indent: Modernize g10/sign.c

--
2025-04-17 15:44:34 +02:00 · 2018-10-24 16:00:20 +02:00 · 2018-10-24 16:00:20 +02:00 · 3b88bceb4d
commit 3b88bceb4d
parent 256a280c51
1 changed files with 846 additions and 808 deletions
--- a/g10/sign.c
+++ b/g10/sign.c
@ -51,7 +51,8 @@
 static int recipient_digest_algo=0;
-/****************
+
 /*
 * Create notations and other stuff.  It is assumed that the stings in
 * STRLIST are already checked to contain only printable data and have
 * a valid NAME=VALUE format.
@ -574,7 +575,7 @@ print_status_sig_created (PKT_public_key *pk, PKT_signature *sig, int what)
 * Loop over the secret certificates in SK_LIST and build the one pass
 * signature packets.  OpenPGP says that the data should be bracket by
 * the onepass-sig and signature-packet; so we build these onepass
- * packet here in reverse order
+ * packet here in reverse order.
 */
 static int
 write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
@ -585,16 +586,16 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
  for (skcount=0, sk_rover=sk_list; sk_rover; sk_rover = sk_rover->next)
    skcount++;
-    for (; skcount; skcount--) {
+  for (; skcount; skcount--)
    {
      PKT_public_key *pk;
      PKT_onepass_sig *ops;
      PACKET pkt;
      int i, rc;
-        for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+      for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
        if (++i == skcount)
          break;
        }
      pk = sk_rover->pk;
      ops = xmalloc_clear (sizeof *ops);
@ -609,7 +610,8 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
      pkt.pkt.onepass_sig = ops;
      rc = build_packet (out, &pkt);
      free_packet (&pkt, NULL);
-        if (rc) {
+      if (rc)
        {
          log_error ("build onepass_sig packet failed: %s\n",
                     gpg_strerror (rc));
          return rc;
@ -619,6 +621,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
  return 0;
 }
 /*
 * Helper to write the plaintext (literal data) packet
 */
@ -632,7 +635,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
  if (!opt.no_literal)
    pt = setup_plaintext_name (fname, inp);
-    /* try to calculate the length of the data */
+  /* Try to calculate the length of the data. */
  if ( !iobuf_is_pipe_filename (fname) && *fname)
    {
      off_t tmpsize;
@ -643,9 +646,9 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
        log_info (_("WARNING: '%s' is an empty file\n"), fname);
      /* We can't encode the length of very large files because
-           OpenPGP uses only 32 bit for file sizes.  So if the size of
+       * OpenPGP uses only 32 bit for file sizes.  So if the size of a
-           a file is larger than 2^32 minus some bytes for packet
+       * file is larger than 2^32 minus some bytes for packet headers,
-           headers, we switch to partial length encoding. */
+       * we switch to partial length encoding. */
      if (tmpsize < (IOBUF_FILELENGTH_LIMIT - 65536))
        filesize = tmpsize;
      else
@ -661,7 +664,8 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
  else
    filesize = opt.set_filesize? opt.set_filesize : 0; /* stdin */
-    if (!opt.no_literal) {
+  if (!opt.no_literal)
    {
      PACKET pkt;
      /* Note that PT has been initialized above in no_literal mode.  */
@ -680,12 +684,14 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
      pt->buf = NULL;
      free_packet (&pkt, NULL);
    }
-    else {
+  else
    {
      byte copy_buffer[4096];
      int  bytes_copied;
      while ((bytes_copied = iobuf_read (inp, copy_buffer, 4096)) != -1)
-            if ( (rc=iobuf_write(out, copy_buffer, bytes_copied)) ) {
+        if ((rc = iobuf_write (out, copy_buffer, bytes_copied)))
          {
            log_error ("copying input to output failed: %s\n",
                       gpg_strerror (rc));
            break;
@ -697,6 +703,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
  return rc;
 }
 /*
 * Write the signatures from the SK_LIST to OUT. HASH must be a non-finalized
 * hash which will not be changes here.
@ -782,7 +789,7 @@ write_signature_packets (ctrl_t ctrl,
 }
-/****************
+/*
 * Sign the files whose names are in FILENAME.
 * If DETACHED has the value true,
 * make a detached signature.  If FILENAMES->d is NULL read from stdin
@ -805,7 +812,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
  text_filter_context_t tfx;
  progress_filter_context_t *pfx;
  encrypt_filter_context_t efx;
-    IOBUF inp = NULL, out = NULL;
+  iobuf_t inp = NULL;
  iobuf_t out = NULL;
  PACKET pkt;
  int rc = 0;
  PK_LIST pk_list = NULL;
@ -822,7 +830,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
  efx.ctrl = ctrl;
  init_packet (&pkt);
-    if( filenames ) {
+  if (filenames)
    {
      fname = filenames->d;
      multifile = !!filenames->next;
    }
@ -842,7 +851,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
    duration = parse_expire_string(opt.def_sig_expire);
  /* Note: In the old non-agent version the following call used to
-       unprotect the secret key.  This is now done on demand by the agent.  */
+   * unprotect the secret key.  This is now done on demand by the agent.  */
  if ((rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG )))
    goto leave;
@ -850,10 +859,11 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
      && (rc = build_pk_list (ctrl, remusr, &pk_list)))
    goto leave;
-    /* prepare iobufs */
+  /* Prepare iobufs. */
  if (multifile)    /* have list of filenames */
    inp = NULL;     /* we do it later */
-    else {
+  else
    {
      inp = iobuf_open(fname);
      if (inp && is_secured_file (iobuf_get_fd (inp)))
        {
@ -872,8 +882,10 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
      handle_progress (pfx, inp, fname);
    }
-    if( outfile ) {
+  if (outfile)
-        if (is_secured_filename ( outfile )) {
+    {
      if (is_secured_filename (outfile))
        {
          out = NULL;
          gpg_err_set_errno (EPERM);
        }
@ -882,7 +894,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
      if (!out)
        {
          rc = gpg_error_from_syserror ();
-	    log_error(_("can't create '%s': %s\n"), outfile, strerror(errno) );
+          log_error (_("can't create '%s': %s\n"), outfile, gpg_strerror (rc));
          goto leave;
        }
      else if (opt.verbose)
@ -890,9 +902,11 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
    }
  else if ((rc = open_outfile (-1, fname,
                               opt.armor? 1 : detached? 2 : 0, 0, &out)))
    {
      goto leave;
    }
-    /* prepare to calculate the MD over the input */
+  /* Prepare to calculate the MD over the input.  */
  if (opt.textmode && !outfile && !multifile)
    {
      memset (&tfx, 0, sizeof tfx);
@ -905,64 +919,64 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
    gcry_md_debug (mfx.md, "sign");
  /* If we're encrypting and signing, it is reasonable to pick the
-       hash algorithm to use out of the recipient key prefs.  This is
+   * hash algorithm to use out of the recipient key prefs.  This is
-       best effort only, as in a DSA2 and smartcard world there are
+   * best effort only, as in a DSA2 and smartcard world there are
-       cases where we cannot please everyone with a single hash (DSA2
+   * cases where we cannot please everyone with a single hash (DSA2
-       wants >160 and smartcards want =160).  In the future this could
+   * wants >160 and smartcards want =160).  In the future this could
-       be more complex with different hashes for each sk, but the
+   * be more complex with different hashes for each sk, but the
-       current design requires a single hash for all SKs. */
+   * current design requires a single hash for all SKs. */
  if (pk_list)
    {
      if (opt.def_digest_algo)
        {
-	    if(!opt.expert &&
+          if (!opt.expert
-	       select_algo_from_prefs(pk_list,PREFTYPE_HASH,
+              && select_algo_from_prefs (pk_list,PREFTYPE_HASH,
                                         opt.def_digest_algo,
                                         NULL) != opt.def_digest_algo)
            {
              log_info (_("WARNING: forcing digest algorithm %s (%d)"
                          " violates recipient preferences\n"),
                        gcry_md_algo_name (opt.def_digest_algo),
                        opt.def_digest_algo);
            }
        }
      else
        {
-	    int algo, smartcard=0;
+          int algo;
          int smartcard=0;
          union pref_hint hint;
          hint.digest_length = 0;
          /* Of course, if the recipient asks for something
-	       unreasonable (like the wrong hash for a DSA key) then
+           * unreasonable (like the wrong hash for a DSA key) then
-	       don't do it.  Check all sk's - if any are DSA or live
+           * don't do it.  Check all sk's - if any are DSA or live
-	       on a smartcard, then the hash has restrictions and we
+           * on a smartcard, then the hash has restrictions and we
-	       may not be able to give the recipient what they want.
+           * may not be able to give the recipient what they want.
-	       For DSA, pass a hint for the largest q we have.  Note
+           * For DSA, pass a hint for the largest q we have.  Note
-	       that this means that a q>160 key will override a q=160
+           * that this means that a q>160 key will override a q=160
-	       key and force the use of truncation for the q=160 key.
+           * key and force the use of truncation for the q=160 key.
-	       The alternative would be to ignore the recipient prefs
+           * The alternative would be to ignore the recipient prefs
-	       completely and get a different hash for each DSA key in
+           * completely and get a different hash for each DSA key in
-	       hash_for().  The override behavior here is more or less
+           * hash_for().  The override behavior here is more or less
-	       reasonable as it is under the control of the user which
+           * reasonable as it is under the control of the user which
-	       keys they sign with for a given message and the fact
+           * keys they sign with for a given message and the fact
-	       that the message with multiple signatures won't be
+           * that the message with multiple signatures won't be
-	       usable on an implementation that doesn't understand
+           * usable on an implementation that doesn't understand
-	       DSA2 anyway. */
+           * DSA2 anyway. */
          for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
            {
              if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA
                  || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
                {
-		    int temp_hashlen = (gcry_mpi_get_nbits
+                  int temp_hashlen = gcry_mpi_get_nbits (sk_rover->pk->pkey[1]);
                                        (sk_rover->pk->pkey[1]));
                  if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
                    temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen);
                  temp_hashlen = (temp_hashlen+7)/8;
-		    /* Pick a hash that is large enough for our
+                  /* Pick a hash that is large enough for our largest Q */
 		       largest q */
                  if (hint.digest_length < temp_hashlen)
                    hint.digest_length = temp_hashlen;
                }
@ -973,18 +987,19 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
            }
          /* Current smartcards only do 160-bit hashes.  If we have
-	       to have a >160-bit hash, then we can't use the
+           * to have a >160-bit hash, then we can't use the
-	       recipient prefs as we'd need both =160 and >160 at the
+           * recipient prefs as we'd need both =160 and >160 at the
-	       same time and recipient prefs currently require a
+           * same time and recipient prefs currently require a
-	       single hash for all signatures.  All this may well have
+           * single hash for all signatures.  All this may well have
-	       to change as the cards add algorithms. */
+           * to change as the cards add algorithms. */
-
+          if ((!smartcard || (smartcard && hint.digest_length==20))
-	    if (!smartcard || (smartcard && hint.digest_length==20))
+              && ((algo = select_algo_from_prefs (pk_list, PREFTYPE_HASH,
-	      if ( (algo=
+                                                  -1, &hint)) > 0))
-                   select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hint)) > 0)
+            {
              recipient_digest_algo = algo;
            }
        }
    }
  for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
    gcry_md_enable (mfx.md, hash_for (sk_rover->pk));
@ -998,7 +1013,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
  if (opt.armor && !outfile)
    push_armor_filter (afx, out);
-    if( encryptflag ) {
+  if (encryptflag)
    {
      efx.pk_list = pk_list;
      /* fixme: set efx.cfx.datalen if known */
      iobuf_push_filter (out, encrypt_filter, &efx);
@ -1012,30 +1028,34 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
      if (compr_algo==-1)
        {
          /* If we're not encrypting, then select_algo_from_prefs
-	       will fail and we'll end up with the default.  If we are
+           * will fail and we'll end up with the default.  If we are
-	       encrypting, select_algo_from_prefs cannot fail since
+           * encrypting, select_algo_from_prefs cannot fail since
-	       there is an assumed preference for uncompressed data.
+           * there is an assumed preference for uncompressed data.
-	       Still, if it did fail, we'll also end up with the
+           * Still, if it did fail, we'll also end up with the
-	       default. */
+           * default. */
-
+          if ((compr_algo = select_algo_from_prefs (pk_list, PREFTYPE_ZIP,
-	    if((compr_algo=
+                                                    -1, NULL)) == -1)
-		select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
+            {
              compr_algo = default_compress_algo();
            }
        }
      else if (!opt.expert && pk_list
               && select_algo_from_prefs (pk_list, PREFTYPE_ZIP,
 					  compr_algo, NULL) != compr_algo)
        {
          log_info (_("WARNING: forcing compression algorithm %s (%d)"
                      " violates recipient preferences\n"),
                    compress_algo_to_string (compr_algo), compr_algo);
        }
-	/* algo 0 means no compression */
+      /* Algo 0 means no compression. */
      if (compr_algo)
        push_compress_filter (out, &zfx, compr_algo);
    }
  /* Write the one-pass signature packets if needed */
-    if (!detached) {
+  if (!detached)
    {
      rc = write_onepass_sig_packets (sk_list, out,
                                      opt.textmode && !outfile ? 0x01:0x00);
      if (rc)
@ -1045,15 +1065,19 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
  write_status_begin_signing (mfx.md);
  /* Setup the inner packet. */
-    if( detached ) {
+  if (detached)
-	if( multifile ) {
+    {
      if (multifile)
        {
          strlist_t sl;
          if (opt.verbose)
            log_info (_("signing:") );
-	    /* must walk reverse trough this list */
+          /* Must walk reverse trough this list.  */
-	    for( sl = strlist_last(filenames); sl;
+          for (sl = strlist_last(filenames);
-			sl = strlist_prev( filenames, sl ) ) {
+               sl;
               sl = strlist_prev( filenames, sl))
            {
              inp = iobuf_open (sl->d);
              if (inp && is_secured_file (iobuf_get_fd (inp)))
                {
@ -1065,7 +1089,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
                {
                  rc = gpg_error_from_syserror ();
                  log_error (_("can't open '%s': %s\n"),
-			      sl->d,strerror(errno));
+                             sl->d, gpg_strerror (rc));
                  goto leave;
                }
              handle_progress (pfx, inp, sl->d);
@ -1079,28 +1103,31 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
              iobuf_push_filter (inp, md_filter, &mfx);
              while (iobuf_get (inp) != -1)
                ;
-		iobuf_close(inp); inp = NULL;
+              iobuf_close (inp);
              inp = NULL;
 	    }
          if (opt.verbose)
            log_printf ("\n");
 	}
-	else {
+      else
-	    /* read, so that the filter can calculate the digest */
+        {
          /* Read, so that the filter can calculate the digest. */
          while (iobuf_get(inp) != -1)
            ;
 	}
    }
-    else {
+  else
    {
      rc = write_plaintext_packet (out, inp, fname,
-                                     opt.textmode && !outfile ?
+                                   (opt.textmode && !outfile) ?
                                   (opt.mimemode? 'm' : 't') : 'b');
    }
-    /* catch errors from above */
+  /* Catch errors from above. */
  if (rc)
    goto leave;
-    /* write the signatures */
+  /* Write the signatures. */
  rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
                                opt.textmode && !outfile? 0x01 : 0x00,
                                0, duration, detached ? 'D':'S', NULL);
@ -1111,7 +1138,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
 leave:
  if (rc)
    iobuf_cancel (out);
-    else {
+  else
    {
      iobuf_close (out);
      if (encryptflag)
        write_status (STATUS_END_ENCRYPTION);
@ -1127,9 +1155,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
 }
-
+/*
-/****************
+ * Make a clear signature.  Note that opt.armor is not needed.
 * make a clear signature. note that opt.armor is not needed
 */
 int
 clearsign_file (ctrl_t ctrl,
@ -1138,7 +1165,8 @@ clearsign_file (ctrl_t ctrl,
  armor_filter_context_t *afx;
  progress_filter_context_t *pfx;
  gcry_md_hd_t textmd = NULL;
-    IOBUF inp = NULL, out = NULL;
+  iobuf_t inp = NULL;
  iobuf_t out = NULL;
  PACKET pkt;
  int rc = 0;
  SK_LIST sk_list = NULL;
@ -1155,11 +1183,11 @@ clearsign_file (ctrl_t ctrl,
    duration = parse_expire_string (opt.def_sig_expire);
  /* Note: In the old non-agent version the following call used to
-       unprotect the secret key.  This is now done on demand by the agent.  */
+   * unprotect the secret key.  This is now done on demand by the agent.  */
  if ((rc=build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG)))
    goto leave;
-    /* prepare iobufs */
+  /* Prepare iobufs.  */
  inp = iobuf_open (fname);
  if (inp && is_secured_file (iobuf_get_fd (inp)))
    {
@ -1167,32 +1195,39 @@ clearsign_file (ctrl_t ctrl,
      inp = NULL;
      gpg_err_set_errno (EPERM);
    }
-    if( !inp ) {
+  if (!inp)
    {
      rc = gpg_error_from_syserror ();
      log_error (_("can't open '%s': %s\n"),
-                   fname? fname: "[stdin]", strerror(errno) );
+                 fname? fname: "[stdin]", gpg_strerror (rc));
      goto leave;
    }
  handle_progress (pfx, inp, fname);
-    if( outfile ) {
+  if (outfile)
-        if (is_secured_filename (outfile) ) {
+    {
      if (is_secured_filename (outfile))
        {
          outfile = NULL;
          gpg_err_set_errno (EPERM);
        }
      else
        out = iobuf_create (outfile, 0);
      if (!out)
        {
          rc = gpg_error_from_syserror ();
-	    log_error(_("can't create '%s': %s\n"), outfile, strerror(errno) );
+          log_error (_("can't create '%s': %s\n"), outfile, gpg_strerror (rc));
          goto leave;
        }
      else if (opt.verbose)
        log_info (_("writing to '%s'\n"), outfile);
    }
  else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
    {
      goto leave;
    }
  iobuf_writestr (out, "-----BEGIN PGP SIGNED MESSAGE-----" LF);
@ -1203,12 +1238,15 @@ clearsign_file (ctrl_t ctrl,
    memset (hashs_seen, 0, sizeof hashs_seen);
    iobuf_writestr (out, "Hash: " );
-	for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+    for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
      {
        int i = hash_for (sk_rover->pk);
-	    if( !hashs_seen[ i & 0xff ] ) {
+        if (!hashs_seen[ i & 0xff ])
          {
            s = gcry_md_algo_name (i);
-		if( s ) {
+            if (s)
              {
                hashs_seen[ i & 0xff ] = 1;
                if (any)
                  iobuf_put (out, ',');
@ -1235,11 +1273,10 @@ clearsign_file (ctrl_t ctrl,
  if (DBG_HASHING)
    gcry_md_debug (textmd, "clearsign");
-    copy_clearsig_text (out, inp, textmd, !opt.not_dash_escaped,
+  copy_clearsig_text (out, inp, textmd, !opt.not_dash_escaped, opt.escape_from);
                        opt.escape_from);
  /* fixme: check for read errors */
-    /* now write the armor */
+  /* Now write the armor. */
  afx->what = 2;
  push_armor_filter (afx, out);
@ -1262,6 +1299,7 @@ clearsign_file (ctrl_t ctrl,
  return rc;
 }
 /*
 * Sign and conventionally encrypt the given file.
 * FIXME: Far too much code is duplicated - revamp the whole file.
@ -1275,7 +1313,8 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
  md_filter_context_t mfx;
  text_filter_context_t tfx;
  cipher_filter_context_t cfx;
-    IOBUF inp = NULL, out = NULL;
+  iobuf_t inp = NULL;
  iobuf_t out = NULL;
  PACKET pkt;
  STRING2KEY *s2k = NULL;
  int rc = 0;
@ -1299,12 +1338,12 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
    duration = parse_expire_string (opt.def_sig_expire);
  /* Note: In the old non-agent version the following call used to
-       unprotect the secret key.  This is now done on demand by the agent.  */
+   * unprotect the secret key.  This is now done on demand by the agent.  */
  rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG);
  if (rc)
    goto leave;
-    /* prepare iobufs */
+  /* Prepare iobufs.  */
  inp = iobuf_open (fname);
  if (inp && is_secured_file (iobuf_get_fd (inp)))
    {
@ -1312,15 +1351,16 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
      inp = NULL;
      gpg_err_set_errno (EPERM);
    }
-    if( !inp ) {
+  if (!inp)
    {
      rc = gpg_error_from_syserror ();
      log_error (_("can't open '%s': %s\n"),
-                   fname? fname: "[stdin]", strerror(errno) );
+                 fname? fname: "[stdin]", gpg_strerror (rc));
      goto leave;
    }
  handle_progress (pfx, inp, fname);
-    /* prepare key */
+  /* Prepare key.  */
  s2k = xmalloc_clear (sizeof *s2k);
  s2k->mode = opt.s2k_mode;
  s2k->hash_algo = S2K_DIGEST_ALGO;
@ -1328,7 +1368,8 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
  algo = default_cipher_algo ();
  cfx.dek = passphrase_to_dek (algo, s2k, 1, 1, NULL, &canceled);
-    if (!cfx.dek || !cfx.dek->keylen) {
+  if (!cfx.dek || !cfx.dek->keylen)
    {
      rc = gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
      log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
      goto leave;
@ -1344,12 +1385,12 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
              cfx.dek->use_aead? openpgp_aead_algo_name (cfx.dek->use_aead)
              /**/             : "CFB");
-    /* now create the outfile */
+  /* Now create the outfile.  */
  rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
  if (rc)
    goto leave;
-    /* prepare to calculate the MD over the input */
+  /* Prepare to calculate the MD over the input.  */
  if (opt.textmode)
    iobuf_push_filter (inp, text_filter, &tfx);
  if (gcry_md_open (&mfx.md, 0, 0))
@ -1370,6 +1411,7 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
  /* (current filters: armor)*/
  {
    PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
    enc->version = 4;
    enc->cipher_algo = cfx.dek->algo;
    enc->s2k = *s2k;
@ -1396,21 +1438,20 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
  /* Write the one-pass signature packets */
  /* (current filters: zip - encrypt - armor) */
-    rc = write_onepass_sig_packets (sk_list, out,
+  rc = write_onepass_sig_packets (sk_list, out, opt.textmode? 0x01:0x00);
                                    opt.textmode? 0x01:0x00);
  if (rc)
    goto leave;
  write_status_begin_signing (mfx.md);
-    /* Pipe data through all filters; i.e. write the signed stuff */
+  /* Pipe data through all filters; i.e. write the signed stuff.  */
  /* (current filters: zip - encrypt - armor) */
  rc = write_plaintext_packet (out, inp, fname,
                               opt.textmode ? (opt.mimemode?'m':'t'):'b');
  if (rc)
    goto leave;
-    /* Write the signatures */
+  /* Write the signatures.  */
  /* (current filters: zip - encrypt - armor) */
  rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
                                opt.textmode? 0x01 : 0x00,
@ -1422,7 +1463,8 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
 leave:
  if (rc)
    iobuf_cancel (out);
-    else {
+  else
    {
      iobuf_close (out);
      write_status (STATUS_END_ENCRYPTION);
    }
@ -1437,7 +1479,7 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
 }
-/****************
+/*
 * Create a v4 signature in *RET_SIG.
 *
 * PK is the primary key to sign (required for all sigs)
@ -1488,12 +1530,11 @@ make_keysig_packet (ctrl_t ctrl,
  if (!digest_algo)
    {
      /* Basically, this means use SHA1 always unless the user
-	   specified something (use whatever they said), or it's DSA
+       * specified something (use whatever they said), or it's DSA
-	   (use the best match).  They still can't pick an
+       * (use the best match).  They still can't pick an inappropriate
-	   inappropriate hash for DSA or the signature will fail.
+       * hash for DSA or the signature will fail.  Note that this
-	   Note that this still allows the caller of
+       * still allows the caller of make_keysig_packet to override the
-	   make_keysig_packet to override the user setting if it
+       * user setting if it must. */
 	   must. */
      if (opt.cert_digest_algo)
        digest_algo = opt.cert_digest_algo;
@ -1520,15 +1561,15 @@ make_keysig_packet (ctrl_t ctrl,
  if (sigclass == 0x18 || sigclass == 0x19 || sigclass == 0x28)
    {
-	/* hash the subkey binding/backsig/revocation */
+      /* Hash the subkey binding/backsig/revocation.  */
      hash_public_key (md, subpk);
    }
  else if (sigclass != 0x1F && sigclass != 0x20)
    {
-	/* hash the user id */
+      /* Hash the user id. */
      hash_uid (md, sigversion, uid);
    }
-    /* and make the signature packet */
+  /* Make the signature packet.  */
  sig = xmalloc_clear (sizeof *sig);
  sig->version = sigversion;
  sig->flags.exportable = 1;
@ -1536,10 +1577,7 @@ make_keysig_packet (ctrl_t ctrl,
  keyid_from_pk (pksk, sig->keyid);
  sig->pubkey_algo = pksk->pubkey_algo;
  sig->digest_algo = digest_algo;
-    if(timestamp)
+  sig->timestamp = timestamp? timestamp : make_timestamp ();
      sig->timestamp=timestamp;
    else
      sig->timestamp=make_timestamp();
  if (duration)
    sig->expiredate = sig->timestamp + duration;
  sig->sig_class = sigclass;
@ -1548,15 +1586,15 @@ make_keysig_packet (ctrl_t ctrl,
  mk_notation_policy_etc (sig, pk, pksk);
  /* Crucial that the call to mksubpkt comes LAST before the calls
-       to finalize the sig as that makes it possible for the mksubpkt
+   * to finalize the sig as that makes it possible for the mksubpkt
-       function to get a reliable pointer to the subpacket area. */
+   * function to get a reliable pointer to the subpacket area. */
  if (mksubpkt)
    rc = (*mksubpkt)(sig, opaque);
-    if( !rc ) {
+  if (!rc)
    {
      hash_sigversion_to_magic (md, sig);
      gcry_md_final (md);
      rc = complete_sig (ctrl, sig, pksk, md, cache_nonce);
    }
@ -1570,7 +1608,7 @@ make_keysig_packet (ctrl_t ctrl,
-/****************
+/*
 * Create a new signature packet based on an existing one.
 * Only user ID signatures are supported for now.
 * PK is the public key to work on.
@ -1615,17 +1653,17 @@ update_keysig_packet (ctrl_t ctrl,
  else
    hash_uid (md, orig_sig->version, uid);
-    /* create a new signature packet */
+  /* Create a new signature packet.  */
  sig = copy_signature (NULL, orig_sig);
  sig->digest_algo = digest_algo;
  /* We need to create a new timestamp so that new sig expiration
-       calculations are done correctly... */
+   * calculations are done correctly... */
  sig->timestamp = make_timestamp();
  /* ... but we won't make a timestamp earlier than the existing
-       one. */
+   * one. */
  {
    int tmout = 0;
    while (sig->timestamp <= orig_sig->timestamp)
@ -1641,22 +1679,22 @@ update_keysig_packet (ctrl_t ctrl,
  }
  /* Note that already expired sigs will remain expired (with a
-       duration of 1) since build-packet.c:build_sig_subpkt_from_sig
+   * duration of 1) since build-packet.c:build_sig_subpkt_from_sig
-       detects this case. */
+   * detects this case. */
  /* Put the updated timestamp into the sig.  Note that this will
-       automagically lower any sig expiration dates to correctly
+   * automagically lower any sig expiration dates to correctly
-       correspond to the differences in the timestamps (i.e. the
+   * correspond to the differences in the timestamps (i.e. the
-       duration will shrink).  */
+   * duration will shrink).  */
  build_sig_subpkt_from_sig (sig, pksk);
  if (mksubpkt)
    rc = (*mksubpkt)(sig, opaque);
-    if (!rc) {
+  if (!rc)
    {
      hash_sigversion_to_magic (md, sig);
      gcry_md_final (md);
      rc = complete_sig (ctrl, sig, pksk, md, NULL);
    }