\n"));
      gpgsm_status (ctrl, STATUS_PROGRESS, "starting_agent ? 0 0");
      if (fflush (NULL))
        {
@ -126,7 +128,7 @@ start_agent (void)
          log_error (_("malformed GPG_AGENT_INFO environment variable\n"));
          xfree (infostr);
          force_pipe_server = 1;
-          return start_agent ();
+          return start_agent (ctrl);
        }
      *p++ = 0;
      pid = atoi (p);
@ -139,7 +141,7 @@ start_agent (void)
                     prot);
          xfree (infostr);
          force_pipe_server = 1;
-          return start_agent ();
+          return start_agent (ctrl);
        }
      rc = assuan_socket_connect (&ctx, infostr, pid);
@ -148,7 +150,7 @@ start_agent (void)
        {
          log_error (_("can't connect to the agent - trying fall back\n"));
          force_pipe_server = 1;
-          return start_agent ();
+          return start_agent (ctrl);
        }
    }
@ -188,7 +190,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length)
 /* Call the agent to do a sign operation using the key identified by
   the hex string KEYGRIP. */
 int
-gpgsm_agent_pksign (const char *keygrip, const char *desc,
+gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
                    unsigned char *digest, size_t digestlen, int digestalgo,
                    char **r_buf, size_t *r_buflen )
 {
@ -198,7 +200,7 @@ gpgsm_agent_pksign (const char *keygrip, const char *desc,
  size_t len;
  *r_buf = NULL;
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
@ -273,7 +275,7 @@ inq_ciphertext_cb (void *opaque, const char *keyword)
 /* Call the agent to do a decrypt operation using the key identified by
   the hex string KEYGRIP. */
 int
-gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
+gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
                       ksba_const_sexp_t ciphertext, 
                       char **r_buf, size_t *r_buflen )
 {
@ -293,7 +295,7 @@ gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
  if (!ciphertextlen)
    return gpg_error (GPG_ERR_INV_VALUE);
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
@ -371,7 +373,8 @@ inq_genkey_parms (void *opaque, const char *keyword)
 /* Call the agent to generate a newkey */
 int
-gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
+gpgsm_agent_genkey (ctrl_t ctrl,
                    ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
 {
  int rc;
  struct genkey_parm_s gk_parm;
@ -380,7 +383,7 @@ gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
  char *buf;
  *r_pubkey = NULL;
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
@ -418,13 +421,13 @@ gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey)
 /* Ask the agent whether the certificate is in the list of trusted
   keys */
 int
-gpgsm_agent_istrusted (ksba_cert_t cert)
+gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert)
 {
  int rc;
  char *fpr;
  char line[ASSUAN_LINELENGTH];
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
@ -445,13 +448,13 @@ gpgsm_agent_istrusted (ksba_cert_t cert)
 /* Ask the agent to mark CERT as a trusted Root-CA one */
 int
-gpgsm_agent_marktrusted (ksba_cert_t cert)
+gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert)
 {
  int rc;
  char *fpr, *dn;
  char line[ASSUAN_LINELENGTH];
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
@ -482,12 +485,12 @@ gpgsm_agent_marktrusted (ksba_cert_t cert)
 /* Ask the agent whether the a corresponding secret key is available
   for the given keygrip */
 int
-gpgsm_agent_havekey (const char *hexkeygrip)
+gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip)
 {
  int rc;
  char line[ASSUAN_LINELENGTH];
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
@ -572,14 +575,14 @@ learn_cb (void *opaque, const void *buffer, size_t length)
 /* Call the agent to learn about a smartcard */
 int
-gpgsm_agent_learn ()
+gpgsm_agent_learn (ctrl_t ctrl)
 {
  int rc;
  struct learn_parm_s learn_parm;
  membuf_t data;
  size_t len;
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
@ -601,12 +604,12 @@ gpgsm_agent_learn ()
   HEXKEYGRIP. If DESC is not NULL, display instead of the default
   description message. */
 int
-gpgsm_agent_passwd (const char *hexkeygrip, const char *desc)
+gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc)
 {
  int rc;
  char line[ASSUAN_LINELENGTH];
-  rc = start_agent ();
+  rc = start_agent (ctrl);
  if (rc)
    return rc;
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -666,7 +666,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
          if (rc)
            goto leave;
-          rc = gpgsm_agent_istrusted (subject_cert);
+          rc = gpgsm_agent_istrusted (ctrl, subject_cert);
          if (!rc)
            ;
          else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
@ -679,7 +679,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
                                                            GCRY_MD_SHA1);
                  log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
                  xfree (fpr);
-                  rc2 = gpgsm_agent_marktrusted (subject_cert);
+                  rc2 = gpgsm_agent_marktrusted (ctrl, subject_cert);
                  if (!rc2)
                    {
                      log_info (_("root certificate has now"
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -278,8 +278,8 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
 int
-gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
+gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
-                            char **r_sigval)
+                            gcry_md_hd_t md, int mdalgo, char **r_sigval)
 {
  int rc;
  char *grip, *desc;
@ -291,7 +291,7 @@ gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
  desc = gpgsm_format_keydesc (cert);
-  rc = gpgsm_agent_pksign (grip, desc, gcry_md_read(md, mdalgo), 
+  rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo), 
                           gcry_md_get_algo_dlen (mdalgo), mdalgo,
                           r_sigval, &siglen);
  xfree (desc);
--- a/sm/certlist.c
+++ b/sm/certlist.c
@ -245,7 +245,7 @@ gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
   available for the certificate. IS_ENCRYPT_TO sets the corresponding
   flag in the new create LISTADDR item.  */
 int
-gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
+gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                       CERTLIST *listaddr, int is_encrypt_to)
 {
  int rc;
@ -342,7 +342,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
                  p = gpgsm_get_keygrip_hexstring (cert);
                  if (p)
                    {
-                      if (!gpgsm_agent_havekey (p))
+                      if (!gpgsm_agent_havekey (ctrl, p))
                        rc = 0;
                      xfree (p);
                    }
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@ -129,9 +129,11 @@ struct reqgen_ctrl_s {
 };
-static int proc_parameters (struct para_data_s *para,
+static int proc_parameters (ctrl_t ctrl,
                            struct para_data_s *para,
                            struct reqgen_ctrl_s *outctrl);
-static int create_request (struct para_data_s *para,
+static int create_request (ctrl_t ctrl,
                           struct para_data_s *para,
                           ksba_const_sexp_t public,
                           struct reqgen_ctrl_s *outctrl);
@ -228,7 +230,7 @@ get_parameter_uint (struct para_data_s *para, enum para_name key)
 /* Read the certificate generation parameters from FP and generate
   (all) certificate requests.  */
 static int
-read_parameters (FILE *fp, ksba_writer_t writer)
+read_parameters (ctrl_t ctrl, FILE *fp, ksba_writer_t writer)
 {
  static struct {
    const char *name;
@ -285,7 +287,7 @@ read_parameters (FILE *fp, ksba_writer_t writer)
            outctrl.dryrun = 1;
          else if (!ascii_strcasecmp( keyword, "%commit"))
            {
-              rc = proc_parameters (para, &outctrl);
+              rc = proc_parameters (ctrl, para, &outctrl);
              if (rc)
                goto leave;
              any = 1;
@ -332,7 +334,7 @@ read_parameters (FILE *fp, ksba_writer_t writer)
      if (keywords[i].key == pKEYTYPE && para)
        {
-          rc = proc_parameters (para, &outctrl);
+          rc = proc_parameters (ctrl, para, &outctrl);
          if (rc)
            goto leave;
          any = 1;
@ -375,7 +377,7 @@ read_parameters (FILE *fp, ksba_writer_t writer)
    }
  else if (para)
    {
-      rc = proc_parameters (para, &outctrl);
+      rc = proc_parameters (ctrl, para, &outctrl);
      if (rc)
        goto leave;
      any = 1;
@ -414,7 +416,8 @@ has_invalid_email_chars (const char *s)
 /* Check that all required parameters are given and perform the action */
 static int
-proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
+proc_parameters (ctrl_t ctrl,
                 struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
 {
  struct para_data_s *r;
  const char *s;
@ -484,7 +487,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
  sprintf (numbuf, "%u", nbits);
  snprintf (keyparms, DIM (keyparms)-1, 
            "(6:genkey(3:rsa(5:nbits%d:%s)))", strlen (numbuf), numbuf);
-  rc = gpgsm_agent_genkey (keyparms, &public);
+  rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
  if (rc)
    {
      r = get_parameter (para, pKEYTYPE);
@ -493,7 +496,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
      return rc;
    }
-  rc = create_request (para, public, outctrl);
+  rc = create_request (ctrl, para, public, outctrl);
  xfree (public);
  return rc;
@ -503,7 +506,8 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
 /* Parameters are checked, the key pair has been created.  Now
   generate the request and write it out */
 static int
-create_request (struct para_data_s *para, ksba_const_sexp_t public,
+create_request (ctrl_t ctrl,
                struct para_data_s *para, ksba_const_sexp_t public,
                struct reqgen_ctrl_s *outctrl)
 {
  ksba_certreq_t cr;
@ -614,7 +618,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public,
          for (n=0; n < 20; n++)
            sprintf (hexgrip+n*2, "%02X", grip[n]);
-          rc = gpgsm_agent_pksign (hexgrip, NULL,
+          rc = gpgsm_agent_pksign (ctrl, hexgrip, NULL,
                                   gcry_md_read(md, GCRY_MD_SHA1), 
                                   gcry_md_get_algo_dlen (GCRY_MD_SHA1),
                                   GCRY_MD_SHA1,
@ -650,7 +654,7 @@ create_request (struct para_data_s *para, ksba_const_sexp_t public,
 /* Create a new key by reading the parameters from in_fd.  Multiple
   keys may be created */
 int
-gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
+gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp)
 {
  int rc;
  FILE *in_fp;
@ -673,7 +677,7 @@ gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
      goto leave;
    }
-  rc = read_parameters (in_fp, writer);
+  rc = read_parameters (ctrl, in_fp, writer);
  if (rc)
    {
      log_error ("error creating certificate request: %s\n",
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -54,7 +54,7 @@ struct decrypt_filter_parm_s {
 /* Decrypt the session key and fill in the parm structure.  The
   algo and the IV is expected to be already in PARM. */
 static int 
-prepare_decryption (const char *hexkeygrip, const char *desc,
+prepare_decryption (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
                    ksba_const_sexp_t enc_val,
                    struct decrypt_filter_parm_s *parm)
 {
@ -62,7 +62,7 @@ prepare_decryption (const char *hexkeygrip, const char *desc,
  size_t n, seskeylen;
  int rc;
-  rc = gpgsm_agent_pkdecrypt (hexkeygrip, desc, enc_val,
+  rc = gpgsm_agent_pkdecrypt (ctrl, hexkeygrip, desc, enc_val,
                              &seskey, &seskeylen);
  if (rc)
    {
@ -238,7 +238,7 @@ decrypt_filter (void *arg,
 /* Perform a decrypt operation.  */
 int
-gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
+gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
 {
  int rc;
  Base64Context b64reader = NULL;
@ -424,7 +424,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
                           recp);
              else
                {
-                  rc = prepare_decryption (hexkeygrip, desc, enc_val, &dfparm);
+                  rc = prepare_decryption (ctrl,
                                           hexkeygrip, desc, enc_val, &dfparm);
                  xfree (enc_val);
                  if (rc)
                    {
--- a/sm/export.c
+++ b/sm/export.c
@ -392,7 +392,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, FILE *fp)
    }
  keygrip = gpgsm_get_keygrip_hexstring (cert);
-  if (!keygrip || gpgsm_agent_havekey (keygrip))
+  if (!keygrip || gpgsm_agent_havekey (ctrl, keygrip))
    {
      /* Note, that the !keygrip case indicates a bad certificate. */
      rc = gpg_error (GPG_ERR_NO_SECKEY);
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -1496,7 +1496,7 @@ main ( int argc, char **argv)
        wrong_args ("--learn-card");
      else
        {
-          int rc = gpgsm_agent_learn ();
+          int rc = gpgsm_agent_learn (&ctrl);
          if (rc)
            log_error ("error learning card: %s\n", gpg_strerror (rc));
        }
@ -1519,7 +1519,7 @@ main ( int argc, char **argv)
          else 
            {
              char *desc = gpgsm_format_keydesc (cert);
-              rc = gpgsm_agent_passwd (grip, desc);
+              rc = gpgsm_agent_passwd (&ctrl, grip, desc);
              xfree (desc);
            }
          if (rc)
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -214,7 +214,8 @@ int gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert);
 int gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
                               gcry_md_hd_t md, int hash_algo);
 /* fixme: move create functions to another file */
-int gpgsm_create_cms_signature (ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
+int gpgsm_create_cms_signature (ctrl_t ctrl,
                                ksba_cert_t cert, gcry_md_hd_t md, int mdalgo,
                                char **r_sigval);
@ -260,7 +261,7 @@ int gpgsm_delete (ctrl_t ctrl, STRLIST names);
 int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp);
 /*-- sign.c --*/
-int gpgsm_get_default_cert (ksba_cert_t *r_cert);
+int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
 int gpgsm_sign (ctrl_t ctrl, CERTLIST signerlist,
                int data_fd, int detached, FILE *out_fp);
@ -274,20 +275,21 @@ int gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp);
 int gpgsm_genkey (ctrl_t ctrl, int in_fd, FILE *out_fp);
 /*-- call-agent.c --*/
-int gpgsm_agent_pksign (const char *keygrip, const char *desc,
+int gpgsm_agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc,
                        unsigned char *digest,
                        size_t digestlen,
                        int digestalgo,
                        char **r_buf, size_t *r_buflen);
-int gpgsm_agent_pkdecrypt (const char *keygrip, const char *desc,
+int gpgsm_agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
                           ksba_const_sexp_t ciphertext, 
                           char **r_buf, size_t *r_buflen);
-int gpgsm_agent_genkey (ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
+int gpgsm_agent_genkey (ctrl_t ctrl,
-int gpgsm_agent_istrusted (ksba_cert_t cert);
+                        ksba_const_sexp_t keyparms, ksba_sexp_t *r_pubkey);
-int gpgsm_agent_havekey (const char *hexkeygrip);
+int gpgsm_agent_istrusted (ctrl_t ctrl, ksba_cert_t cert);
-int gpgsm_agent_marktrusted (ksba_cert_t cert);
+int gpgsm_agent_havekey (ctrl_t ctrl, const char *hexkeygrip);
-int gpgsm_agent_learn (void);
+int gpgsm_agent_marktrusted (ctrl_t ctrl, ksba_cert_t cert);
-int gpgsm_agent_passwd (const char *hexkeygrip, const char *desc);
+int gpgsm_agent_learn (ctrl_t ctrl);
 int gpgsm_agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc);
 /*-- call-dirmngr.c --*/
 int gpgsm_dirmngr_isvalid (ctrl_t ctrl,
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -977,7 +977,7 @@ list_cert_chain (ctrl_t ctrl, ksba_cert_t cert, int raw_mode,
   output mode will be used intead of the standard beautified one.
 */
 static gpg_error_t
-list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp,
+list_internal_keys (ctrl_t ctrl, STRLIST names, FILE *fp,
                    unsigned int mode, int raw_mode)
 {
  KEYDB_HANDLE hd;
@ -1082,7 +1082,7 @@ list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp,
          char *p = gpgsm_get_keygrip_hexstring (cert);
          if (p)
            {
-              rc = gpgsm_agent_havekey (p);
+              rc = gpgsm_agent_havekey (ctrl, p);
              if (!rc)
                have_secret = 1;
              else if ( gpg_err_code (rc) != GPG_ERR_NO_SECKEY)
--- a/sm/sign.c
+++ b/sm/sign.c
@ -126,7 +126,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
 /* Get the default certificate which is defined as the first one our
   keyDB returns and has a secret key available. */
 int
-gpgsm_get_default_cert (ksba_cert_t *r_cert)
+gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
 {
  KEYDB_HANDLE hd;
  ksba_cert_t cert = NULL;
@ -156,7 +156,7 @@ gpgsm_get_default_cert (ksba_cert_t *r_cert)
      p = gpgsm_get_keygrip_hexstring (cert);
      if (p)
        {
-          if (!gpgsm_agent_havekey (p))
+          if (!gpgsm_agent_havekey (ctrl, p))
            {
              xfree (p);
              keydb_release (hd);
@ -180,7 +180,7 @@ gpgsm_get_default_cert (ksba_cert_t *r_cert)
 static ksba_cert_t
-get_default_signer (void)
+get_default_signer (ctrl_t ctrl)
 {
  KEYDB_SEARCH_DESC desc;
  ksba_cert_t cert = NULL;
@ -189,7 +189,7 @@ get_default_signer (void)
  if (!opt.local_user)
    {
-      rc = gpgsm_get_default_cert (&cert);
+      rc = gpgsm_get_default_cert (ctrl, &cert);
      if (rc)
        {
          if (rc != -1)
@ -365,7 +365,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
  /* If no list of signers is given, use a default one. */
  if (!signerlist)
    {
-      ksba_cert_t cert = get_default_signer ();
+      ksba_cert_t cert = get_default_signer (ctrl);
      if (!cert)
        {
          log_error ("no default signer found\n");
@ -589,7 +589,8 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
                  goto leave;
                }
-              rc = gpgsm_create_cms_signature (cl->cert, md, algo, &sigval);
+              rc = gpgsm_create_cms_signature (ctrl, cl->cert,
                                               md, algo, &sigval);
              if (rc)
                {
                  gcry_md_close (md);