diff --git a/agent/agent.h b/agent/agent.h index b95df5700..815d9a543 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -450,14 +450,14 @@ void agent_store_cache_hit (const char *key); /*-- pksign.c --*/ -int agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, - const char *desc_text, - gcry_sexp_t *signature_sexp, - cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, - const void *overridedata, size_t overridedatalen); -int agent_pksign (ctrl_t ctrl, const char *cache_nonce, - const char *desc_text, - membuf_t *outbuf, cache_mode_t cache_mode); +gpg_error_t agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, + const char *desc_text, + gcry_sexp_t *signature_sexp, + cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, + const void *overridedata, size_t overridedatalen); +gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce, + const char *desc_text, + membuf_t *outbuf, cache_mode_t cache_mode); /*-- pkdecrypt.c --*/ int agent_pkdecrypt (ctrl_t ctrl, const char *desc_text, @@ -482,7 +482,7 @@ unsigned char get_standard_s2k_count_rfc4880 (void); int agent_protect (const unsigned char *plainkey, const char *passphrase, unsigned char **result, size_t *resultlen, unsigned long s2k_count, int use_ocb); -int agent_unprotect (ctrl_t ctrl, +gpg_error_t agent_unprotect (ctrl_t ctrl, const unsigned char *protectedkey, const char *passphrase, gnupg_isotime_t protected_at, unsigned char **result, size_t *resultlen); @@ -491,8 +491,8 @@ unsigned char *make_shadow_info (const char *serialno, const char *idstring); int agent_shadow_key (const unsigned char *pubkey, const unsigned char *shadow_info, unsigned char **result); -int agent_get_shadow_info (const unsigned char *shadowkey, - unsigned char const **shadow_info); +gpg_error_t agent_get_shadow_info (const unsigned char *shadowkey, + unsigned char const **shadow_info); gpg_error_t parse_shadow_info (const unsigned char *shadow_info, char **r_hexsn, char **r_idstr, int *r_pinlen); gpg_error_t s2k_hash_passphrase (const char *passphrase, int hashalgo, diff --git a/agent/command.c b/agent/command.c index e387db549..f2a668306 100644 --- a/agent/command.c +++ b/agent/command.c @@ -782,7 +782,7 @@ static const char hlp_pksign[] = static gpg_error_t cmd_pksign (assuan_context_t ctx, char *line) { - int rc; + gpg_error_t err; cache_mode_t cache_mode = CACHE_MODE_NORMAL; ctrl_t ctrl = assuan_get_pointer (ctx); membuf_t outbuf; @@ -804,17 +804,17 @@ cmd_pksign (assuan_context_t ctx, char *line) init_membuf (&outbuf, 512); - rc = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc, - &outbuf, cache_mode); - if (rc) + err = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc, + &outbuf, cache_mode); + if (err) clear_outbuf (&outbuf); else - rc = write_and_clear_outbuf (ctx, &outbuf); + err = write_and_clear_outbuf (ctx, &outbuf); xfree (cache_nonce); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; - return leave_cmd (ctx, rc); + return leave_cmd (ctx, err); } diff --git a/agent/findkey.c b/agent/findkey.c index cff0a7df8..e3e9a123f 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -488,7 +488,7 @@ agent_modify_description (const char *in, const char *comment, passphrase (entered or from the cache) is stored there; if not NULL will be stored. The caller needs to free the returned passphrase. */ -static int +static gpg_error_t unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, unsigned char **keybuf, const unsigned char *grip, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, @@ -690,7 +690,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, static gpg_error_t read_key_file (const unsigned char *grip, gcry_sexp_t *result) { - int rc; + gpg_error_t err; char *fname; estream_t fp; struct stat st; @@ -710,30 +710,30 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) fp = es_fopen (fname, "rb"); if (!fp) { - rc = gpg_error_from_syserror (); - if (gpg_err_code (rc) != GPG_ERR_ENOENT) - log_error ("can't open '%s': %s\n", fname, strerror (errno)); + err = gpg_error_from_syserror (); + if (gpg_err_code (err) != GPG_ERR_ENOENT) + log_error ("can't open '%s': %s\n", fname, gpg_strerror (err)); xfree (fname); - return rc; + return err; } if (es_fread (&first, 1, 1, fp) != 1) { - rc = gpg_error_from_syserror (); + err = gpg_error_from_syserror (); log_error ("error reading first byte from '%s': %s\n", - fname, strerror (errno)); + fname, gpg_strerror (err)); xfree (fname); es_fclose (fp); - return rc; + return err; } - rc = es_fseek (fp, 0, SEEK_SET); - if (rc) + if (es_fseek (fp, 0, SEEK_SET)) { - log_error ("error seeking in '%s': %s\n", fname, strerror (errno)); + err = gpg_error_from_syserror (); + log_error ("error seeking in '%s': %s\n", fname, gpg_strerror (err)); xfree (fname); es_fclose (fp); - return rc; + return err; } if (first != '(') @@ -742,69 +742,69 @@ read_key_file (const unsigned char *grip, gcry_sexp_t *result) nvc_t pk; int line; - rc = nvc_parse_private_key (&pk, &line, fp); + err = nvc_parse_private_key (&pk, &line, fp); es_fclose (fp); - if (rc) + if (err) log_error ("error parsing '%s' line %d: %s\n", - fname, line, gpg_strerror (rc)); + fname, line, gpg_strerror (err)); else { - rc = nvc_get_private_key (pk, result); + err = nvc_get_private_key (pk, result); nvc_release (pk); - if (rc) + if (err) log_error ("error getting private key from '%s': %s\n", - fname, gpg_strerror (rc)); + fname, gpg_strerror (err)); } xfree (fname); - return rc; + return err; } if (fstat (es_fileno (fp), &st)) { - rc = gpg_error_from_syserror (); - log_error ("can't stat '%s': %s\n", fname, strerror (errno)); + err = gpg_error_from_syserror (); + log_error ("can't stat '%s': %s\n", fname, gpg_strerror (err)); xfree (fname); es_fclose (fp); - return rc; + return err; } buflen = st.st_size; buf = xtrymalloc (buflen+1); if (!buf) { - rc = gpg_error_from_syserror (); + err = gpg_error_from_syserror (); log_error ("error allocating %zu bytes for '%s': %s\n", - buflen, fname, strerror (errno)); + buflen, fname, gpg_strerror (err)); xfree (fname); es_fclose (fp); xfree (buf); - return rc; + return err; } if (es_fread (buf, buflen, 1, fp) != 1) { - rc = gpg_error_from_syserror (); + err = gpg_error_from_syserror (); log_error ("error reading %zu bytes from '%s': %s\n", - buflen, fname, strerror (errno)); + buflen, fname, gpg_strerror (err)); xfree (fname); es_fclose (fp); xfree (buf); - return rc; + return err; } /* Convert the file into a gcrypt S-expression object. */ - rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen); + err = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen); xfree (fname); es_fclose (fp); xfree (buf); - if (rc) + if (err) { log_error ("failed to build S-Exp (off=%u): %s\n", - (unsigned int)erroff, gpg_strerror (rc)); - return rc; + (unsigned int)erroff, gpg_strerror (err)); + return err; } *result = s_skey; return 0; @@ -852,7 +852,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, gcry_sexp_t *result, char **r_passphrase) { - int rc; + gpg_error_t err; unsigned char *buf; size_t len, buflen, erroff; gcry_sexp_t s_skey; @@ -863,20 +863,20 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, if (r_passphrase) *r_passphrase = NULL; - rc = read_key_file (grip, &s_skey); - if (rc) + err = read_key_file (grip, &s_skey); + if (err) { - if (gpg_err_code (rc) == GPG_ERR_ENOENT) - rc = gpg_error (GPG_ERR_NO_SECKEY); - return rc; + if (gpg_err_code (err) == GPG_ERR_ENOENT) + err = gpg_error (GPG_ERR_NO_SECKEY); + return err; } /* For use with the protection functions we also need the key as an canonical encoded S-expression in a buffer. Create this buffer now. */ - rc = make_canon_sexp (s_skey, &buf, &len); - if (rc) - return rc; + err = make_canon_sexp (s_skey, &buf, &len); + if (err) + return err; switch (agent_private_key_type (buf)) { @@ -887,10 +887,10 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, unsigned char *buf_new; size_t buf_newlen; - rc = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen); - if (rc) + err = agent_unprotect (ctrl, buf, "", NULL, &buf_new, &buf_newlen); + if (err) log_error ("failed to convert unprotected openpgp key: %s\n", - gpg_strerror (rc)); + gpg_strerror (err)); else { xfree (buf); @@ -917,17 +917,17 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, desc_text_final = NULL; if (desc_text) - rc = agent_modify_description (desc_text, comment, s_skey, - &desc_text_final); + err = agent_modify_description (desc_text, comment, s_skey, + &desc_text_final); gcry_free (comment); - if (!rc) + if (!err) { - rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip, + err = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip, cache_mode, lookup_ttl, r_passphrase); - if (rc) + if (err) log_error ("failed to unprotect the secret key: %s\n", - gpg_strerror (rc)); + gpg_strerror (err)); } xfree (desc_text_final); @@ -939,34 +939,34 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, const unsigned char *s; size_t n; - rc = agent_get_shadow_info (buf, &s); - if (!rc) + err = agent_get_shadow_info (buf, &s); + if (!err) { n = gcry_sexp_canon_len (s, 0, NULL,NULL); - assert (n); + log_assert (n); *shadow_info = xtrymalloc (n); if (!*shadow_info) - rc = out_of_core (); + err = out_of_core (); else { memcpy (*shadow_info, s, n); - rc = 0; + err = 0; } } - if (rc) - log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc)); + if (err) + log_error ("get_shadow_info failed: %s\n", gpg_strerror (err)); } else - rc = gpg_error (GPG_ERR_UNUSABLE_SECKEY); + err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); break; default: log_error ("invalid private key format\n"); - rc = gpg_error (GPG_ERR_BAD_SECKEY); + err = gpg_error (GPG_ERR_BAD_SECKEY); break; } gcry_sexp_release (s_skey); s_skey = NULL; - if (rc) + if (err) { xfree (buf); if (r_passphrase) @@ -974,23 +974,23 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, xfree (*r_passphrase); *r_passphrase = NULL; } - return rc; + return err; } buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL); - rc = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen); + err = gcry_sexp_sscan (&s_skey, &erroff, (char*)buf, buflen); wipememory (buf, buflen); xfree (buf); - if (rc) + if (err) { log_error ("failed to build S-Exp (off=%u): %s\n", - (unsigned int)erroff, gpg_strerror (rc)); + (unsigned int)erroff, gpg_strerror (err)); if (r_passphrase) { xfree (*r_passphrase); *r_passphrase = NULL; } - return rc; + return err; } *result = s_skey; diff --git a/agent/pksign.c b/agent/pksign.c index 8faf4a483..f54af0817 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -271,26 +271,26 @@ do_encode_raw_pkcs1 (const byte *md, size_t mdlen, unsigned int nbits, /* SIGN whatever information we have accumulated in CTRL and return - the signature S-expression. LOOKUP is an optional function to - provide a way for lower layers to ask for the caching TTL. If a - CACHE_NONCE is given that cache item is first tried to get a - passphrase. If OVERRIDEDATA is not NULL, OVERRIDEDATALEN bytes - from this buffer are used instead of the data in CTRL. The - override feature is required to allow the use of Ed25519 with ssh - because Ed25519 does the hashing itself. */ -int + * the signature S-expression. LOOKUP is an optional function to + * provide a way for lower layers to ask for the caching TTL. If a + * CACHE_NONCE is given that cache item is first tried to get a + * passphrase. If OVERRIDEDATA is not NULL, OVERRIDEDATALEN bytes + * from this buffer are used instead of the data in CTRL. The + * override feature is required to allow the use of Ed25519 with ssh + * because Ed25519 does the hashing itself. */ +gpg_error_t agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, gcry_sexp_t *signature_sexp, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, const void *overridedata, size_t overridedatalen) { + gpg_error_t err = 0; gcry_sexp_t s_skey = NULL; gcry_sexp_t s_sig = NULL; gcry_sexp_t s_hash = NULL; gcry_sexp_t s_pkey = NULL; unsigned char *shadow_info = NULL; - unsigned int rc = 0; /* FIXME: gpg-error? */ const unsigned char *data; int datalen; int check_signature = 0; @@ -309,12 +309,12 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, if (!ctrl->have_keygrip) return gpg_error (GPG_ERR_NO_SECKEY); - rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, - &shadow_info, cache_mode, lookup_ttl, - &s_skey, NULL); - if (rc) + err = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, + &shadow_info, cache_mode, lookup_ttl, + &s_skey, NULL); + if (err) { - if (gpg_err_code (rc) != GPG_ERR_NO_SECKEY) + if (gpg_err_code (err) != GPG_ERR_NO_SECKEY) log_error ("failed to read the secret key\n"); goto leave; } @@ -329,8 +329,8 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, int is_ECDSA = 0; int is_EdDSA = 0; - rc = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey); - if (rc) + err = agent_public_key_from_file (ctrl, ctrl->keygrip, &s_pkey); + if (err) { log_error ("failed to read the public key\n"); goto leave; @@ -353,15 +353,15 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, if (desc_text) agent_modify_description (desc_text, NULL, s_skey, &desc2); - rc = divert_pksign (ctrl, desc2? desc2 : desc_text, - data, datalen, - ctrl->digest.algo, - shadow_info, &buf, &len); + err = divert_pksign (ctrl, desc2? desc2 : desc_text, + data, datalen, + ctrl->digest.algo, + shadow_info, &buf, &len); xfree (desc2); } - if (rc) + if (err) { - log_error ("smartcard signing failed: %s\n", gpg_strerror (rc)); + log_error ("smartcard signing failed: %s\n", gpg_strerror (err)); goto leave; } @@ -379,13 +379,13 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, *buf = 0; } - rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%b)))", - (int)len, buf); + err = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%b)))", + (int)len, buf); } else if (is_EdDSA) { - rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(eddsa(r%b)(s%b)))", - (int)len/2, buf, (int)len/2, buf + len/2); + err = gcry_sexp_build (&s_sig, NULL, "(sig-val(eddsa(r%b)(s%b)))", + (int)len/2, buf, (int)len/2, buf + len/2); } else if (is_ECDSA) { @@ -401,7 +401,10 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, r_buflen++; r_buf_allocated = xtrymalloc (r_buflen); if (!r_buf_allocated) - goto leave; + { + err = gpg_error_from_syserror (); + goto leave; + } r_buf = r_buf_allocated; memcpy (r_buf + 1, buf, len/2); @@ -416,6 +419,7 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, s_buf_allocated = xtrymalloc (s_buflen); if (!s_buf_allocated) { + err = gpg_error_from_syserror (); xfree (r_buf_allocated); goto leave; } @@ -427,20 +431,20 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, else s_buf = buf + len/2; - rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))", - r_buflen, r_buf, - s_buflen, s_buf); + err = gcry_sexp_build (&s_sig, NULL, "(sig-val(ecdsa(r%b)(s%b)))", + r_buflen, r_buf, + s_buflen, s_buf); xfree (r_buf_allocated); xfree (s_buf_allocated); } else - rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); xfree (buf); - if (rc) + if (err) { log_error ("failed to convert sigbuf returned by divert_pksign " - "into S-Exp: %s", gpg_strerror (rc)); + "into S-Exp: %s", gpg_strerror (err)); goto leave; } } @@ -451,27 +455,29 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, /* Put the hash into a sexp */ if (agent_is_eddsa_key (s_skey)) - rc = do_encode_eddsa (data, datalen, - &s_hash); + err = do_encode_eddsa (data, datalen, + &s_hash); else if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) - rc = do_encode_raw_pkcs1 (data, datalen, - gcry_pk_get_nbits (s_skey), - &s_hash); + err = do_encode_raw_pkcs1 (data, datalen, + gcry_pk_get_nbits (s_skey), + &s_hash); else if ( (dsaalgo = agent_is_dsa_key (s_skey)) ) - rc = do_encode_dsa (data, datalen, - dsaalgo, s_skey, - &s_hash); + err = do_encode_dsa (data, datalen, + dsaalgo, s_skey, + &s_hash); else - rc = do_encode_md (data, datalen, - ctrl->digest.algo, - &s_hash, - ctrl->digest.raw_value); - if (rc) + err = do_encode_md (data, datalen, + ctrl->digest.algo, + &s_hash, + ctrl->digest.raw_value); + if (err) goto leave; if (dsaalgo == 0 && GCRYPT_VERSION_NUMBER < 0x010700) - /* It's RSA and Libgcrypt < 1.7 */ - check_signature = 1; + { + /* It's RSA and Libgcrypt < 1.7 */ + check_signature = 1; + } if (DBG_CRYPTO) { @@ -480,10 +486,10 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, } /* sign */ - rc = gcry_pk_sign (&s_sig, s_hash, s_skey); - if (rc) + err = gcry_pk_sign (&s_sig, s_hash, s_skey); + if (err) { - log_error ("signing failed: %s\n", gpg_strerror (rc)); + log_error ("signing failed: %s\n", gpg_strerror (err)); goto leave; } @@ -502,20 +508,20 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, if (s_hash == NULL) { if (ctrl->digest.algo == MD_USER_TLS_MD5SHA1) - rc = do_encode_raw_pkcs1 (data, datalen, - gcry_pk_get_nbits (sexp_key), &s_hash); + err = do_encode_raw_pkcs1 (data, datalen, + gcry_pk_get_nbits (sexp_key), &s_hash); else - rc = do_encode_md (data, datalen, ctrl->digest.algo, &s_hash, - ctrl->digest.raw_value); + err = do_encode_md (data, datalen, ctrl->digest.algo, &s_hash, + ctrl->digest.raw_value); } - if (! rc) - rc = gcry_pk_verify (s_sig, s_hash, sexp_key); + if (!err) + err = gcry_pk_verify (s_sig, s_hash, sexp_key); - if (rc) + if (err) { log_error (_("checking created signature failed: %s\n"), - gpg_strerror (rc)); + gpg_strerror (err)); gcry_sexp_release (s_sig); s_sig = NULL; } @@ -530,37 +536,42 @@ agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, gcry_sexp_release (s_hash); xfree (shadow_info); - return rc; + return err; } + /* SIGN whatever information we have accumulated in CTRL and write it - back to OUTFP. If a CACHE_NONCE is given that cache item is first - tried to get a passphrase. */ -int + * back to OUTFP. If a CACHE_NONCE is given that cache item is first + * tried to get a passphrase. */ +gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, membuf_t *outbuf, cache_mode_t cache_mode) { + gpg_error_t err; gcry_sexp_t s_sig = NULL; char *buf = NULL; size_t len = 0; - int rc = 0; - rc = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, NULL, - NULL, 0); - if (rc) + err = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, + NULL, NULL, 0); + if (err) goto leave; len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, NULL, 0); - assert (len); - buf = xmalloc (len); + log_assert (len); + buf = xtrymalloc (len); + if (!buf) + { + err = gpg_error_from_syserror (); + goto leave; + } len = gcry_sexp_sprint (s_sig, GCRYSEXP_FMT_CANON, buf, len); - assert (len); - + log_assert (len); put_membuf (outbuf, buf, len); leave: gcry_sexp_release (s_sig); xfree (buf); - return rc; + return err; } diff --git a/agent/protect.c b/agent/protect.c index 18b44f136..7817901d1 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -238,7 +238,7 @@ get_standard_s2k_count_rfc4880 (void) /* Calculate the MIC for a private key or shared secret S-expression. SHA1HASH should point to a 20 byte buffer. This function is suitable for all algorithms. */ -static int +static gpg_error_t calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash) { const unsigned char *hash_begin, *hash_end; @@ -728,7 +728,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, /* Do the actual decryption and check the return list for consistency. */ -static int +static gpg_error_t do_decryption (const unsigned char *aad_begin, size_t aad_len, const unsigned char *aadhole_begin, size_t aadhole_len, const unsigned char *protected, size_t protectedlen, @@ -738,7 +738,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, int prot_cipher, int prot_cipher_keylen, int is_ocb, unsigned char **result) { - int rc = 0; + int rc; int blklen; gcry_cipher_hd_t hd; unsigned char *outbuf; @@ -858,7 +858,7 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, * CUTOFF and CUTLEN will receive the offset and the length of the * resulting list which should go into the MIC calculation but then be * removed. */ -static int +static gpg_error_t merge_lists (const unsigned char *protectedkey, size_t replacepos, const unsigned char *cleartext, @@ -1011,7 +1011,7 @@ merge_lists (const unsigned char *protectedkey, /* Unprotect the key encoded in canonical format. We assume a valid S-Exp here. If a protected-at item is available, its value will be stored at protected_at unless this is NULL. */ -int +gpg_error_t agent_unprotect (ctrl_t ctrl, const unsigned char *protectedkey, const char *passphrase, gnupg_isotime_t protected_at, @@ -1291,6 +1291,7 @@ agent_unprotect (ctrl_t ctrl, return 0; } + /* Check the type of the private key, this is one of the constants: PRIVATE_KEY_UNKNOWN if we can't figure out the type (this is the value 0), PRIVATE_KEY_CLEAR for an unprotected private key. @@ -1549,7 +1550,7 @@ agent_shadow_key (const unsigned char *pubkey, /* Parse a canonical encoded shadowed key and return a pointer to the inner list with the shadow_info */ -int +gpg_error_t agent_get_shadow_info (const unsigned char *shadowkey, unsigned char const **shadow_info) {