security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

* findkey.c (agent_key_from_file): Now return an error code so 

that we have more detailed error messages in the upper layers.
This fixes the handling pinentry's cancel button.
* pksign.c (agent_pksign): Changed accordingly.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* command.c (cmd_passwd): Ditto.
This commit is contained in:
Werner Koch 2004-01-16 17:39:58 +00:00
parent 1e53ff3608
commit 671f696e55
7 changed files with 49 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
TODO
View File

@ -31,9 +31,10 @@ might want to have an agent context for each service request
** Don't hardcode the use of RSA. ** Don't hardcode the use of RSA.
* sm/gpgsm.c * sm/gpgsm.c
** Support --output ** Support --output for all commands
** mark all unimplemented commands and options. ** mark all unimplemented commands and options.
** Print a hint when MD2 is the cause for a problem. ** Print a hint when MD2 is the cause for a problem.
** Implement --default-key
* sm/keydb.c * sm/keydb.c
** Check file permissions ** Check file permissions

9
agent/ChangeLog
View File

@ -1,3 +1,12 @@
2004-01-16 Werner Koch <wk@gnupg.org>
* findkey.c (agent_key_from_file): Now return an error code so
that we have more detailed error messages in the upper layers.
This fixes the handling pinentry's cancel button.
* pksign.c (agent_pksign): Changed accordingly.
* pkdecrypt.c (agent_pkdecrypt): Ditto.
* command.c (cmd_passwd): Ditto.
2003-12-16 Werner Koch <wk@gnupg.org> 2003-12-16 Werner Koch <wk@gnupg.org>
* gpg-agent.c (main): Set the prefixes for assuan logging. * gpg-agent.c (main): Set the prefixes for assuan logging.

4
agent/agent.h
View File

@ -130,9 +130,9 @@ void start_command_handler (int, int);
/*-- findkey.c --*/ /*-- findkey.c --*/
int agent_write_private_key (const unsigned char *grip, int agent_write_private_key (const unsigned char *grip,
const void *buffer, size_t length, int force); const void *buffer, size_t length, int force);
gcry_sexp_t agent_key_from_file (CTRL ctrl, const unsigned char *grip, gpg_error_t agent_key_from_file (CTRL ctrl, const unsigned char *grip,
unsigned char **shadow_info, unsigned char **shadow_info,
int ignore_cache); int ignore_cache, gcry_sexp_t *result);
int agent_key_available (const unsigned char *grip); int agent_key_available (const unsigned char *grip);
/*-- query.c --*/ /*-- query.c --*/

6
agent/command.c
View File

@ -606,9 +606,9 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line)
return rc; /* we can't jump to leave because this is already an return rc; /* we can't jump to leave because this is already an
Assuan error code. */ Assuan error code. */
s_skey = agent_key_from_file (ctrl, grip, &shadow_info, 1); rc = agent_key_from_file (ctrl, grip, &shadow_info, 1, &s_skey);
if (!s_skey && !shadow_info) if (rc)
rc = gpg_error (GPG_ERR_NO_SECKEY); ;
else if (!s_skey) else if (!s_skey)
{ {
log_error ("changing a smartcard PIN is not yet supported\n"); log_error ("changing a smartcard PIN is not yet supported\n");

48
agent/findkey.c
View File

@ -198,16 +198,16 @@ unprotect (CTRL ctrl,
/* Return the secret key as an S-Exp after locating it using the grip. /* Return the secret key as an S-Exp in RESULT after locating it using
Returns NULL if key is not available or the operation should be the grip. Returns NULL in RESULT if the operation should be
diverted to a token. In the latter case shadow_info will point to diverted to a token; SHADOW_INFO will point then to an allocated
an allocated S-Expression with the shadow_info part from the file. S-Expression with the shadow_info part from the file. With
With IGNORE_CACHE passed as true the passphrase is not taken from IGNORE_CACHE passed as true the passphrase is not taken from the
the cache.*/ cache.*/
gcry_sexp_t gpg_error_t
agent_key_from_file (CTRL ctrl, agent_key_from_file (CTRL ctrl,
const unsigned char *grip, unsigned char **shadow_info, const unsigned char *grip, unsigned char **shadow_info,
int ignore_cache) int ignore_cache, gcry_sexp_t *result)
{ {
int i, rc; int i, rc;
char *fname; char *fname;
@ -217,7 +217,9 @@ agent_key_from_file (CTRL ctrl,
size_t len, buflen, erroff; size_t len, buflen, erroff;
gcry_sexp_t s_skey; gcry_sexp_t s_skey;
char hexgrip[40+4+1]; char hexgrip[40+4+1];
int got_shadow_info = 0;
*result = NULL;
if (shadow_info) if (shadow_info)
*shadow_info = NULL; *shadow_info = NULL;
@ -229,28 +231,31 @@ agent_key_from_file (CTRL ctrl,
fp = fopen (fname, "rb"); fp = fopen (fname, "rb");
if (!fp) if (!fp)
{ {
rc = gpg_error_from_errno (errno);
log_error ("can't open `%s': %s\n", fname, strerror (errno)); log_error ("can't open `%s': %s\n", fname, strerror (errno));
xfree (fname); xfree (fname);
return NULL; return rc;
} }
if (fstat (fileno(fp), &st)) if (fstat (fileno(fp), &st))
{ {
rc = gpg_error_from_errno (errno);
log_error ("can't stat `%s': %s\n", fname, strerror (errno)); log_error ("can't stat `%s': %s\n", fname, strerror (errno));
xfree (fname); xfree (fname);
fclose (fp); fclose (fp);
return NULL; return rc;
} }
buflen = st.st_size; buflen = st.st_size;
buf = xmalloc (buflen+1); buf = xmalloc (buflen+1);
if (fread (buf, buflen, 1, fp) != 1) if (fread (buf, buflen, 1, fp) != 1)
{ {
rc = gpg_error_from_errno (errno);
log_error ("error reading `%s': %s\n", fname, strerror (errno)); log_error ("error reading `%s': %s\n", fname, strerror (errno));
xfree (fname); xfree (fname);
fclose (fp); fclose (fp);
xfree (buf); xfree (buf);
return NULL; return rc;
} }
rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen); rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen);
@ -261,15 +266,16 @@ agent_key_from_file (CTRL ctrl,
{ {
log_error ("failed to build S-Exp (off=%u): %s\n", log_error ("failed to build S-Exp (off=%u): %s\n",
(unsigned int)erroff, gpg_strerror (rc)); (unsigned int)erroff, gpg_strerror (rc));
return NULL; return rc;
} }
len = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0); len = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len); assert (len);
buf = xtrymalloc (len); buf = xtrymalloc (len);
if (!buf) if (!buf)
{ {
rc = out_of_core ();
gcry_sexp_release (s_skey); gcry_sexp_release (s_skey);
return NULL; return rc;
} }
len = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, buf, len); len = gcry_sexp_sprint (s_skey, GCRYSEXP_FMT_CANON, buf, len);
assert (len); assert (len);
@ -303,26 +309,27 @@ agent_key_from_file (CTRL ctrl,
{ {
memcpy (*shadow_info, s, n); memcpy (*shadow_info, s, n);
rc = 0; rc = 0;
got_shadow_info = 1;
} }
} }
if (rc) if (rc)
log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc)); log_error ("get_shadow_info failed: %s\n", gpg_strerror (rc));
} }
rc = -1; /* ugly interface: we return an error but keep a value else
in shadow_info. */ rc = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
break; break;
default: default:
log_error ("invalid private key format\n"); log_error ("invalid private key format\n");
rc = gpg_error (GPG_ERR_BAD_SECKEY); rc = gpg_error (GPG_ERR_BAD_SECKEY);
break; break;
} }
if (rc) if (rc || got_shadow_info)
{ {
xfree (buf); xfree (buf);
return NULL; return rc;
} }
/* arggg FIXME: does scan support secure memory? */ /* Arggg FIXME: does scan support secure memory? */
rc = gcry_sexp_sscan (&s_skey, &erroff, rc = gcry_sexp_sscan (&s_skey, &erroff,
buf, gcry_sexp_canon_len (buf, 0, NULL, NULL)); buf, gcry_sexp_canon_len (buf, 0, NULL, NULL));
xfree (buf); xfree (buf);
@ -330,10 +337,11 @@ agent_key_from_file (CTRL ctrl,
{ {
log_error ("failed to build S-Exp (off=%u): %s\n", log_error ("failed to build S-Exp (off=%u): %s\n",
(unsigned int)erroff, gpg_strerror (rc)); (unsigned int)erroff, gpg_strerror (rc));
return NULL; return rc;
} }
return s_skey; *result = s_skey;
return 0;
} }
/* Return the secret key as an S-Exp after locating it using the grip. /* Return the secret key as an S-Exp after locating it using the grip.

5
agent/pkdecrypt.c
View File

@ -64,11 +64,10 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
log_printhex ("keygrip:", ctrl->keygrip, 20); log_printhex ("keygrip:", ctrl->keygrip, 20);
log_printhex ("cipher: ", ciphertext, ciphertextlen); log_printhex ("cipher: ", ciphertext, ciphertextlen);
} }
s_skey = agent_key_from_file (ctrl, ctrl->keygrip, &shadow_info, 0); rc = agent_key_from_file (ctrl, ctrl->keygrip, &shadow_info, 0, &s_skey);
if (!s_skey && !shadow_info) if (rc)
{ {
log_error ("failed to read the secret key\n"); log_error ("failed to read the secret key\n");
rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave; goto leave;
} }

7
agent/pksign.c
View File

@ -81,12 +81,11 @@ agent_pksign (CTRL ctrl, FILE *outfp, int ignore_cache)
if (!ctrl->have_keygrip) if (!ctrl->have_keygrip)
return gpg_error (GPG_ERR_NO_SECKEY); return gpg_error (GPG_ERR_NO_SECKEY);
s_skey = agent_key_from_file (ctrl, rc = agent_key_from_file (ctrl, ctrl->keygrip,
ctrl->keygrip, &shadow_info, ignore_cache); &shadow_info, ignore_cache, &s_skey);
if (!s_skey && !shadow_info) if (rc)
{ {
log_error ("failed to read the secret key\n"); log_error ("failed to read the secret key\n");
rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave; goto leave;
} }