1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-08 12:44:23 +01:00

sm: Use estream_t for operations.

* sm/decrypt.c (gpgsm_decrypt): Use estream for the input.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (open_read): Remove.
(main): Use open_es_fread for gpgsm_import_files.  Fix call of
gpgsm_encrypt, gpgsm_sign, gpgsm_verify and gpgsm_decrypt.
(open_es_fread): Use gnupg_check_special_filename and open_stream_nc.
* sm/gpgsm.h: Fix function declarations.
* sm/import.c (import_one): Use estream for the input.
(reimport_one, gpgsm_import, gpgsm_import_files): Likewise.
* sm/server.c (cmd_encrypt): Use open_stream_nc to get estream and
call gpgsm_encrypt with it.
(cmd_decrypt): Likewise for the call of gpgsm_decrypt.
(cmd_verify): Likewise for the call of gpgsm_verify.
(cmd_sign): Likewise for the call of gpgsm_sign.
(cmd_import): Likewise for the call of gpgsm_import.
* sm/sign.c (hash_data): Use estream for the input.
(hash_and_copy_data): Likewise.
(gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Use estream for the input.

--

GnuPG-bug-id: 6592
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-07-13 13:18:05 +09:00
parent a43d0f7d46
commit 3e1357789f
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
8 changed files with 141 additions and 154 deletions

View File

@ -1052,7 +1052,7 @@ decrypt_gcm_filter (void *arg,
/* Perform a decrypt operation. */ /* Perform a decrypt operation. */
int int
gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp)
{ {
int rc; int rc;
gnupg_ksba_io_t b64reader = NULL; gnupg_ksba_io_t b64reader = NULL;
@ -1063,7 +1063,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
ksba_stop_reason_t stopreason; ksba_stop_reason_t stopreason;
KEYDB_HANDLE kh; KEYDB_HANDLE kh;
int recp; int recp;
estream_t in_fp = NULL;
struct decrypt_filter_parm_s dfparm; struct decrypt_filter_parm_s dfparm;
memset (&dfparm, 0, sizeof dfparm); memset (&dfparm, 0, sizeof dfparm);
@ -1078,14 +1077,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
goto leave; goto leave;
} }
in_fp = es_fdopen_nc (in_fd, "rb");
if (!in_fp)
{
rc = gpg_error_from_syserror ();
log_error ("fdopen() failed: %s\n", strerror (errno));
goto leave;
}
rc = gnupg_ksba_create_reader rc = gnupg_ksba_create_reader
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0) (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0) | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
@ -1516,7 +1507,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
gnupg_ksba_destroy_reader (b64reader); gnupg_ksba_destroy_reader (b64reader);
gnupg_ksba_destroy_writer (b64writer); gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh); keydb_release (kh);
es_fclose (in_fp);
if (dfparm.hd) if (dfparm.hd)
gcry_cipher_close (dfparm.hd); gcry_cipher_close (dfparm.hd);
return rc; return rc;

View File

@ -574,7 +574,8 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
recipients are take from the certificate given in recplist; if this recipients are take from the certificate given in recplist; if this
is NULL it will be encrypted for a default recipient */ is NULL it will be encrypted for a default recipient */
int int
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, estream_t data_fp,
estream_t out_fp)
{ {
int rc = 0; int rc = 0;
gnupg_ksba_io_t b64writer = NULL; gnupg_ksba_io_t b64writer = NULL;
@ -587,7 +588,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
struct encrypt_cb_parm_s encparm; struct encrypt_cb_parm_s encparm;
DEK dek = NULL; DEK dek = NULL;
int recpno; int recpno;
estream_t data_fp = NULL;
certlist_t cl; certlist_t cl;
int count; int count;
int compliant; int compliant;
@ -623,15 +623,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
goto leave; goto leave;
} }
/* Fixme: We should use the unlocked version of the es functions. */
data_fp = es_fdopen_nc (data_fd, "rb");
if (!data_fp)
{
rc = gpg_error_from_syserror ();
log_error ("fdopen() failed: %s\n", strerror (errno));
goto leave;
}
err = ksba_reader_new (&reader); err = ksba_reader_new (&reader);
if (err) if (err)
rc = err; rc = err;
@ -863,7 +854,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
ksba_reader_release (reader); ksba_reader_release (reader);
keydb_release (kh); keydb_release (kh);
xfree (dek); xfree (dek);
es_fclose (data_fp);
xfree (encparm.buffer); xfree (encparm.buffer);
return rc; return rc;
} }

View File

@ -535,7 +535,6 @@ static void set_cmd (enum cmd_and_opt_values *ret_cmd,
enum cmd_and_opt_values new_cmd ); enum cmd_and_opt_values new_cmd );
static void emergency_cleanup (void); static void emergency_cleanup (void);
static int open_read (const char *filename);
static estream_t open_es_fread (const char *filename, const char *mode); static estream_t open_es_fread (const char *filename, const char *mode);
static estream_t open_es_fwrite (const char *filename); static estream_t open_es_fwrite (const char *filename);
static void run_protect_tool (int argc, char **argv); static void run_protect_tool (int argc, char **argv);
@ -1778,7 +1777,7 @@ main ( int argc, char **argv)
{ {
log_info (_("importing common certificates '%s'\n"), log_info (_("importing common certificates '%s'\n"),
filelist[0]); filelist[0]);
gpgsm_import_files (&ctrl, 1, filelist, open_read); gpgsm_import_files (&ctrl, 1, filelist, open_es_fread);
} }
xfree (filelist[0]); xfree (filelist[0]);
} }
@ -1916,9 +1915,20 @@ main ( int argc, char **argv)
set_binary (stdin); set_binary (stdin);
if (!argc) /* Source is stdin. */ if (!argc) /* Source is stdin. */
err = gpgsm_encrypt (&ctrl, recplist, 0, fp); err = gpgsm_encrypt (&ctrl, recplist, es_stdin, fp);
else if (argc == 1) /* Source is the given file. */ else if (argc == 1) /* Source is the given file. */
err = gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp); {
estream_t data_fp = es_fopen (*argv, "rb");
if (!data_fp)
{
log_error (_("can't open '%s': %s\n"), *argv,
strerror (errno));
gpgsm_exit (2);
}
err = gpgsm_encrypt (&ctrl, recplist, data_fp, fp);
es_fclose (data_fp);
}
else else
wrong_args ("--encrypt [datafile]"); wrong_args ("--encrypt [datafile]");
@ -1939,8 +1949,18 @@ main ( int argc, char **argv)
if (!argc) /* Create from stdin. */ if (!argc) /* Create from stdin. */
err = gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp); err = gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
else if (argc == 1) /* From file. */ else if (argc == 1) /* From file. */
err = gpgsm_sign (&ctrl, signerlist, {
open_read (*argv), detached_sig, fp); estream_t data_fp = es_fopen (*argv, "rb");
if (!data_fp)
{
log_error (_("can't open '%s': %s\n"), *argv,
strerror (errno));
gpgsm_exit (2);
}
err = gpgsm_sign (&ctrl, signerlist, data_fp, detached_sig, fp);
es_fclose (data_fp);
}
else else
wrong_args ("--sign [datafile]"); wrong_args ("--sign [datafile]");
@ -1983,11 +2003,29 @@ main ( int argc, char **argv)
if (!argc) if (!argc)
gpgsm_verify (&ctrl, 0, NULL, fp); /* normal signature from stdin */ gpgsm_verify (&ctrl, 0, NULL, fp); /* normal signature from stdin */
else if (argc == 1) else if (argc == 1)
gpgsm_verify (&ctrl, open_read (*argv), NULL, fp); /* std signature */ {
estream_t in_fp = es_fopen (*argv, "rb");
if (!in_fp)
{
log_error (_("can't open '%s': %s\n"), *argv,
strerror (errno));
gpgsm_exit (2);
}
gpgsm_verify (&ctrl, in_fp, NULL, fp); /* std signature */
es_fclose (in_fp);
}
else if (argc == 2) /* detached signature (sig, detached) */ else if (argc == 2) /* detached signature (sig, detached) */
{ {
estream_t in_fp = es_fopen (*argv, "rb");
estream_t data_fp = es_fopen (argv[1], "rb"); estream_t data_fp = es_fopen (argv[1], "rb");
if (!in_fp)
{
log_error (_("can't open '%s': %s\n"), *argv,
strerror (errno));
gpgsm_exit (2);
}
if (!data_fp) if (!data_fp)
{ {
log_error (_("can't open '%s': %s\n"), argv[1], log_error (_("can't open '%s': %s\n"), argv[1],
@ -1995,7 +2033,8 @@ main ( int argc, char **argv)
gpgsm_exit (2); gpgsm_exit (2);
} }
gpgsm_verify (&ctrl, open_read (*argv), data_fp, NULL); gpgsm_verify (&ctrl, in_fp, data_fp, NULL);
es_fclose (in_fp);
es_fclose (data_fp); es_fclose (data_fp);
} }
else else
@ -2013,7 +2052,17 @@ main ( int argc, char **argv)
if (!argc) if (!argc)
err = gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */ err = gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
else if (argc == 1) else if (argc == 1)
err = gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */ {
estream_t data_fp = es_fopen (*argv, "rb");
if (!data_fp)
{
log_error (_("can't open '%s': %s\n"), *argv,
strerror (errno));
gpgsm_exit (2);
}
err = gpgsm_decrypt (&ctrl, data_fp, fp); /* from file */
es_fclose (data_fp);
}
else else
wrong_args ("--decrypt [filename]"); wrong_args ("--decrypt [filename]");
@ -2104,7 +2153,7 @@ main ( int argc, char **argv)
case aImport: case aImport:
gpgsm_import_files (&ctrl, argc, argv, open_read); gpgsm_import_files (&ctrl, argc, argv, open_es_fread);
break; break;
case aExport: case aExport:
@ -2305,46 +2354,20 @@ gpgsm_parse_validation_model (const char *model)
} }
/* Open the FILENAME for read and return the file descriptor. Stop
with an error message in case of problems. "-" denotes stdin and
if special filenames are allowed the given fd is opened instead. */
static int
open_read (const char *filename)
{
int fd;
if (filename[0] == '-' && !filename[1])
{
set_binary (stdin);
return 0; /* stdin */
}
fd = check_special_filename (filename, 0, 0);
if (fd != -1)
return fd;
fd = gnupg_open (filename, O_RDONLY | O_BINARY, 0);
if (fd == -1)
{
log_error (_("can't open '%s': %s\n"), filename, strerror (errno));
gpgsm_exit (2);
}
return fd;
}
/* Same as open_read but return an estream_t. */ /* Same as open_read but return an estream_t. */
static estream_t static estream_t
open_es_fread (const char *filename, const char *mode) open_es_fread (const char *filename, const char *mode)
{ {
int fd; gnupg_fd_t fd;
estream_t fp; estream_t fp;
if (filename[0] == '-' && !filename[1]) if (filename[0] == '-' && !filename[1])
fd = fileno (stdin); fd = fileno (stdin);
else else
fd = check_special_filename (filename, 0, 0); fd = gnupg_check_special_filename (filename);
if (fd != -1) if (fd != GNUPG_INVALID_FD)
{ {
fp = es_fdopen_nc (fd, mode); fp = open_stream_nc (fd, mode);
if (!fp) if (!fp)
{ {
log_error ("es_fdopen(%d) failed: %s\n", fd, strerror (errno)); log_error ("es_fdopen(%d) failed: %s\n", fd, strerror (errno));

View File

@ -426,9 +426,9 @@ gpg_error_t gpgsm_show_certs (ctrl_t ctrl, int nfiles, char **files,
estream_t fp); estream_t fp);
/*-- import.c --*/ /*-- import.c --*/
int gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode); int gpgsm_import (ctrl_t ctrl, estream_t in_fp, int reimport_mode);
int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files, int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
int (*of)(const char *fname)); estream_t (*of)(const char *fname, const char *mode));
/*-- export.c --*/ /*-- export.c --*/
void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream); void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream);
@ -439,23 +439,24 @@ void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream,
int gpgsm_delete (ctrl_t ctrl, strlist_t names); int gpgsm_delete (ctrl_t ctrl, strlist_t names);
/*-- verify.c --*/ /*-- verify.c --*/
int gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp); int gpgsm_verify (ctrl_t ctrl, estream_t in_fp, estream_t data_fp,
estream_t out_fp);
/*-- sign.c --*/ /*-- sign.c --*/
int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert); int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
int data_fd, int detached, estream_t out_fp); estream_t data_fp, int detached, estream_t out_fp);
/*-- encrypt.c --*/ /*-- encrypt.c --*/
int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist,
int in_fd, estream_t out_fp); estream_t in_fp, estream_t out_fp);
/*-- decrypt.c --*/ /*-- decrypt.c --*/
gpg_error_t ecdh_derive_kek (unsigned char *key, unsigned int keylen, gpg_error_t ecdh_derive_kek (unsigned char *key, unsigned int keylen,
int hash_algo, const char *wrap_algo_str, int hash_algo, const char *wrap_algo_str,
const void *secret, unsigned int secretlen, const void *secret, unsigned int secretlen,
const void *ukm, unsigned int ukmlen); const void *ukm, unsigned int ukmlen);
int gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp); int gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp);
/*-- certreqgen.c --*/ /*-- certreqgen.c --*/
int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, estream_t out_stream); int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, estream_t out_stream);

View File

@ -269,25 +269,16 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
static int static int
import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd) import_one (ctrl_t ctrl, struct stats_s *stats, estream_t fp)
{ {
int rc; int rc;
gnupg_ksba_io_t b64reader = NULL; gnupg_ksba_io_t b64reader = NULL;
ksba_reader_t reader; ksba_reader_t reader;
ksba_cert_t cert = NULL; ksba_cert_t cert = NULL;
ksba_cms_t cms = NULL; ksba_cms_t cms = NULL;
estream_t fp = NULL;
ksba_content_type_t ct; ksba_content_type_t ct;
int any = 0; int any = 0;
fp = es_fdopen_nc (in_fd, "rb");
if (!fp)
{
rc = gpg_error_from_syserror ();
log_error ("fdopen() failed: %s\n", strerror (errno));
goto leave;
}
rc = gnupg_ksba_create_reader rc = gnupg_ksba_create_reader
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0) (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0) | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
@ -388,7 +379,6 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
ksba_cms_release (cms); ksba_cms_release (cms);
ksba_cert_release (cert); ksba_cert_release (cert);
gnupg_ksba_destroy_reader (b64reader); gnupg_ksba_destroy_reader (b64reader);
es_fclose (fp);
return rc; return rc;
} }
@ -398,10 +388,9 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
fingerprints t re-import. The actual re-import is done by clearing fingerprints t re-import. The actual re-import is done by clearing
the ephemeral flag. */ the ephemeral flag. */
static int static int
reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd) reimport_one (ctrl_t ctrl, struct stats_s *stats, estream_t fp)
{ {
gpg_error_t err = 0; gpg_error_t err = 0;
estream_t fp = NULL;
char line[100]; /* Sufficient for a fingerprint. */ char line[100]; /* Sufficient for a fingerprint. */
KEYDB_HANDLE kh; KEYDB_HANDLE kh;
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
@ -417,14 +406,6 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
} }
keydb_set_ephemeral (kh, 1); keydb_set_ephemeral (kh, 1);
fp = es_fdopen_nc (in_fd, "r");
if (!fp)
{
err = gpg_error_from_syserror ();
log_error ("es_fdopen(%d) failed: %s\n", in_fd, gpg_strerror (err));
goto leave;
}
while (es_fgets (line, DIM(line)-1, fp) ) while (es_fgets (line, DIM(line)-1, fp) )
{ {
if (*line && line[strlen(line)-1] != '\n') if (*line && line[strlen(line)-1] != '\n')
@ -500,30 +481,29 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
if (es_ferror (fp)) if (es_ferror (fp))
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
log_error ("error reading fd %d: %s\n", in_fd, gpg_strerror (err)); log_error ("error reading fp %p: %s\n", fp, gpg_strerror (err));
goto leave; goto leave;
} }
leave: leave:
ksba_cert_release (cert); ksba_cert_release (cert);
keydb_release (kh); keydb_release (kh);
es_fclose (fp);
return err; return err;
} }
int int
gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode) gpgsm_import (ctrl_t ctrl, estream_t in_fp, int reimport_mode)
{ {
int rc; int rc;
struct stats_s stats; struct stats_s stats;
memset (&stats, 0, sizeof stats); memset (&stats, 0, sizeof stats);
if (reimport_mode) if (reimport_mode)
rc = reimport_one (ctrl, &stats, in_fd); rc = reimport_one (ctrl, &stats, in_fp);
else else
rc = import_one (ctrl, &stats, in_fd); rc = import_one (ctrl, &stats, in_fp);
print_imported_summary (ctrl, &stats); print_imported_summary (ctrl, &stats);
/* If we never printed an error message do it now so that a command /* If we never printed an error message do it now so that a command
line invocation will return with an error (log_error keeps a line invocation will return with an error (log_error keeps a
@ -536,7 +516,7 @@ gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode)
int int
gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files, gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
int (*of)(const char *fname)) estream_t (*of)(const char *fname, const char *mode))
{ {
int rc = 0; int rc = 0;
struct stats_s stats; struct stats_s stats;
@ -549,9 +529,9 @@ gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
{ {
for (; nfiles && !rc ; nfiles--, files++) for (; nfiles && !rc ; nfiles--, files++)
{ {
int fd = of (*files); estream_t fp = of (*files, "r");
rc = import_one (ctrl, &stats, fd); rc = import_one (ctrl, &stats, fp);
close (fd); es_fclose (fp);
if (rc == -1/* legacy*/ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND) if (rc == -1/* legacy*/ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
rc = 0; rc = 0;
} }

View File

@ -451,20 +451,25 @@ cmd_encrypt (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
certlist_t cl; certlist_t cl;
int inp_fd; gnupg_fd_t inp_fd;
gnupg_fd_t out_fd; gnupg_fd_t out_fd;
estream_t inp_fp;
estream_t out_fp; estream_t out_fp;
int rc; int rc;
(void)line; (void)line;
inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0); inp_fd = assuan_get_input_fd (ctx);
if (inp_fd == -1) if (inp_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL); return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
out_fd = assuan_get_output_fd (ctx); out_fd = assuan_get_output_fd (ctx);
if (out_fd == GNUPG_INVALID_FD) if (out_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL); return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
inp_fp = open_stream_nc (inp_fd, "r");
if (!inp_fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
out_fp = open_stream_nc (out_fd, "w"); out_fp = open_stream_nc (out_fd, "w");
if (!out_fp) if (!out_fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed"); return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
@ -484,7 +489,8 @@ cmd_encrypt (assuan_context_t ctx, char *line)
if (!rc) if (!rc)
rc = gpgsm_encrypt (assuan_get_pointer (ctx), rc = gpgsm_encrypt (assuan_get_pointer (ctx),
ctrl->server_local->recplist, ctrl->server_local->recplist,
inp_fd, out_fp); inp_fp, out_fp);
es_fclose (inp_fp);
es_fclose (out_fp); es_fclose (out_fp);
gpgsm_release_certlist (ctrl->server_local->recplist); gpgsm_release_certlist (ctrl->server_local->recplist);
@ -509,27 +515,33 @@ static gpg_error_t
cmd_decrypt (assuan_context_t ctx, char *line) cmd_decrypt (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
int inp_fd; gnupg_fd_t inp_fd;
gnupg_fd_t out_fd; gnupg_fd_t out_fd;
estream_t inp_fp;
estream_t out_fp; estream_t out_fp;
int rc; int rc;
(void)line; (void)line;
inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0); inp_fd = assuan_get_input_fd (ctx);
if (inp_fd == -1) if (inp_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL); return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
out_fd = assuan_get_output_fd (ctx); out_fd = assuan_get_output_fd (ctx);
if (out_fd == GNUPG_INVALID_FD) if (out_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL); return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
inp_fp = open_stream_nc (inp_fd, "r");
if (!inp_fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
out_fp = open_stream_nc (out_fd, "w"); out_fp = open_stream_nc (out_fd, "w");
if (!out_fp) if (!out_fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed"); return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
rc = start_audit_session (ctrl); rc = start_audit_session (ctrl);
if (!rc) if (!rc)
rc = gpgsm_decrypt (ctrl, inp_fd, out_fp); rc = gpgsm_decrypt (ctrl, inp_fp, out_fp);
es_fclose (inp_fp);
es_fclose (out_fp); es_fclose (out_fp);
/* Close and reset the fds. */ /* Close and reset the fds. */
@ -555,15 +567,20 @@ cmd_verify (assuan_context_t ctx, char *line)
{ {
int rc; int rc;
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0); gnupg_fd_t fd = assuan_get_input_fd (ctx);
gnupg_fd_t out_fd = assuan_get_output_fd (ctx); gnupg_fd_t out_fd = assuan_get_output_fd (ctx);
estream_t fp = NULL;
estream_t out_fp = NULL; estream_t out_fp = NULL;
(void)line; (void)line;
if (fd == -1) if (fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL); return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
fp = open_stream_nc (fd, "r");
if (!fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
if (out_fd != GNUPG_INVALID_FD) if (out_fd != GNUPG_INVALID_FD)
{ {
out_fp = open_stream_nc (out_fd, "w"); out_fp = open_stream_nc (out_fd, "w");
@ -573,8 +590,9 @@ cmd_verify (assuan_context_t ctx, char *line)
rc = start_audit_session (ctrl); rc = start_audit_session (ctrl);
if (!rc) if (!rc)
rc = gpgsm_verify (assuan_get_pointer (ctx), fd, rc = gpgsm_verify (assuan_get_pointer (ctx), fp,
ctrl->server_local->message_fp, out_fp); ctrl->server_local->message_fp, out_fp);
es_fclose (fp);
es_fclose (out_fp); es_fclose (out_fp);
/* Close and reset the fp and the fd. */ /* Close and reset the fp and the fd. */
@ -596,14 +614,15 @@ static gpg_error_t
cmd_sign (assuan_context_t ctx, char *line) cmd_sign (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
int inp_fd; gnupg_fd_t inp_fd;
gnupg_fd_t out_fd; gnupg_fd_t out_fd;
estream_t inp_fp;
estream_t out_fp; estream_t out_fp;
int detached; int detached;
int rc; int rc;
inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0); inp_fd = assuan_get_input_fd (ctx);
if (inp_fd == -1) if (inp_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL); return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
out_fd = assuan_get_output_fd (ctx); out_fd = assuan_get_output_fd (ctx);
if (out_fd == GNUPG_INVALID_FD) if (out_fd == GNUPG_INVALID_FD)
@ -611,6 +630,10 @@ cmd_sign (assuan_context_t ctx, char *line)
detached = has_option (line, "--detached"); detached = has_option (line, "--detached");
inp_fp = open_stream_nc (inp_fd, "r");
if (!inp_fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
out_fp = open_stream_nc (out_fd, "w"); out_fp = open_stream_nc (out_fd, "w");
if (!out_fp) if (!out_fp)
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed"); return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
@ -618,7 +641,8 @@ cmd_sign (assuan_context_t ctx, char *line)
rc = start_audit_session (ctrl); rc = start_audit_session (ctrl);
if (!rc) if (!rc)
rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist, rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist,
inp_fd, detached, out_fp); inp_fp, detached, out_fp);
es_fclose (inp_fp);
es_fclose (out_fp); es_fclose (out_fp);
/* close and reset the fp and the fds */ /* close and reset the fp and the fds */
@ -647,15 +671,21 @@ cmd_import (assuan_context_t ctx, char *line)
{ {
ctrl_t ctrl = assuan_get_pointer (ctx); ctrl_t ctrl = assuan_get_pointer (ctx);
int rc; int rc;
int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0); gnupg_fd_t fd = assuan_get_input_fd (ctx);
int reimport = has_option (line, "--re-import"); int reimport = has_option (line, "--re-import");
estream_t fp;
(void)line; (void)line;
if (fd == -1) if (fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL); return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
rc = gpgsm_import (assuan_get_pointer (ctx), fd, reimport); fp = open_stream_nc (fd, "rb");
if (!fp)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
rc = gpgsm_import (assuan_get_pointer (ctx), fp, reimport);
es_fclose (fp);
/* close and reset the fp and the fds */ /* close and reset the fp and the fds */
close_message_fp (ctrl); close_message_fp (ctrl);

View File

@ -40,20 +40,12 @@
/* Hash the data and return if something was hashed. Return -1 on error. */ /* Hash the data and return if something was hashed. Return -1 on error. */
static int static int
hash_data (int fd, gcry_md_hd_t md) hash_data (estream_t fp, gcry_md_hd_t md)
{ {
estream_t fp;
char buffer[4096]; char buffer[4096];
int nread; int nread;
int rc = 0; int rc = 0;
fp = es_fdopen_nc (fd, "rb");
if (!fp)
{
log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
return -1;
}
do do
{ {
nread = es_fread (buffer, 1, DIM(buffer), fp); nread = es_fread (buffer, 1, DIM(buffer), fp);
@ -62,32 +54,22 @@ hash_data (int fd, gcry_md_hd_t md)
while (nread); while (nread);
if (es_ferror (fp)) if (es_ferror (fp))
{ {
log_error ("read error on fd %d: %s\n", fd, strerror (errno)); log_error ("read error on fd %p: %s\n", fp, strerror (errno));
rc = -1; rc = -1;
} }
es_fclose (fp);
return rc; return rc;
} }
static int static int
hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer) hash_and_copy_data (estream_t fp, gcry_md_hd_t md, ksba_writer_t writer)
{ {
gpg_error_t err; gpg_error_t err;
estream_t fp;
char buffer[4096]; char buffer[4096];
int nread; int nread;
int rc = 0; int rc = 0;
int any = 0; int any = 0;
fp = es_fdopen_nc (fd, "rb");
if (!fp)
{
gpg_error_t tmperr = gpg_error_from_syserror ();
log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
return tmperr;
}
do do
{ {
nread = es_fread (buffer, 1, DIM(buffer), fp); nread = es_fread (buffer, 1, DIM(buffer), fp);
@ -107,9 +89,9 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
if (es_ferror (fp)) if (es_ferror (fp))
{ {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
log_error ("read error on fd %d: %s\n", fd, strerror (errno)); log_error ("read error on fp %p: %s\n", fp, strerror (errno));
} }
es_fclose (fp);
if (!any) if (!any)
{ {
/* We can't allow signing an empty message because it does not /* We can't allow signing an empty message because it does not
@ -622,7 +604,7 @@ write_detached_signature (ctrl_t ctrl, const void *blob, size_t bloblen,
be used if the value of this argument is NULL. */ be used if the value of this argument is NULL. */
int int
gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
int data_fd, int detached, estream_t out_fp) estream_t data_fp, int detached, estream_t out_fp)
{ {
int i, rc; int i, rc;
gpg_error_t err; gpg_error_t err;
@ -959,7 +941,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
unsigned char *digest; unsigned char *digest;
size_t digest_len; size_t digest_len;
if (!hash_data (data_fd, data_md)) if (!hash_data (data_fp, data_md))
audit_log (ctrl->audit, AUDIT_GOT_DATA); audit_log (ctrl->audit, AUDIT_GOT_DATA);
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
{ {
@ -1044,7 +1026,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
log_assert (!detached); log_assert (!detached);
rc = hash_and_copy_data (data_fd, data_md, writer); rc = hash_and_copy_data (data_fp, data_md, writer);
if (rc) if (rc)
goto leave; goto leave;
audit_log (ctrl->audit, AUDIT_GOT_DATA); audit_log (ctrl->audit, AUDIT_GOT_DATA);

View File

@ -80,7 +80,8 @@ hash_data (estream_t fp, gcry_md_hd_t md)
must be different than NULL. With OUT_FP given and a non-detached must be different than NULL. With OUT_FP given and a non-detached
signature, the signed material is written to that stream. */ signature, the signed material is written to that stream. */
int int
gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp) gpgsm_verify (ctrl_t ctrl, estream_t in_fp, estream_t data_fp,
estream_t out_fp)
{ {
int i, rc; int i, rc;
gnupg_ksba_io_t b64reader = NULL; gnupg_ksba_io_t b64reader = NULL;
@ -96,7 +97,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp)
const char *algoid; const char *algoid;
int algo; int algo;
int is_detached, maybe_detached; int is_detached, maybe_detached;
estream_t in_fp = NULL;
char *p; char *p;
audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY); audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
@ -115,14 +115,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp)
} }
in_fp = es_fdopen_nc (in_fd, "rb");
if (!in_fp)
{
rc = gpg_error_from_syserror ();
log_error ("fdopen() failed: %s\n", strerror (errno));
goto leave;
}
rc = gnupg_ksba_create_reader rc = gnupg_ksba_create_reader
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0) (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0) | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
@ -738,7 +730,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp)
gnupg_ksba_destroy_writer (b64writer); gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh); keydb_release (kh);
gcry_md_close (data_md); gcry_md_close (data_md);
es_fclose (in_fp);
if (rc) if (rc)
{ {