From 7340d4ecd7ae3c7b59b7242434a9bd4576cd1ca3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 8 Nov 2023 16:07:08 +0100 Subject: [PATCH] gpgsm: Cleanup of legacy variable name use. * sm/encrypt.c (gpgsm_encrypt): Unify use of RC and ERR. * sm/sign.c (gpgsm_sign): ditto. -- Initially we didn't used the gpg_error_t thingy and while migrating we sometimes used RC and ERR for tracking the error. This is pretty error prone and thus we better remove it (after 20 years). --- sm/encrypt.c | 78 +++++++++++++------------------ sm/sign.c | 128 ++++++++++++++++++++++----------------------------- 2 files changed, 89 insertions(+), 117 deletions(-) diff --git a/sm/encrypt.c b/sm/encrypt.c index b9e8c92c8..7c8a96481 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -595,9 +595,8 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread) int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) { - int rc = 0; + gpg_error_t err = 0; gnupg_ksba_io_t b64writer = NULL; - gpg_error_t err; ksba_writer_t writer; ksba_reader_t reader = NULL; ksba_cms_t cms = NULL; @@ -626,7 +625,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) log_error(_("no valid recipients given\n")); gpgsm_status (ctrl, STATUS_NO_RECP, "0"); audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0); - rc = gpg_error (GPG_ERR_NO_PUBKEY); + err = gpg_error (GPG_ERR_NO_PUBKEY); goto leave; } @@ -638,7 +637,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) if (!kh) { log_error (_("failed to allocate keyDB handle\n")); - rc = gpg_error (GPG_ERR_GENERAL); + err = gpg_error (GPG_ERR_GENERAL); goto leave; } @@ -646,29 +645,27 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) data_fp = es_fdopen_nc (data_fd, "rb"); if (!data_fp) { - rc = gpg_error_from_syserror (); - log_error ("fdopen() failed: %s\n", strerror (errno)); + err = gpg_error_from_syserror (); + log_error ("fdopen() failed: %s\n", gpg_strerror (err)); goto leave; } err = ksba_reader_new (&reader); + if (!err) + err = ksba_reader_set_cb (reader, encrypt_cb, &encparm); if (err) - rc = err; - if (!rc) - rc = ksba_reader_set_cb (reader, encrypt_cb, &encparm); - if (rc) - goto leave; + goto leave; encparm.fp = data_fp; ctrl->pem_name = "ENCRYPTED MESSAGE"; - rc = gnupg_ksba_create_writer + err = gnupg_ksba_create_writer (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), ctrl->pem_name, out_fp, &writer); - if (rc) + if (err) { - log_error ("can't create writer: %s\n", gpg_strerror (rc)); + log_error ("can't create writer: %s\n", gpg_strerror (err)); goto leave; } @@ -678,17 +675,13 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) err = ksba_cms_new (&cms); if (err) - { - rc = err; - goto leave; - } + goto leave; err = ksba_cms_set_reader_writer (cms, reader, writer); if (err) { log_error ("ksba_cms_set_reader_writer failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } @@ -703,7 +696,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) { log_error ("ksba_cms_set_content_type failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } @@ -715,34 +707,34 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) log_error (_("cipher algorithm '%s' may not be used in %s mode\n"), opt.def_cipher_algoid, gnupg_compliance_option_string (opt.compliance)); - rc = gpg_error (GPG_ERR_CIPHER_ALGO); + err = gpg_error (GPG_ERR_CIPHER_ALGO); goto leave; } if (!gnupg_rng_is_compliant (opt.compliance)) { - rc = gpg_error (GPG_ERR_FORBIDDEN); + err = gpg_error (GPG_ERR_FORBIDDEN); log_error (_("%s is not compliant with %s mode\n"), "RNG", gnupg_compliance_option_string (opt.compliance)); gpgsm_status_with_error (ctrl, STATUS_ERROR, - "random-compliance", rc); + "random-compliance", err); goto leave; } /* Create a session key */ dek = xtrycalloc_secure (1, sizeof *dek); if (!dek) - rc = out_of_core (); + err = gpg_error_from_syserror (); else - { - dek->algoid = opt.def_cipher_algoid; - rc = init_dek (dek); - } - if (rc) + { + dek->algoid = opt.def_cipher_algoid; + err = init_dek (dek); + } + if (err) { log_error ("failed to create the session key: %s\n", - gpg_strerror (rc)); + gpg_strerror (err)); goto leave; } @@ -751,7 +743,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) { log_error ("ksba_cms_set_content_enc_algo failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } @@ -761,7 +752,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) encparm.buffer = xtrymalloc (encparm.bufsize); if (!encparm.buffer) { - rc = out_of_core (); + err = gpg_error_from_syserror (); goto leave; } @@ -803,12 +794,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) xfree (curve); curve = NULL; - rc = encrypt_dek (dek, cl->cert, pk_algo, &encval); - if (rc) + err = encrypt_dek (dek, cl->cert, pk_algo, &encval); + if (err) { - audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc); + audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err); log_error ("encryption failed for recipient no. %d: %s\n", - recpno, gpg_strerror (rc)); + recpno, gpg_strerror (err)); goto leave; } @@ -818,7 +809,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err); log_error ("ksba_cms_add_recipient failed: %s\n", gpg_strerror (err)); - rc = err; xfree (encval); goto leave; } @@ -830,7 +820,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) { log_error ("ksba_cms_set_enc_val failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } } @@ -844,7 +833,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) log_error (_("operation forced to fail due to" " unfulfilled compliance rules\n")); gpgsm_errors_seen = 1; - rc = gpg_error (GPG_ERR_FORBIDDEN); + err = gpg_error (GPG_ERR_FORBIDDEN); goto leave; } @@ -856,7 +845,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) if (err) { log_error ("creating CMS object failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } } @@ -865,15 +853,15 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) if (encparm.readerror) { log_error ("error reading input: %s\n", strerror (encparm.readerror)); - rc = gpg_error (gpg_err_code_from_errno (encparm.readerror)); + err = gpg_error (gpg_err_code_from_errno (encparm.readerror)); goto leave; } - rc = gnupg_ksba_finish_writer (b64writer); - if (rc) + err = gnupg_ksba_finish_writer (b64writer); + if (err) { - log_error ("write failed: %s\n", gpg_strerror (rc)); + log_error ("write failed: %s\n", gpg_strerror (err)); goto leave; } audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE); @@ -888,5 +876,5 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) xfree (dek); es_fclose (data_fp); xfree (encparm.buffer); - return rc; + return err; } diff --git a/sm/sign.c b/sm/sign.c index 013f4b87c..fd9aa2a64 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -527,8 +527,8 @@ int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, int data_fd, int detached, estream_t out_fp) { - int i, rc; gpg_error_t err; + int i; gnupg_ksba_io_t b64writer = NULL; ksba_writer_t writer; estream_t sig_fp = NULL; /* Used for detached signatures. */ @@ -551,18 +551,18 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (!kh) { log_error (_("failed to allocate keyDB handle\n")); - rc = gpg_error (GPG_ERR_GENERAL); + err = gpg_error (GPG_ERR_GENERAL); goto leave; } if (!gnupg_rng_is_compliant (opt.compliance)) { - rc = gpg_error (GPG_ERR_FORBIDDEN); + err = gpg_error (GPG_ERR_FORBIDDEN); log_error (_("%s is not compliant with %s mode\n"), "RNG", gnupg_compliance_option_string (opt.compliance)); gpgsm_status_with_error (ctrl, STATUS_ERROR, - "random-compliance", rc); + "random-compliance", err); goto leave; } @@ -574,20 +574,20 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (binary_detached) { sig_fp = es_fopenmem (0, "w+"); - rc = sig_fp? 0 : gpg_error_from_syserror (); - if (!rc) - rc = gnupg_ksba_create_writer (&b64writer, 0, NULL, sig_fp, &writer); + err = sig_fp? 0 : gpg_error_from_syserror (); + if (!err) + err = gnupg_ksba_create_writer (&b64writer, 0, NULL, sig_fp, &writer); } else { - rc = gnupg_ksba_create_writer + err = gnupg_ksba_create_writer (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), ctrl->pem_name, out_fp, &writer); } - if (rc) + if (err) { - log_error ("can't create writer: %s\n", gpg_strerror (rc)); + log_error ("can't create writer: %s\n", gpg_strerror (err)); goto leave; } @@ -597,17 +597,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, err = ksba_cms_new (&cms); if (err) - { - rc = err; - goto leave; - } + goto leave; err = ksba_cms_set_reader_writer (cms, NULL, writer); if (err) { log_debug ("ksba_cms_set_reader_writer failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } @@ -619,7 +615,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { log_debug ("ksba_cms_set_content_type failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } @@ -632,23 +627,23 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, log_error ("no default signer found\n"); gpgsm_status2 (ctrl, STATUS_INV_SGNR, get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL); - rc = gpg_error (GPG_ERR_GENERAL); + err = gpg_error (GPG_ERR_GENERAL); goto leave; } /* Although we don't check for ambiguous specification we will check that the signer's certificate is usable and valid. */ - rc = gpgsm_cert_use_sign_p (cert, 0); - if (!rc) - rc = gpgsm_validate_chain (ctrl, cert, + err = gpgsm_cert_use_sign_p (cert, 0); + if (!err) + err = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL); - if (rc) + if (err) { char *tmpfpr; tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0); gpgsm_status2 (ctrl, STATUS_INV_SGNR, - get_inv_recpsgnr_code (rc), tmpfpr, NULL); + get_inv_recpsgnr_code (err), tmpfpr, NULL); xfree (tmpfpr); goto leave; } @@ -657,7 +652,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, signerlist = xtrycalloc (1, sizeof *signerlist); if (!signerlist) { - rc = out_of_core (); + err = gpg_error_from_syserror (); ksba_cert_release (cert); goto leave; } @@ -763,22 +758,21 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, /* Gather certificates of signers and store them in the CMS object. */ for (cl=signerlist; cl; cl = cl->next) { - rc = gpgsm_cert_use_sign_p (cl->cert, 0); - if (rc) + err = gpgsm_cert_use_sign_p (cl->cert, 0); + if (err) goto leave; err = ksba_cms_add_signer (cms, cl->cert); if (err) { log_error ("ksba_cms_add_signer failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } - rc = add_certificate_list (ctrl, cms, cl->cert); - if (rc) + err = add_certificate_list (ctrl, cms, cl->cert); + if (err) { log_error ("failed to store list of certificates: %s\n", - gpg_strerror(rc)); + gpg_strerror (err)); goto leave; } /* Set the hash algorithm we are going to use */ @@ -787,7 +781,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { log_debug ("ksba_cms_add_digest_algo failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } } @@ -809,7 +802,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { log_error (_("checking for qualified certificate failed: %s\n"), gpg_strerror (err)); - rc = err; goto leave; } if (*buffer) @@ -817,19 +809,16 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, else err = gpgsm_not_qualified_warning (ctrl, cl->cert); if (err) - { - rc = err; - goto leave; - } + goto leave; } } /* Prepare hashing (actually we are figuring out what we have set above). */ - rc = gcry_md_open (&data_md, 0, 0); - if (rc) + err = gcry_md_open (&data_md, 0, 0); + if (err) { - log_error ("md_open failed: %s\n", gpg_strerror (rc)); + log_error ("md_open failed: %s\n", gpg_strerror (err)); goto leave; } if (DBG_HASHING) @@ -841,7 +830,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (!algo) { log_error ("unknown hash algorithm '%s'\n", algoid? algoid:"?"); - rc = gpg_error (GPG_ERR_BUG); + err = gpg_error (GPG_ERR_BUG); goto leave; } gcry_md_enable (data_md, algo); @@ -866,7 +855,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if ( !digest || !digest_len ) { log_error ("problem getting the hash of the data\n"); - rc = gpg_error (GPG_ERR_BUG); + err = gpg_error (GPG_ERR_BUG); goto leave; } err = ksba_cms_set_message_digest (cms, signer, digest, digest_len); @@ -874,7 +863,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { log_error ("ksba_cms_set_message_digest failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } } @@ -888,7 +876,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { log_error ("ksba_cms_set_signing_time failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } } @@ -921,7 +908,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (err) { log_error ("creating CMS object failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } @@ -933,8 +919,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, assert (!detached); - rc = hash_and_copy_data (data_fd, data_md, writer); - if (rc) + err = hash_and_copy_data (data_fd, data_md, writer); + if (err) goto leave; audit_log (ctrl->audit, AUDIT_GOT_DATA); for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) @@ -944,7 +930,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if ( !digest || !digest_len ) { log_error ("problem getting the hash of the data\n"); - rc = gpg_error (GPG_ERR_BUG); + err = gpg_error (GPG_ERR_BUG); goto leave; } err = ksba_cms_set_message_digest (cms, signer, @@ -953,7 +939,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { log_error ("ksba_cms_set_message_digest failed: %s\n", gpg_strerror (err)); - rc = err; goto leave; } } @@ -963,10 +948,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, /* Compute the signature for all signers. */ gcry_md_hd_t md; - rc = gcry_md_open (&md, 0, 0); - if (rc) + err = gcry_md_open (&md, 0, 0); + if (err) { - log_error ("md_open failed: %s\n", gpg_strerror (rc)); + log_error ("md_open failed: %s\n", gpg_strerror (err)); goto leave; } if (DBG_HASHING) @@ -991,20 +976,20 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } } - rc = ksba_cms_hash_signed_attrs (cms, signer); - if (rc) + err = ksba_cms_hash_signed_attrs (cms, signer); + if (err) { log_debug ("hashing signed attrs failed: %s\n", - gpg_strerror (rc)); + gpg_strerror (err)); gcry_md_close (md); goto leave; } - rc = gpgsm_create_cms_signature (ctrl, cl->cert, - md, cl->hash_algo, &sigval); - if (rc) + err = gpgsm_create_cms_signature (ctrl, cl->cert, + md, cl->hash_algo, &sigval); + if (err) { - audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, rc); + audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err); gcry_md_close (md); goto leave; } @@ -1016,7 +1001,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, audit_log_cert (ctrl->audit, AUDIT_SIGNED_BY, cl->cert, err); log_error ("failed to store the signature: %s\n", gpg_strerror (err)); - rc = err; gcry_md_close (md); goto leave; } @@ -1025,11 +1009,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, fpr = gpgsm_get_fingerprint_hexstring (cl->cert, GCRY_MD_SHA1); if (!fpr) { - rc = gpg_error (GPG_ERR_ENOMEM); + err = gpg_error (GPG_ERR_ENOMEM); gcry_md_close (md); goto leave; } - rc = 0; if (opt.verbose) { char *pkalgostr = gpgsm_pubkey_algo_string (cl->cert, NULL); @@ -1046,9 +1029,9 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, signed_at, fpr); if (!buf) - rc = gpg_error_from_syserror (); + err = gpg_error_from_syserror (); xfree (fpr); - if (rc) + if (err) { gcry_md_close (md); goto leave; @@ -1062,10 +1045,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } while (stopreason != KSBA_SR_READY); - rc = gnupg_ksba_finish_writer (b64writer); - if (rc) + err = gnupg_ksba_finish_writer (b64writer); + if (err) { - log_error ("write failed: %s\n", gpg_strerror (rc)); + log_error ("write failed: %s\n", gpg_strerror (err)); goto leave; } @@ -1074,13 +1057,14 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, void *blob = NULL; size_t bloblen; - rc = es_fclose_snatch (sig_fp, &blob, &bloblen); + err = (es_fclose_snatch (sig_fp, &blob, &bloblen)? + gpg_error_from_syserror () : 0); sig_fp = NULL; - if (rc) + if (err) goto leave; - rc = write_detached_signature (blob, bloblen, out_fp); + err = write_detached_signature (blob, bloblen, out_fp); xfree (blob); - if (rc) + if (err) goto leave; } @@ -1089,9 +1073,9 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, log_info ("signature created\n"); leave: - if (rc) + if (err) log_error ("error creating signature: %s <%s>\n", - gpg_strerror (rc), gpg_strsource (rc) ); + gpg_strerror (err), gpg_strsource (err) ); if (release_signerlist) gpgsm_release_certlist (signerlist); xfree (curve); @@ -1100,5 +1084,5 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, keydb_release (kh); gcry_md_close (data_md); es_fclose (sig_fp); - return rc; + return err; }