mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-02 12:01:32 +01:00
gpgsm: Cleanup of legacy variable name use.
* sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR. * sm/sign.c (gpgsm_sign): ditto. -- Initially we didn't used the gpg_error_t thingy and while migrating we sometimes used RC and ERR for tracking the error. This is pretty error prone and thus we better remove it (after 20 years).
This commit is contained in:
parent
d6f738729f
commit
3a669f175f
68
sm/encrypt.c
68
sm/encrypt.c
@ -576,9 +576,8 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
|
|||||||
int
|
int
|
||||||
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
gpg_error_t err = 0;
|
||||||
gnupg_ksba_io_t b64writer = NULL;
|
gnupg_ksba_io_t b64writer = NULL;
|
||||||
gpg_error_t err;
|
|
||||||
ksba_writer_t writer;
|
ksba_writer_t writer;
|
||||||
ksba_reader_t reader = NULL;
|
ksba_reader_t reader = NULL;
|
||||||
ksba_cms_t cms = NULL;
|
ksba_cms_t cms = NULL;
|
||||||
@ -607,7 +606,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
log_error(_("no valid recipients given\n"));
|
log_error(_("no valid recipients given\n"));
|
||||||
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
|
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
|
||||||
audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0);
|
audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0);
|
||||||
rc = gpg_error (GPG_ERR_NO_PUBKEY);
|
err = gpg_error (GPG_ERR_NO_PUBKEY);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -619,7 +618,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
if (!kh)
|
if (!kh)
|
||||||
{
|
{
|
||||||
log_error (_("failed to allocate keyDB handle\n"));
|
log_error (_("failed to allocate keyDB handle\n"));
|
||||||
rc = gpg_error (GPG_ERR_GENERAL);
|
err = gpg_error (GPG_ERR_GENERAL);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -627,29 +626,27 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
data_fp = es_fdopen_nc (data_fd, "rb");
|
data_fp = es_fdopen_nc (data_fd, "rb");
|
||||||
if (!data_fp)
|
if (!data_fp)
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
log_error ("fdopen() failed: %s\n", strerror (errno));
|
log_error ("fdopen() failed: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = ksba_reader_new (&reader);
|
err = ksba_reader_new (&reader);
|
||||||
|
if (!err)
|
||||||
|
err = ksba_reader_set_cb (reader, encrypt_cb, &encparm);
|
||||||
if (err)
|
if (err)
|
||||||
rc = err;
|
|
||||||
if (!rc)
|
|
||||||
rc = ksba_reader_set_cb (reader, encrypt_cb, &encparm);
|
|
||||||
if (rc)
|
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
encparm.fp = data_fp;
|
encparm.fp = data_fp;
|
||||||
|
|
||||||
ctrl->pem_name = "ENCRYPTED MESSAGE";
|
ctrl->pem_name = "ENCRYPTED MESSAGE";
|
||||||
rc = gnupg_ksba_create_writer
|
err = gnupg_ksba_create_writer
|
||||||
(&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
|
(&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
|
||||||
| (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
|
| (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
|
||||||
ctrl->pem_name, out_fp, &writer);
|
ctrl->pem_name, out_fp, &writer);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("can't create writer: %s\n", gpg_strerror (rc));
|
log_error ("can't create writer: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -659,17 +656,13 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
|
|
||||||
err = ksba_cms_new (&cms);
|
err = ksba_cms_new (&cms);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
|
||||||
|
|
||||||
err = ksba_cms_set_reader_writer (cms, reader, writer);
|
err = ksba_cms_set_reader_writer (cms, reader, writer);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("ksba_cms_set_reader_writer failed: %s\n",
|
log_error ("ksba_cms_set_reader_writer failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -684,7 +677,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
{
|
{
|
||||||
log_error ("ksba_cms_set_content_type failed: %s\n",
|
log_error ("ksba_cms_set_content_type failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -696,34 +688,34 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||||
opt.def_cipher_algoid,
|
opt.def_cipher_algoid,
|
||||||
gnupg_compliance_option_string (opt.compliance));
|
gnupg_compliance_option_string (opt.compliance));
|
||||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
err = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!gnupg_rng_is_compliant (opt.compliance))
|
if (!gnupg_rng_is_compliant (opt.compliance))
|
||||||
{
|
{
|
||||||
rc = gpg_error (GPG_ERR_FORBIDDEN);
|
err = gpg_error (GPG_ERR_FORBIDDEN);
|
||||||
log_error (_("%s is not compliant with %s mode\n"),
|
log_error (_("%s is not compliant with %s mode\n"),
|
||||||
"RNG",
|
"RNG",
|
||||||
gnupg_compliance_option_string (opt.compliance));
|
gnupg_compliance_option_string (opt.compliance));
|
||||||
gpgsm_status_with_error (ctrl, STATUS_ERROR,
|
gpgsm_status_with_error (ctrl, STATUS_ERROR,
|
||||||
"random-compliance", rc);
|
"random-compliance", err);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create a session key */
|
/* Create a session key */
|
||||||
dek = xtrycalloc_secure (1, sizeof *dek);
|
dek = xtrycalloc_secure (1, sizeof *dek);
|
||||||
if (!dek)
|
if (!dek)
|
||||||
rc = out_of_core ();
|
err = gpg_error_from_syserror ();
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
dek->algoid = opt.def_cipher_algoid;
|
dek->algoid = opt.def_cipher_algoid;
|
||||||
rc = init_dek (dek);
|
err = init_dek (dek);
|
||||||
}
|
}
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("failed to create the session key: %s\n",
|
log_error ("failed to create the session key: %s\n",
|
||||||
gpg_strerror (rc));
|
gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -732,7 +724,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
{
|
{
|
||||||
log_error ("ksba_cms_set_content_enc_algo failed: %s\n",
|
log_error ("ksba_cms_set_content_enc_algo failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -742,7 +733,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
encparm.buffer = xtrymalloc (encparm.bufsize);
|
encparm.buffer = xtrymalloc (encparm.bufsize);
|
||||||
if (!encparm.buffer)
|
if (!encparm.buffer)
|
||||||
{
|
{
|
||||||
rc = out_of_core ();
|
err = gpg_error_from_syserror ();
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -784,12 +775,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
xfree (curve);
|
xfree (curve);
|
||||||
curve = NULL;
|
curve = NULL;
|
||||||
|
|
||||||
rc = encrypt_dek (dek, cl->cert, pk_algo, &encval);
|
err = encrypt_dek (dek, cl->cert, pk_algo, &encval);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc);
|
audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
|
||||||
log_error ("encryption failed for recipient no. %d: %s\n",
|
log_error ("encryption failed for recipient no. %d: %s\n",
|
||||||
recpno, gpg_strerror (rc));
|
recpno, gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -799,7 +790,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
|
audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err);
|
||||||
log_error ("ksba_cms_add_recipient failed: %s\n",
|
log_error ("ksba_cms_add_recipient failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
xfree (encval);
|
xfree (encval);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
@ -811,7 +801,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
{
|
{
|
||||||
log_error ("ksba_cms_set_enc_val failed: %s\n",
|
log_error ("ksba_cms_set_enc_val failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -825,7 +814,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
log_error (_("operation forced to fail due to"
|
log_error (_("operation forced to fail due to"
|
||||||
" unfulfilled compliance rules\n"));
|
" unfulfilled compliance rules\n"));
|
||||||
gpgsm_errors_seen = 1;
|
gpgsm_errors_seen = 1;
|
||||||
rc = gpg_error (GPG_ERR_FORBIDDEN);
|
err = gpg_error (GPG_ERR_FORBIDDEN);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -837,7 +826,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("creating CMS object failed: %s\n", gpg_strerror (err));
|
log_error ("creating CMS object failed: %s\n", gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -846,15 +834,15 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
if (encparm.readerror)
|
if (encparm.readerror)
|
||||||
{
|
{
|
||||||
log_error ("error reading input: %s\n", strerror (encparm.readerror));
|
log_error ("error reading input: %s\n", strerror (encparm.readerror));
|
||||||
rc = gpg_error (gpg_err_code_from_errno (encparm.readerror));
|
err = gpg_error (gpg_err_code_from_errno (encparm.readerror));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
rc = gnupg_ksba_finish_writer (b64writer);
|
err = gnupg_ksba_finish_writer (b64writer);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("write failed: %s\n", gpg_strerror (rc));
|
log_error ("write failed: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE);
|
audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE);
|
||||||
@ -869,5 +857,5 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
xfree (dek);
|
xfree (dek);
|
||||||
es_fclose (data_fp);
|
es_fclose (data_fp);
|
||||||
xfree (encparm.buffer);
|
xfree (encparm.buffer);
|
||||||
return rc;
|
return err;
|
||||||
}
|
}
|
||||||
|
122
sm/sign.c
122
sm/sign.c
@ -624,8 +624,8 @@ int
|
|||||||
gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
||||||
int data_fd, int detached, estream_t out_fp)
|
int data_fd, int detached, estream_t out_fp)
|
||||||
{
|
{
|
||||||
int i, rc;
|
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
|
int i;
|
||||||
gnupg_ksba_io_t b64writer = NULL;
|
gnupg_ksba_io_t b64writer = NULL;
|
||||||
ksba_writer_t writer;
|
ksba_writer_t writer;
|
||||||
estream_t sig_fp = NULL; /* Used for detached signatures. */
|
estream_t sig_fp = NULL; /* Used for detached signatures. */
|
||||||
@ -648,18 +648,18 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
if (!kh)
|
if (!kh)
|
||||||
{
|
{
|
||||||
log_error (_("failed to allocate keyDB handle\n"));
|
log_error (_("failed to allocate keyDB handle\n"));
|
||||||
rc = gpg_error (GPG_ERR_GENERAL);
|
err = gpg_error (GPG_ERR_GENERAL);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!gnupg_rng_is_compliant (opt.compliance))
|
if (!gnupg_rng_is_compliant (opt.compliance))
|
||||||
{
|
{
|
||||||
rc = gpg_error (GPG_ERR_FORBIDDEN);
|
err = gpg_error (GPG_ERR_FORBIDDEN);
|
||||||
log_error (_("%s is not compliant with %s mode\n"),
|
log_error (_("%s is not compliant with %s mode\n"),
|
||||||
"RNG",
|
"RNG",
|
||||||
gnupg_compliance_option_string (opt.compliance));
|
gnupg_compliance_option_string (opt.compliance));
|
||||||
gpgsm_status_with_error (ctrl, STATUS_ERROR,
|
gpgsm_status_with_error (ctrl, STATUS_ERROR,
|
||||||
"random-compliance", rc);
|
"random-compliance", err);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -671,20 +671,20 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
if (binary_detached)
|
if (binary_detached)
|
||||||
{
|
{
|
||||||
sig_fp = es_fopenmem (0, "w+");
|
sig_fp = es_fopenmem (0, "w+");
|
||||||
rc = sig_fp? 0 : gpg_error_from_syserror ();
|
err = sig_fp? 0 : gpg_error_from_syserror ();
|
||||||
if (!rc)
|
if (!err)
|
||||||
rc = gnupg_ksba_create_writer (&b64writer, 0, NULL, sig_fp, &writer);
|
err = gnupg_ksba_create_writer (&b64writer, 0, NULL, sig_fp, &writer);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
rc = gnupg_ksba_create_writer
|
err = gnupg_ksba_create_writer
|
||||||
(&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
|
(&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
|
||||||
| (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
|
| (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
|
||||||
ctrl->pem_name, out_fp, &writer);
|
ctrl->pem_name, out_fp, &writer);
|
||||||
}
|
}
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("can't create writer: %s\n", gpg_strerror (rc));
|
log_error ("can't create writer: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -694,17 +694,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
|
|
||||||
err = ksba_cms_new (&cms);
|
err = ksba_cms_new (&cms);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
|
||||||
|
|
||||||
err = ksba_cms_set_reader_writer (cms, NULL, writer);
|
err = ksba_cms_set_reader_writer (cms, NULL, writer);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_debug ("ksba_cms_set_reader_writer failed: %s\n",
|
log_debug ("ksba_cms_set_reader_writer failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -721,7 +717,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
{
|
{
|
||||||
log_debug ("ksba_cms_set_content_type failed: %s\n",
|
log_debug ("ksba_cms_set_content_type failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -734,23 +729,23 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
log_error ("no default signer found\n");
|
log_error ("no default signer found\n");
|
||||||
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
|
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
|
||||||
get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
|
get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
|
||||||
rc = gpg_error (GPG_ERR_GENERAL);
|
err = gpg_error (GPG_ERR_GENERAL);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Although we don't check for ambiguous specification we will
|
/* Although we don't check for ambiguous specification we will
|
||||||
check that the signer's certificate is usable and valid. */
|
check that the signer's certificate is usable and valid. */
|
||||||
rc = gpgsm_cert_use_sign_p (cert, 0);
|
err = gpgsm_cert_use_sign_p (cert, 0);
|
||||||
if (!rc)
|
if (!err)
|
||||||
rc = gpgsm_validate_chain (ctrl, cert,
|
err = gpgsm_validate_chain (ctrl, cert,
|
||||||
GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL);
|
GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
char *tmpfpr;
|
char *tmpfpr;
|
||||||
|
|
||||||
tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
|
tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
|
||||||
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
|
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
|
||||||
get_inv_recpsgnr_code (rc), tmpfpr, NULL);
|
get_inv_recpsgnr_code (err), tmpfpr, NULL);
|
||||||
xfree (tmpfpr);
|
xfree (tmpfpr);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
@ -759,7 +754,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
signerlist = xtrycalloc (1, sizeof *signerlist);
|
signerlist = xtrycalloc (1, sizeof *signerlist);
|
||||||
if (!signerlist)
|
if (!signerlist)
|
||||||
{
|
{
|
||||||
rc = out_of_core ();
|
err = gpg_error_from_syserror ();
|
||||||
ksba_cert_release (cert);
|
ksba_cert_release (cert);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
@ -867,22 +862,21 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
/* Gather certificates of signers and store them in the CMS object. */
|
/* Gather certificates of signers and store them in the CMS object. */
|
||||||
for (cl=signerlist; cl; cl = cl->next)
|
for (cl=signerlist; cl; cl = cl->next)
|
||||||
{
|
{
|
||||||
rc = gpgsm_cert_use_sign_p (cl->cert, 0);
|
err = gpgsm_cert_use_sign_p (cl->cert, 0);
|
||||||
if (rc)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
err = ksba_cms_add_signer (cms, cl->cert);
|
err = ksba_cms_add_signer (cms, cl->cert);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("ksba_cms_add_signer failed: %s\n", gpg_strerror (err));
|
log_error ("ksba_cms_add_signer failed: %s\n", gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
rc = add_certificate_list (ctrl, cms, cl->cert);
|
err = add_certificate_list (ctrl, cms, cl->cert);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("failed to store list of certificates: %s\n",
|
log_error ("failed to store list of certificates: %s\n",
|
||||||
gpg_strerror(rc));
|
gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
/* Set the hash algorithm we are going to use */
|
/* Set the hash algorithm we are going to use */
|
||||||
@ -891,7 +885,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
{
|
{
|
||||||
log_debug ("ksba_cms_add_digest_algo failed: %s\n",
|
log_debug ("ksba_cms_add_digest_algo failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -913,7 +906,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
{
|
{
|
||||||
log_error (_("checking for qualified certificate failed: %s\n"),
|
log_error (_("checking for qualified certificate failed: %s\n"),
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (*buffer)
|
if (*buffer)
|
||||||
@ -921,19 +913,16 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
else
|
else
|
||||||
err = gpgsm_not_qualified_warning (ctrl, cl->cert);
|
err = gpgsm_not_qualified_warning (ctrl, cl->cert);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/* Prepare hashing (actually we are figuring out what we have set
|
/* Prepare hashing (actually we are figuring out what we have set
|
||||||
above). */
|
above). */
|
||||||
rc = gcry_md_open (&data_md, 0, 0);
|
err = gcry_md_open (&data_md, 0, 0);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("md_open failed: %s\n", gpg_strerror (rc));
|
log_error ("md_open failed: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (DBG_HASHING)
|
if (DBG_HASHING)
|
||||||
@ -945,7 +934,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
if (!algo)
|
if (!algo)
|
||||||
{
|
{
|
||||||
log_error ("unknown hash algorithm '%s'\n", algoid? algoid:"?");
|
log_error ("unknown hash algorithm '%s'\n", algoid? algoid:"?");
|
||||||
rc = gpg_error (GPG_ERR_BUG);
|
err = gpg_error (GPG_ERR_BUG);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
gcry_md_enable (data_md, algo);
|
gcry_md_enable (data_md, algo);
|
||||||
@ -970,7 +959,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
if ( !digest || !digest_len )
|
if ( !digest || !digest_len )
|
||||||
{
|
{
|
||||||
log_error ("problem getting the hash of the data\n");
|
log_error ("problem getting the hash of the data\n");
|
||||||
rc = gpg_error (GPG_ERR_BUG);
|
err = gpg_error (GPG_ERR_BUG);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
err = ksba_cms_set_message_digest (cms, signer, digest, digest_len);
|
err = ksba_cms_set_message_digest (cms, signer, digest, digest_len);
|
||||||
@ -978,7 +967,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
{
|
{
|
||||||
log_error ("ksba_cms_set_message_digest failed: %s\n",
|
log_error ("ksba_cms_set_message_digest failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -992,7 +980,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
{
|
{
|
||||||
log_error ("ksba_cms_set_signing_time failed: %s\n",
|
log_error ("ksba_cms_set_signing_time failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1034,7 +1021,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("creating CMS object failed: %s\n", gpg_strerror (err));
|
log_error ("creating CMS object failed: %s\n", gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1046,8 +1032,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
|
|
||||||
log_assert (!detached);
|
log_assert (!detached);
|
||||||
|
|
||||||
rc = hash_and_copy_data (data_fd, data_md, writer);
|
err = hash_and_copy_data (data_fd, data_md, writer);
|
||||||
if (rc)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
audit_log (ctrl->audit, AUDIT_GOT_DATA);
|
audit_log (ctrl->audit, AUDIT_GOT_DATA);
|
||||||
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
|
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
|
||||||
@ -1057,7 +1043,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
if ( !digest || !digest_len )
|
if ( !digest || !digest_len )
|
||||||
{
|
{
|
||||||
log_error ("problem getting the hash of the data\n");
|
log_error ("problem getting the hash of the data\n");
|
||||||
rc = gpg_error (GPG_ERR_BUG);
|
err = gpg_error (GPG_ERR_BUG);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
err = ksba_cms_set_message_digest (cms, signer,
|
err = ksba_cms_set_message_digest (cms, signer,
|
||||||
@ -1066,7 +1052,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
{
|
{
|
||||||
log_error ("ksba_cms_set_message_digest failed: %s\n",
|
log_error ("ksba_cms_set_message_digest failed: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1076,10 +1061,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
/* Compute the signature for all signers. */
|
/* Compute the signature for all signers. */
|
||||||
gcry_md_hd_t md;
|
gcry_md_hd_t md;
|
||||||
|
|
||||||
rc = gcry_md_open (&md, 0, 0);
|
err = gcry_md_open (&md, 0, 0);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("md_open failed: %s\n", gpg_strerror (rc));
|
log_error ("md_open failed: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
if (DBG_HASHING)
|
if (DBG_HASHING)
|
||||||
@ -1104,20 +1089,20 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = ksba_cms_hash_signed_attrs (cms, signer);
|
err = ksba_cms_hash_signed_attrs (cms, signer);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_debug ("hashing signed attrs failed: %s\n",
|
log_debug ("hashing signed attrs failed: %s\n",
|
||||||
gpg_strerror (rc));
|
gpg_strerror (err));
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = gpgsm_create_cms_signature (ctrl, cl->cert,
|
err = gpgsm_create_cms_signature (ctrl, cl->cert,
|
||||||
md, cl->hash_algo, &sigval);
|
md, cl->hash_algo, &sigval);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, rc);
|
audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err);
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
@ -1129,7 +1114,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err);
|
audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err);
|
||||||
log_error ("failed to store the signature: %s\n",
|
log_error ("failed to store the signature: %s\n",
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
rc = err;
|
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
@ -1138,11 +1122,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
fpr = gpgsm_get_fingerprint_hexstring (cl->cert, GCRY_MD_SHA1);
|
fpr = gpgsm_get_fingerprint_hexstring (cl->cert, GCRY_MD_SHA1);
|
||||||
if (!fpr)
|
if (!fpr)
|
||||||
{
|
{
|
||||||
rc = gpg_error (GPG_ERR_ENOMEM);
|
err = gpg_error (GPG_ERR_ENOMEM);
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
rc = 0;
|
|
||||||
if (opt.verbose)
|
if (opt.verbose)
|
||||||
{
|
{
|
||||||
char *pkalgostr = gpgsm_pubkey_algo_string (cl->cert, NULL);
|
char *pkalgostr = gpgsm_pubkey_algo_string (cl->cert, NULL);
|
||||||
@ -1159,9 +1142,9 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
signed_at,
|
signed_at,
|
||||||
fpr);
|
fpr);
|
||||||
if (!buf)
|
if (!buf)
|
||||||
rc = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
xfree (fpr);
|
xfree (fpr);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
gcry_md_close (md);
|
gcry_md_close (md);
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -1175,10 +1158,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
}
|
}
|
||||||
while (stopreason != KSBA_SR_READY);
|
while (stopreason != KSBA_SR_READY);
|
||||||
|
|
||||||
rc = gnupg_ksba_finish_writer (b64writer);
|
err = gnupg_ksba_finish_writer (b64writer);
|
||||||
if (rc)
|
if (err)
|
||||||
{
|
{
|
||||||
log_error ("write failed: %s\n", gpg_strerror (rc));
|
log_error ("write failed: %s\n", gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1187,13 +1170,14 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
void *blob = NULL;
|
void *blob = NULL;
|
||||||
size_t bloblen;
|
size_t bloblen;
|
||||||
|
|
||||||
rc = es_fclose_snatch (sig_fp, &blob, &bloblen);
|
err = (es_fclose_snatch (sig_fp, &blob, &bloblen)?
|
||||||
|
gpg_error_from_syserror () : 0);
|
||||||
sig_fp = NULL;
|
sig_fp = NULL;
|
||||||
if (rc)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
rc = write_detached_signature (ctrl, blob, bloblen, out_fp);
|
err = write_detached_signature (ctrl, blob, bloblen, out_fp);
|
||||||
xfree (blob);
|
xfree (blob);
|
||||||
if (rc)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1202,9 +1186,9 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
log_info ("signature created\n");
|
log_info ("signature created\n");
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
if (rc)
|
if (err)
|
||||||
log_error ("error creating signature: %s <%s>\n",
|
log_error ("error creating signature: %s <%s>\n",
|
||||||
gpg_strerror (rc), gpg_strsource (rc) );
|
gpg_strerror (err), gpg_strsource (err) );
|
||||||
if (release_signerlist)
|
if (release_signerlist)
|
||||||
gpgsm_release_certlist (signerlist);
|
gpgsm_release_certlist (signerlist);
|
||||||
xfree (curve);
|
xfree (curve);
|
||||||
@ -1213,5 +1197,5 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
keydb_release (kh);
|
keydb_release (kh);
|
||||||
gcry_md_close (data_md);
|
gcry_md_close (data_md);
|
||||||
es_fclose (sig_fp);
|
es_fclose (sig_fp);
|
||||||
return rc;
|
return err;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user