mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-31 11:41:32 +01:00
sm: Use estream for I/O.
* sm/decrypt.c (gpgsm_decrypt): Use estream for the input. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (open_read): Remove. (main): Use open_es_fread for gpgsm_import_files. Fix call of gpgsm_encrypt, gpgsm_sign, gpgsm_verify and gpgsm_decrypt. (open_es_fread): Use gnupg_check_special_filename and open_stream_nc. * sm/gpgsm.h: Fix function declarations. * sm/import.c (import_one): Use estream for the input. (reimport_one, gpgsm_import, gpgsm_import_files): Likewise. * sm/server.c (struct server_local_s): Rename MESSAGE_FD to MESSAGE_FP. (close_message_fp): Rename from close_message_fd. (reset_notify): Follow the change of close_message_fp. (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_sign): Follow the change of close_message_fp. Use open_stream_nc to get estream. (cmd_import): Likewise. (cmd_export, cmd_delkeys, gpgsm_server): Follow the change of close_message_fp. (cmd_message): Setup MESSAGE_FP with open_stream_nc. * sm/sign.c (hash_data): Use estream for the input. (hash_and_copy_data): Likewise. (gpgsm_sign): Likewise. * sm/verify.c (hash_data): Use estream_t for FP. (gpgsm_verify): Use estream_t for IN_FP and DATA_FP. -- GnuPG-bug-id: 6592 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
30fc365124
commit
95d9761509
12
sm/decrypt.c
12
sm/decrypt.c
@ -1052,7 +1052,7 @@ decrypt_gcm_filter (void *arg,
|
|||||||
|
|
||||||
/* Perform a decrypt operation. */
|
/* Perform a decrypt operation. */
|
||||||
int
|
int
|
||||||
gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
gnupg_ksba_io_t b64reader = NULL;
|
gnupg_ksba_io_t b64reader = NULL;
|
||||||
@ -1063,7 +1063,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
|||||||
ksba_stop_reason_t stopreason;
|
ksba_stop_reason_t stopreason;
|
||||||
KEYDB_HANDLE kh;
|
KEYDB_HANDLE kh;
|
||||||
int recp;
|
int recp;
|
||||||
estream_t in_fp = NULL;
|
|
||||||
struct decrypt_filter_parm_s dfparm;
|
struct decrypt_filter_parm_s dfparm;
|
||||||
|
|
||||||
memset (&dfparm, 0, sizeof dfparm);
|
memset (&dfparm, 0, sizeof dfparm);
|
||||||
@ -1078,14 +1077,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
in_fp = es_fdopen_nc (in_fd, "rb");
|
|
||||||
if (!in_fp)
|
|
||||||
{
|
|
||||||
rc = gpg_error_from_syserror ();
|
|
||||||
log_error ("fdopen() failed: %s\n", strerror (errno));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = gnupg_ksba_create_reader
|
rc = gnupg_ksba_create_reader
|
||||||
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
|
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
|
||||||
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
|
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
|
||||||
@ -1516,7 +1507,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
|||||||
gnupg_ksba_destroy_reader (b64reader);
|
gnupg_ksba_destroy_reader (b64reader);
|
||||||
gnupg_ksba_destroy_writer (b64writer);
|
gnupg_ksba_destroy_writer (b64writer);
|
||||||
keydb_release (kh);
|
keydb_release (kh);
|
||||||
es_fclose (in_fp);
|
|
||||||
if (dfparm.hd)
|
if (dfparm.hd)
|
||||||
gcry_cipher_close (dfparm.hd);
|
gcry_cipher_close (dfparm.hd);
|
||||||
return rc;
|
return rc;
|
||||||
|
14
sm/encrypt.c
14
sm/encrypt.c
@ -574,7 +574,8 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
|
|||||||
recipients are take from the certificate given in recplist; if this
|
recipients are take from the certificate given in recplist; if this
|
||||||
is NULL it will be encrypted for a default recipient */
|
is NULL it will be encrypted for a default recipient */
|
||||||
int
|
int
|
||||||
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, estream_t data_fp,
|
||||||
|
estream_t out_fp)
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
gnupg_ksba_io_t b64writer = NULL;
|
gnupg_ksba_io_t b64writer = NULL;
|
||||||
@ -587,7 +588,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
struct encrypt_cb_parm_s encparm;
|
struct encrypt_cb_parm_s encparm;
|
||||||
DEK dek = NULL;
|
DEK dek = NULL;
|
||||||
int recpno;
|
int recpno;
|
||||||
estream_t data_fp = NULL;
|
|
||||||
certlist_t cl;
|
certlist_t cl;
|
||||||
int count;
|
int count;
|
||||||
int compliant;
|
int compliant;
|
||||||
@ -623,15 +623,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Fixme: We should use the unlocked version of the es functions. */
|
|
||||||
data_fp = es_fdopen_nc (data_fd, "rb");
|
|
||||||
if (!data_fp)
|
|
||||||
{
|
|
||||||
rc = gpg_error_from_syserror ();
|
|
||||||
log_error ("fdopen() failed: %s\n", strerror (errno));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
err = ksba_reader_new (&reader);
|
err = ksba_reader_new (&reader);
|
||||||
if (err)
|
if (err)
|
||||||
rc = err;
|
rc = err;
|
||||||
@ -863,7 +854,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||||||
ksba_reader_release (reader);
|
ksba_reader_release (reader);
|
||||||
keydb_release (kh);
|
keydb_release (kh);
|
||||||
xfree (dek);
|
xfree (dek);
|
||||||
es_fclose (data_fp);
|
|
||||||
xfree (encparm.buffer);
|
xfree (encparm.buffer);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
122
sm/gpgsm.c
122
sm/gpgsm.c
@ -535,7 +535,6 @@ static void set_cmd (enum cmd_and_opt_values *ret_cmd,
|
|||||||
enum cmd_and_opt_values new_cmd );
|
enum cmd_and_opt_values new_cmd );
|
||||||
|
|
||||||
static void emergency_cleanup (void);
|
static void emergency_cleanup (void);
|
||||||
static int open_read (const char *filename);
|
|
||||||
static estream_t open_es_fread (const char *filename, const char *mode);
|
static estream_t open_es_fread (const char *filename, const char *mode);
|
||||||
static estream_t open_es_fwrite (const char *filename);
|
static estream_t open_es_fwrite (const char *filename);
|
||||||
static void run_protect_tool (int argc, char **argv);
|
static void run_protect_tool (int argc, char **argv);
|
||||||
@ -1778,7 +1777,7 @@ main ( int argc, char **argv)
|
|||||||
{
|
{
|
||||||
log_info (_("importing common certificates '%s'\n"),
|
log_info (_("importing common certificates '%s'\n"),
|
||||||
filelist[0]);
|
filelist[0]);
|
||||||
gpgsm_import_files (&ctrl, 1, filelist, open_read);
|
gpgsm_import_files (&ctrl, 1, filelist, open_es_fread);
|
||||||
}
|
}
|
||||||
xfree (filelist[0]);
|
xfree (filelist[0]);
|
||||||
}
|
}
|
||||||
@ -1916,9 +1915,20 @@ main ( int argc, char **argv)
|
|||||||
set_binary (stdin);
|
set_binary (stdin);
|
||||||
|
|
||||||
if (!argc) /* Source is stdin. */
|
if (!argc) /* Source is stdin. */
|
||||||
err = gpgsm_encrypt (&ctrl, recplist, 0, fp);
|
err = gpgsm_encrypt (&ctrl, recplist, es_stdin, fp);
|
||||||
else if (argc == 1) /* Source is the given file. */
|
else if (argc == 1) /* Source is the given file. */
|
||||||
err = gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
|
{
|
||||||
|
estream_t data_fp = es_fopen (*argv, "rb");
|
||||||
|
|
||||||
|
if (!data_fp)
|
||||||
|
{
|
||||||
|
log_error (_("can't open '%s': %s\n"), *argv,
|
||||||
|
strerror (errno));
|
||||||
|
gpgsm_exit (2);
|
||||||
|
}
|
||||||
|
err = gpgsm_encrypt (&ctrl, recplist, data_fp, fp);
|
||||||
|
es_fclose (data_fp);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
wrong_args ("--encrypt [datafile]");
|
wrong_args ("--encrypt [datafile]");
|
||||||
|
|
||||||
@ -1937,10 +1947,20 @@ main ( int argc, char **argv)
|
|||||||
signing because that is what gpg does.*/
|
signing because that is what gpg does.*/
|
||||||
set_binary (stdin);
|
set_binary (stdin);
|
||||||
if (!argc) /* Create from stdin. */
|
if (!argc) /* Create from stdin. */
|
||||||
err = gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
|
err = gpgsm_sign (&ctrl, signerlist, es_stdin, detached_sig, fp);
|
||||||
else if (argc == 1) /* From file. */
|
else if (argc == 1) /* From file. */
|
||||||
err = gpgsm_sign (&ctrl, signerlist,
|
{
|
||||||
open_read (*argv), detached_sig, fp);
|
estream_t data_fp = es_fopen (*argv, "rb");
|
||||||
|
|
||||||
|
if (!data_fp)
|
||||||
|
{
|
||||||
|
log_error (_("can't open '%s': %s\n"), *argv,
|
||||||
|
strerror (errno));
|
||||||
|
gpgsm_exit (2);
|
||||||
|
}
|
||||||
|
err = gpgsm_sign (&ctrl, signerlist, data_fp, detached_sig, fp);
|
||||||
|
es_fclose (data_fp);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
wrong_args ("--sign [datafile]");
|
wrong_args ("--sign [datafile]");
|
||||||
|
|
||||||
@ -1981,11 +2001,43 @@ main ( int argc, char **argv)
|
|||||||
fp = open_es_fwrite (opt.outfile);
|
fp = open_es_fwrite (opt.outfile);
|
||||||
|
|
||||||
if (!argc)
|
if (!argc)
|
||||||
gpgsm_verify (&ctrl, 0, -1, fp); /* normal signature from stdin */
|
/* normal signature from stdin */
|
||||||
|
gpgsm_verify (&ctrl, es_stdin, NULL, fp);
|
||||||
else if (argc == 1)
|
else if (argc == 1)
|
||||||
gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */
|
{
|
||||||
|
estream_t in_fp = es_fopen (*argv, "rb");
|
||||||
|
|
||||||
|
if (!in_fp)
|
||||||
|
{
|
||||||
|
log_error (_("can't open '%s': %s\n"), *argv,
|
||||||
|
strerror (errno));
|
||||||
|
gpgsm_exit (2);
|
||||||
|
}
|
||||||
|
gpgsm_verify (&ctrl, in_fp, NULL, fp); /* std signature */
|
||||||
|
es_fclose (in_fp);
|
||||||
|
}
|
||||||
else if (argc == 2) /* detached signature (sig, detached) */
|
else if (argc == 2) /* detached signature (sig, detached) */
|
||||||
gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
|
{
|
||||||
|
estream_t in_fp = es_fopen (*argv, "rb");
|
||||||
|
estream_t data_fp = es_fopen (argv[1], "rb");
|
||||||
|
|
||||||
|
if (!in_fp)
|
||||||
|
{
|
||||||
|
log_error (_("can't open '%s': %s\n"), *argv,
|
||||||
|
strerror (errno));
|
||||||
|
gpgsm_exit (2);
|
||||||
|
}
|
||||||
|
if (!data_fp)
|
||||||
|
{
|
||||||
|
log_error (_("can't open '%s': %s\n"), argv[1],
|
||||||
|
strerror (errno));
|
||||||
|
gpgsm_exit (2);
|
||||||
|
}
|
||||||
|
|
||||||
|
gpgsm_verify (&ctrl, in_fp, data_fp, NULL);
|
||||||
|
es_fclose (in_fp);
|
||||||
|
es_fclose (data_fp);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
wrong_args ("--verify [signature [detached_data]]");
|
wrong_args ("--verify [signature [detached_data]]");
|
||||||
|
|
||||||
@ -1999,9 +2051,19 @@ main ( int argc, char **argv)
|
|||||||
|
|
||||||
set_binary (stdin);
|
set_binary (stdin);
|
||||||
if (!argc)
|
if (!argc)
|
||||||
err = gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
|
err = gpgsm_decrypt (&ctrl, es_stdin, fp); /* from stdin */
|
||||||
else if (argc == 1)
|
else if (argc == 1)
|
||||||
err = gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
|
{
|
||||||
|
estream_t data_fp = es_fopen (*argv, "rb");
|
||||||
|
if (!data_fp)
|
||||||
|
{
|
||||||
|
log_error (_("can't open '%s': %s\n"), *argv,
|
||||||
|
strerror (errno));
|
||||||
|
gpgsm_exit (2);
|
||||||
|
}
|
||||||
|
err = gpgsm_decrypt (&ctrl, data_fp, fp); /* from file */
|
||||||
|
es_fclose (data_fp);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
wrong_args ("--decrypt [filename]");
|
wrong_args ("--decrypt [filename]");
|
||||||
|
|
||||||
@ -2092,7 +2154,7 @@ main ( int argc, char **argv)
|
|||||||
|
|
||||||
|
|
||||||
case aImport:
|
case aImport:
|
||||||
gpgsm_import_files (&ctrl, argc, argv, open_read);
|
gpgsm_import_files (&ctrl, argc, argv, open_es_fread);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case aExport:
|
case aExport:
|
||||||
@ -2293,46 +2355,20 @@ gpgsm_parse_validation_model (const char *model)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Open the FILENAME for read and return the file descriptor. Stop
|
|
||||||
with an error message in case of problems. "-" denotes stdin and
|
|
||||||
if special filenames are allowed the given fd is opened instead. */
|
|
||||||
static int
|
|
||||||
open_read (const char *filename)
|
|
||||||
{
|
|
||||||
int fd;
|
|
||||||
|
|
||||||
if (filename[0] == '-' && !filename[1])
|
|
||||||
{
|
|
||||||
set_binary (stdin);
|
|
||||||
return 0; /* stdin */
|
|
||||||
}
|
|
||||||
fd = check_special_filename (filename, 0, 0);
|
|
||||||
if (fd != -1)
|
|
||||||
return fd;
|
|
||||||
fd = gnupg_open (filename, O_RDONLY | O_BINARY, 0);
|
|
||||||
if (fd == -1)
|
|
||||||
{
|
|
||||||
log_error (_("can't open '%s': %s\n"), filename, strerror (errno));
|
|
||||||
gpgsm_exit (2);
|
|
||||||
}
|
|
||||||
return fd;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Same as open_read but return an estream_t. */
|
/* Same as open_read but return an estream_t. */
|
||||||
static estream_t
|
static estream_t
|
||||||
open_es_fread (const char *filename, const char *mode)
|
open_es_fread (const char *filename, const char *mode)
|
||||||
{
|
{
|
||||||
int fd;
|
gnupg_fd_t fd;
|
||||||
estream_t fp;
|
estream_t fp;
|
||||||
|
|
||||||
if (filename[0] == '-' && !filename[1])
|
if (filename[0] == '-' && !filename[1])
|
||||||
return es_fpopen_nc (stdin, mode);
|
return es_fpopen_nc (stdin, mode);
|
||||||
else
|
else
|
||||||
fd = check_special_filename (filename, 0, 0);
|
fd = gnupg_check_special_filename (filename);
|
||||||
if (fd != -1)
|
if (fd != GNUPG_INVALID_FD)
|
||||||
{
|
{
|
||||||
fp = es_fdopen_nc (fd, mode);
|
fp = open_stream_nc (fd, mode);
|
||||||
if (!fp)
|
if (!fp)
|
||||||
{
|
{
|
||||||
log_error ("es_fdopen(%d) failed: %s\n", FD_DBG (fd),
|
log_error ("es_fdopen(%d) failed: %s\n", FD_DBG (fd),
|
||||||
|
13
sm/gpgsm.h
13
sm/gpgsm.h
@ -426,9 +426,9 @@ gpg_error_t gpgsm_show_certs (ctrl_t ctrl, int nfiles, char **files,
|
|||||||
estream_t fp);
|
estream_t fp);
|
||||||
|
|
||||||
/*-- import.c --*/
|
/*-- import.c --*/
|
||||||
int gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode);
|
int gpgsm_import (ctrl_t ctrl, estream_t in_fp, int reimport_mode);
|
||||||
int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
|
int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
|
||||||
int (*of)(const char *fname));
|
estream_t (*of)(const char *fname, const char *mode));
|
||||||
|
|
||||||
/*-- export.c --*/
|
/*-- export.c --*/
|
||||||
void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream);
|
void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream);
|
||||||
@ -439,23 +439,24 @@ void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream,
|
|||||||
int gpgsm_delete (ctrl_t ctrl, strlist_t names);
|
int gpgsm_delete (ctrl_t ctrl, strlist_t names);
|
||||||
|
|
||||||
/*-- verify.c --*/
|
/*-- verify.c --*/
|
||||||
int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp);
|
int gpgsm_verify (ctrl_t ctrl, estream_t in_fp, estream_t data_fp,
|
||||||
|
estream_t out_fp);
|
||||||
|
|
||||||
/*-- sign.c --*/
|
/*-- sign.c --*/
|
||||||
int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
|
int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
|
||||||
int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
||||||
int data_fd, int detached, estream_t out_fp);
|
estream_t data_fp, int detached, estream_t out_fp);
|
||||||
|
|
||||||
/*-- encrypt.c --*/
|
/*-- encrypt.c --*/
|
||||||
int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist,
|
int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist,
|
||||||
int in_fd, estream_t out_fp);
|
estream_t in_fp, estream_t out_fp);
|
||||||
|
|
||||||
/*-- decrypt.c --*/
|
/*-- decrypt.c --*/
|
||||||
gpg_error_t ecdh_derive_kek (unsigned char *key, unsigned int keylen,
|
gpg_error_t ecdh_derive_kek (unsigned char *key, unsigned int keylen,
|
||||||
int hash_algo, const char *wrap_algo_str,
|
int hash_algo, const char *wrap_algo_str,
|
||||||
const void *secret, unsigned int secretlen,
|
const void *secret, unsigned int secretlen,
|
||||||
const void *ukm, unsigned int ukmlen);
|
const void *ukm, unsigned int ukmlen);
|
||||||
int gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp);
|
int gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp);
|
||||||
|
|
||||||
/*-- certreqgen.c --*/
|
/*-- certreqgen.c --*/
|
||||||
int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, estream_t out_stream);
|
int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, estream_t out_stream);
|
||||||
|
51
sm/import.c
51
sm/import.c
@ -37,6 +37,10 @@
|
|||||||
#include "../common/membuf.h"
|
#include "../common/membuf.h"
|
||||||
#include "minip12.h"
|
#include "minip12.h"
|
||||||
|
|
||||||
|
#ifndef O_BINARY
|
||||||
|
#define O_BINARY 0
|
||||||
|
#endif
|
||||||
|
|
||||||
/* The arbitrary limit of one PKCS#12 object. */
|
/* The arbitrary limit of one PKCS#12 object. */
|
||||||
#define MAX_P12OBJ_SIZE 128 /*kb*/
|
#define MAX_P12OBJ_SIZE 128 /*kb*/
|
||||||
|
|
||||||
@ -269,25 +273,16 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
|
import_one (ctrl_t ctrl, struct stats_s *stats, estream_t fp)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
gnupg_ksba_io_t b64reader = NULL;
|
gnupg_ksba_io_t b64reader = NULL;
|
||||||
ksba_reader_t reader;
|
ksba_reader_t reader;
|
||||||
ksba_cert_t cert = NULL;
|
ksba_cert_t cert = NULL;
|
||||||
ksba_cms_t cms = NULL;
|
ksba_cms_t cms = NULL;
|
||||||
estream_t fp = NULL;
|
|
||||||
ksba_content_type_t ct;
|
ksba_content_type_t ct;
|
||||||
int any = 0;
|
int any = 0;
|
||||||
|
|
||||||
fp = es_fdopen_nc (in_fd, "rb");
|
|
||||||
if (!fp)
|
|
||||||
{
|
|
||||||
rc = gpg_error_from_syserror ();
|
|
||||||
log_error ("fdopen() failed: %s\n", strerror (errno));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = gnupg_ksba_create_reader
|
rc = gnupg_ksba_create_reader
|
||||||
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
|
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
|
||||||
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
|
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
|
||||||
@ -388,7 +383,6 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
|
|||||||
ksba_cms_release (cms);
|
ksba_cms_release (cms);
|
||||||
ksba_cert_release (cert);
|
ksba_cert_release (cert);
|
||||||
gnupg_ksba_destroy_reader (b64reader);
|
gnupg_ksba_destroy_reader (b64reader);
|
||||||
es_fclose (fp);
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -398,10 +392,9 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
|
|||||||
fingerprints t re-import. The actual re-import is done by clearing
|
fingerprints t re-import. The actual re-import is done by clearing
|
||||||
the ephemeral flag. */
|
the ephemeral flag. */
|
||||||
static int
|
static int
|
||||||
reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
|
reimport_one (ctrl_t ctrl, struct stats_s *stats, estream_t fp)
|
||||||
{
|
{
|
||||||
gpg_error_t err = 0;
|
gpg_error_t err = 0;
|
||||||
estream_t fp = NULL;
|
|
||||||
char line[100]; /* Sufficient for a fingerprint. */
|
char line[100]; /* Sufficient for a fingerprint. */
|
||||||
KEYDB_HANDLE kh;
|
KEYDB_HANDLE kh;
|
||||||
KEYDB_SEARCH_DESC desc;
|
KEYDB_SEARCH_DESC desc;
|
||||||
@ -417,14 +410,6 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
|
|||||||
}
|
}
|
||||||
keydb_set_ephemeral (kh, 1);
|
keydb_set_ephemeral (kh, 1);
|
||||||
|
|
||||||
fp = es_fdopen_nc (in_fd, "r");
|
|
||||||
if (!fp)
|
|
||||||
{
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
log_error ("es_fdopen(%d) failed: %s\n", in_fd, gpg_strerror (err));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
while (es_fgets (line, DIM(line)-1, fp) )
|
while (es_fgets (line, DIM(line)-1, fp) )
|
||||||
{
|
{
|
||||||
if (*line && line[strlen(line)-1] != '\n')
|
if (*line && line[strlen(line)-1] != '\n')
|
||||||
@ -500,30 +485,29 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
|
|||||||
if (es_ferror (fp))
|
if (es_ferror (fp))
|
||||||
{
|
{
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
log_error ("error reading fd %d: %s\n", in_fd, gpg_strerror (err));
|
log_error ("error reading fp %p: %s\n", fp, gpg_strerror (err));
|
||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
ksba_cert_release (cert);
|
ksba_cert_release (cert);
|
||||||
keydb_release (kh);
|
keydb_release (kh);
|
||||||
es_fclose (fp);
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode)
|
gpgsm_import (ctrl_t ctrl, estream_t in_fp, int reimport_mode)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
struct stats_s stats;
|
struct stats_s stats;
|
||||||
|
|
||||||
memset (&stats, 0, sizeof stats);
|
memset (&stats, 0, sizeof stats);
|
||||||
if (reimport_mode)
|
if (reimport_mode)
|
||||||
rc = reimport_one (ctrl, &stats, in_fd);
|
rc = reimport_one (ctrl, &stats, in_fp);
|
||||||
else
|
else
|
||||||
rc = import_one (ctrl, &stats, in_fd);
|
rc = import_one (ctrl, &stats, in_fp);
|
||||||
print_imported_summary (ctrl, &stats);
|
print_imported_summary (ctrl, &stats);
|
||||||
/* If we never printed an error message do it now so that a command
|
/* If we never printed an error message do it now so that a command
|
||||||
line invocation will return with an error (log_error keeps a
|
line invocation will return with an error (log_error keeps a
|
||||||
@ -536,7 +520,7 @@ gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode)
|
|||||||
|
|
||||||
int
|
int
|
||||||
gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
|
gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
|
||||||
int (*of)(const char *fname))
|
estream_t (*of)(const char *fname, const char *mode))
|
||||||
{
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
struct stats_s stats;
|
struct stats_s stats;
|
||||||
@ -544,14 +528,19 @@ gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
|
|||||||
memset (&stats, 0, sizeof stats);
|
memset (&stats, 0, sizeof stats);
|
||||||
|
|
||||||
if (!nfiles)
|
if (!nfiles)
|
||||||
rc = import_one (ctrl, &stats, 0);
|
{
|
||||||
|
#ifdef HAVE_DOSISH_SYSTEM
|
||||||
|
setmode (0, O_BINARY);
|
||||||
|
#endif
|
||||||
|
rc = import_one (ctrl, &stats, es_stdin);
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
for (; nfiles && !rc ; nfiles--, files++)
|
for (; nfiles && !rc ; nfiles--, files++)
|
||||||
{
|
{
|
||||||
int fd = of (*files);
|
estream_t fp = of (*files, "rb");
|
||||||
rc = import_one (ctrl, &stats, fd);
|
rc = import_one (ctrl, &stats, fp);
|
||||||
close (fd);
|
es_fclose (fp);
|
||||||
if (rc == -1/* legacy*/ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
|
if (rc == -1/* legacy*/ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
|
||||||
rc = 0;
|
rc = 0;
|
||||||
}
|
}
|
||||||
|
121
sm/server.c
121
sm/server.c
@ -43,7 +43,7 @@ static FILE *statusfp;
|
|||||||
/* Data used to assuciate an Assuan context with local server data */
|
/* Data used to assuciate an Assuan context with local server data */
|
||||||
struct server_local_s {
|
struct server_local_s {
|
||||||
assuan_context_t assuan_ctx;
|
assuan_context_t assuan_ctx;
|
||||||
int message_fd;
|
estream_t message_fp;
|
||||||
int list_internal;
|
int list_internal;
|
||||||
int list_external;
|
int list_external;
|
||||||
int list_to_output; /* Write keylistings to the output fd. */
|
int list_to_output; /* Write keylistings to the output fd. */
|
||||||
@ -130,12 +130,12 @@ data_line_cookie_close (void *cookie)
|
|||||||
|
|
||||||
|
|
||||||
static void
|
static void
|
||||||
close_message_fd (ctrl_t ctrl)
|
close_message_fp (ctrl_t ctrl)
|
||||||
{
|
{
|
||||||
if (ctrl->server_local->message_fd != -1)
|
if (ctrl->server_local->message_fp)
|
||||||
{
|
{
|
||||||
close (ctrl->server_local->message_fd);
|
es_fclose (ctrl->server_local->message_fp);
|
||||||
ctrl->server_local->message_fd = -1;
|
ctrl->server_local->message_fp = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -320,7 +320,7 @@ reset_notify (assuan_context_t ctx, char *line)
|
|||||||
gpgsm_release_certlist (ctrl->server_local->signerlist);
|
gpgsm_release_certlist (ctrl->server_local->signerlist);
|
||||||
ctrl->server_local->recplist = NULL;
|
ctrl->server_local->recplist = NULL;
|
||||||
ctrl->server_local->signerlist = NULL;
|
ctrl->server_local->signerlist = NULL;
|
||||||
close_message_fd (ctrl);
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
return 0;
|
return 0;
|
||||||
@ -451,20 +451,25 @@ cmd_encrypt (assuan_context_t ctx, char *line)
|
|||||||
{
|
{
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
certlist_t cl;
|
certlist_t cl;
|
||||||
int inp_fd;
|
gnupg_fd_t inp_fd;
|
||||||
gnupg_fd_t out_fd;
|
gnupg_fd_t out_fd;
|
||||||
|
estream_t inp_fp;
|
||||||
estream_t out_fp;
|
estream_t out_fp;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
(void)line;
|
(void)line;
|
||||||
|
|
||||||
inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
|
inp_fd = assuan_get_input_fd (ctx);
|
||||||
if (inp_fd == -1)
|
if (inp_fd == GNUPG_INVALID_FD)
|
||||||
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
||||||
out_fd = assuan_get_output_fd (ctx);
|
out_fd = assuan_get_output_fd (ctx);
|
||||||
if (out_fd == GNUPG_INVALID_FD)
|
if (out_fd == GNUPG_INVALID_FD)
|
||||||
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
||||||
|
|
||||||
|
inp_fp = open_stream_nc (inp_fd, "r");
|
||||||
|
if (!inp_fp)
|
||||||
|
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
||||||
|
|
||||||
out_fp = open_stream_nc (out_fd, "w");
|
out_fp = open_stream_nc (out_fd, "w");
|
||||||
if (!out_fp)
|
if (!out_fp)
|
||||||
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
||||||
@ -484,13 +489,14 @@ cmd_encrypt (assuan_context_t ctx, char *line)
|
|||||||
if (!rc)
|
if (!rc)
|
||||||
rc = gpgsm_encrypt (assuan_get_pointer (ctx),
|
rc = gpgsm_encrypt (assuan_get_pointer (ctx),
|
||||||
ctrl->server_local->recplist,
|
ctrl->server_local->recplist,
|
||||||
inp_fd, out_fp);
|
inp_fp, out_fp);
|
||||||
|
es_fclose (inp_fp);
|
||||||
es_fclose (out_fp);
|
es_fclose (out_fp);
|
||||||
|
|
||||||
gpgsm_release_certlist (ctrl->server_local->recplist);
|
gpgsm_release_certlist (ctrl->server_local->recplist);
|
||||||
ctrl->server_local->recplist = NULL;
|
ctrl->server_local->recplist = NULL;
|
||||||
/* Close and reset the fd */
|
/* Close and reset the fp and the fds */
|
||||||
close_message_fd (ctrl);
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
return rc;
|
return rc;
|
||||||
@ -509,31 +515,37 @@ static gpg_error_t
|
|||||||
cmd_decrypt (assuan_context_t ctx, char *line)
|
cmd_decrypt (assuan_context_t ctx, char *line)
|
||||||
{
|
{
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
int inp_fd;
|
gnupg_fd_t inp_fd;
|
||||||
gnupg_fd_t out_fd;
|
gnupg_fd_t out_fd;
|
||||||
|
estream_t inp_fp;
|
||||||
estream_t out_fp;
|
estream_t out_fp;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
(void)line;
|
(void)line;
|
||||||
|
|
||||||
inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
|
inp_fd = assuan_get_input_fd (ctx);
|
||||||
if (inp_fd == -1)
|
if (inp_fd == GNUPG_INVALID_FD)
|
||||||
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
||||||
out_fd = assuan_get_output_fd (ctx);
|
out_fd = assuan_get_output_fd (ctx);
|
||||||
if (out_fd == GNUPG_INVALID_FD)
|
if (out_fd == GNUPG_INVALID_FD)
|
||||||
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
||||||
|
|
||||||
|
inp_fp = open_stream_nc (inp_fd, "r");
|
||||||
|
if (!inp_fp)
|
||||||
|
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
||||||
|
|
||||||
out_fp = open_stream_nc (out_fd, "w");
|
out_fp = open_stream_nc (out_fd, "w");
|
||||||
if (!out_fp)
|
if (!out_fp)
|
||||||
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
||||||
|
|
||||||
rc = start_audit_session (ctrl);
|
rc = start_audit_session (ctrl);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
rc = gpgsm_decrypt (ctrl, inp_fd, out_fp);
|
rc = gpgsm_decrypt (ctrl, inp_fp, out_fp);
|
||||||
|
es_fclose (inp_fp);
|
||||||
es_fclose (out_fp);
|
es_fclose (out_fp);
|
||||||
|
|
||||||
/* Close and reset the fds. */
|
/* Close and reset the fds. */
|
||||||
close_message_fd (ctrl);
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
|
|
||||||
@ -555,15 +567,20 @@ cmd_verify (assuan_context_t ctx, char *line)
|
|||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
|
gnupg_fd_t fd = assuan_get_input_fd (ctx);
|
||||||
gnupg_fd_t out_fd = assuan_get_output_fd (ctx);
|
gnupg_fd_t out_fd = assuan_get_output_fd (ctx);
|
||||||
|
estream_t fp = NULL;
|
||||||
estream_t out_fp = NULL;
|
estream_t out_fp = NULL;
|
||||||
|
|
||||||
(void)line;
|
(void)line;
|
||||||
|
|
||||||
if (fd == -1)
|
if (fd == GNUPG_INVALID_FD)
|
||||||
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
||||||
|
|
||||||
|
fp = open_stream_nc (fd, "r");
|
||||||
|
if (!fp)
|
||||||
|
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
||||||
|
|
||||||
if (out_fd != GNUPG_INVALID_FD)
|
if (out_fd != GNUPG_INVALID_FD)
|
||||||
{
|
{
|
||||||
out_fp = open_stream_nc (out_fd, "w");
|
out_fp = open_stream_nc (out_fd, "w");
|
||||||
@ -573,12 +590,13 @@ cmd_verify (assuan_context_t ctx, char *line)
|
|||||||
|
|
||||||
rc = start_audit_session (ctrl);
|
rc = start_audit_session (ctrl);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
rc = gpgsm_verify (assuan_get_pointer (ctx), fd,
|
rc = gpgsm_verify (assuan_get_pointer (ctx), fp,
|
||||||
ctrl->server_local->message_fd, out_fp);
|
ctrl->server_local->message_fp, out_fp);
|
||||||
|
es_fclose (fp);
|
||||||
es_fclose (out_fp);
|
es_fclose (out_fp);
|
||||||
|
|
||||||
/* Close and reset the fd. */
|
/* Close and reset the fp and the fd. */
|
||||||
close_message_fd (ctrl);
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
|
|
||||||
@ -596,14 +614,15 @@ static gpg_error_t
|
|||||||
cmd_sign (assuan_context_t ctx, char *line)
|
cmd_sign (assuan_context_t ctx, char *line)
|
||||||
{
|
{
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
int inp_fd;
|
gnupg_fd_t inp_fd;
|
||||||
gnupg_fd_t out_fd;
|
gnupg_fd_t out_fd;
|
||||||
|
estream_t inp_fp;
|
||||||
estream_t out_fp;
|
estream_t out_fp;
|
||||||
int detached;
|
int detached;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
|
inp_fd = assuan_get_input_fd (ctx);
|
||||||
if (inp_fd == -1)
|
if (inp_fd == GNUPG_INVALID_FD)
|
||||||
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
||||||
out_fd = assuan_get_output_fd (ctx);
|
out_fd = assuan_get_output_fd (ctx);
|
||||||
if (out_fd == GNUPG_INVALID_FD)
|
if (out_fd == GNUPG_INVALID_FD)
|
||||||
@ -611,6 +630,10 @@ cmd_sign (assuan_context_t ctx, char *line)
|
|||||||
|
|
||||||
detached = has_option (line, "--detached");
|
detached = has_option (line, "--detached");
|
||||||
|
|
||||||
|
inp_fp = open_stream_nc (inp_fd, "r");
|
||||||
|
if (!inp_fp)
|
||||||
|
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
|
||||||
|
|
||||||
out_fp = open_stream_nc (out_fd, "w");
|
out_fp = open_stream_nc (out_fd, "w");
|
||||||
if (!out_fp)
|
if (!out_fp)
|
||||||
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
|
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
|
||||||
@ -618,11 +641,12 @@ cmd_sign (assuan_context_t ctx, char *line)
|
|||||||
rc = start_audit_session (ctrl);
|
rc = start_audit_session (ctrl);
|
||||||
if (!rc)
|
if (!rc)
|
||||||
rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist,
|
rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist,
|
||||||
inp_fd, detached, out_fp);
|
inp_fp, detached, out_fp);
|
||||||
|
es_fclose (inp_fp);
|
||||||
es_fclose (out_fp);
|
es_fclose (out_fp);
|
||||||
|
|
||||||
/* close and reset the fd */
|
/* close and reset the fp and the fds */
|
||||||
close_message_fd (ctrl);
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
|
|
||||||
@ -647,18 +671,24 @@ cmd_import (assuan_context_t ctx, char *line)
|
|||||||
{
|
{
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
int rc;
|
int rc;
|
||||||
int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
|
gnupg_fd_t fd = assuan_get_input_fd (ctx);
|
||||||
int reimport = has_option (line, "--re-import");
|
int reimport = has_option (line, "--re-import");
|
||||||
|
estream_t fp;
|
||||||
|
|
||||||
(void)line;
|
(void)line;
|
||||||
|
|
||||||
if (fd == -1)
|
if (fd == GNUPG_INVALID_FD)
|
||||||
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
||||||
|
|
||||||
rc = gpgsm_import (assuan_get_pointer (ctx), fd, reimport);
|
fp = open_stream_nc (fd, "r");
|
||||||
|
if (!fp)
|
||||||
|
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
||||||
|
|
||||||
/* close and reset the fd */
|
rc = gpgsm_import (assuan_get_pointer (ctx), fp, reimport);
|
||||||
close_message_fd (ctrl);
|
es_fclose (fp);
|
||||||
|
|
||||||
|
/* close and reset the fp and the fds */
|
||||||
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
|
|
||||||
@ -783,8 +813,8 @@ cmd_export (assuan_context_t ctx, char *line)
|
|||||||
}
|
}
|
||||||
|
|
||||||
free_strlist (list);
|
free_strlist (list);
|
||||||
/* Close and reset the fds. */
|
/* Close and reset the fp and the fds. */
|
||||||
close_message_fd (ctrl);
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
return 0;
|
return 0;
|
||||||
@ -832,8 +862,8 @@ cmd_delkeys (assuan_context_t ctx, char *line)
|
|||||||
rc = gpgsm_delete (ctrl, list);
|
rc = gpgsm_delete (ctrl, list);
|
||||||
free_strlist (list);
|
free_strlist (list);
|
||||||
|
|
||||||
/* close and reset the fd */
|
/* close and reset the fp and the fds */
|
||||||
close_message_fd (ctrl);
|
close_message_fp (ctrl);
|
||||||
assuan_close_input_fd (ctx);
|
assuan_close_input_fd (ctx);
|
||||||
assuan_close_output_fd (ctx);
|
assuan_close_output_fd (ctx);
|
||||||
|
|
||||||
@ -867,19 +897,18 @@ static gpg_error_t
|
|||||||
cmd_message (assuan_context_t ctx, char *line)
|
cmd_message (assuan_context_t ctx, char *line)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
gnupg_fd_t sysfd;
|
gnupg_fd_t fd;
|
||||||
int fd;
|
estream_t fp;
|
||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
|
|
||||||
rc = assuan_command_parse_fd (ctx, line, &sysfd);
|
rc = assuan_command_parse_fd (ctx, line, &fd);
|
||||||
if (rc)
|
if (rc)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
|
fp = open_stream_nc (fd, "r");
|
||||||
fd = translate_sys2libc_fd (sysfd, 0);
|
if (!fp)
|
||||||
if (fd == -1)
|
|
||||||
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
|
||||||
ctrl->server_local->message_fd = fd;
|
ctrl->server_local->message_fp = fp;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1425,7 +1454,7 @@ gpgsm_server (certlist_t default_recplist)
|
|||||||
assuan_set_pointer (ctx, &ctrl);
|
assuan_set_pointer (ctx, &ctrl);
|
||||||
ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local);
|
ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local);
|
||||||
ctrl.server_local->assuan_ctx = ctx;
|
ctrl.server_local->assuan_ctx = ctx;
|
||||||
ctrl.server_local->message_fd = -1;
|
ctrl.server_local->message_fp = NULL;
|
||||||
ctrl.server_local->list_internal = 1;
|
ctrl.server_local->list_internal = 1;
|
||||||
ctrl.server_local->list_external = 0;
|
ctrl.server_local->list_external = 0;
|
||||||
ctrl.server_local->default_recplist = default_recplist;
|
ctrl.server_local->default_recplist = default_recplist;
|
||||||
|
34
sm/sign.c
34
sm/sign.c
@ -40,20 +40,12 @@
|
|||||||
|
|
||||||
/* Hash the data and return if something was hashed. Return -1 on error. */
|
/* Hash the data and return if something was hashed. Return -1 on error. */
|
||||||
static int
|
static int
|
||||||
hash_data (int fd, gcry_md_hd_t md)
|
hash_data (estream_t fp, gcry_md_hd_t md)
|
||||||
{
|
{
|
||||||
estream_t fp;
|
|
||||||
char buffer[4096];
|
char buffer[4096];
|
||||||
int nread;
|
int nread;
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
fp = es_fdopen_nc (fd, "rb");
|
|
||||||
if (!fp)
|
|
||||||
{
|
|
||||||
log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
nread = es_fread (buffer, 1, DIM(buffer), fp);
|
nread = es_fread (buffer, 1, DIM(buffer), fp);
|
||||||
@ -62,32 +54,22 @@ hash_data (int fd, gcry_md_hd_t md)
|
|||||||
while (nread);
|
while (nread);
|
||||||
if (es_ferror (fp))
|
if (es_ferror (fp))
|
||||||
{
|
{
|
||||||
log_error ("read error on fd %d: %s\n", fd, strerror (errno));
|
log_error ("read error on fd %p: %s\n", fp, strerror (errno));
|
||||||
rc = -1;
|
rc = -1;
|
||||||
}
|
}
|
||||||
es_fclose (fp);
|
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
|
hash_and_copy_data (estream_t fp, gcry_md_hd_t md, ksba_writer_t writer)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
estream_t fp;
|
|
||||||
char buffer[4096];
|
char buffer[4096];
|
||||||
int nread;
|
int nread;
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
int any = 0;
|
int any = 0;
|
||||||
|
|
||||||
fp = es_fdopen_nc (fd, "rb");
|
|
||||||
if (!fp)
|
|
||||||
{
|
|
||||||
gpg_error_t tmperr = gpg_error_from_syserror ();
|
|
||||||
log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
|
|
||||||
return tmperr;
|
|
||||||
}
|
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
nread = es_fread (buffer, 1, DIM(buffer), fp);
|
nread = es_fread (buffer, 1, DIM(buffer), fp);
|
||||||
@ -107,9 +89,9 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
|
|||||||
if (es_ferror (fp))
|
if (es_ferror (fp))
|
||||||
{
|
{
|
||||||
rc = gpg_error_from_syserror ();
|
rc = gpg_error_from_syserror ();
|
||||||
log_error ("read error on fd %d: %s\n", fd, strerror (errno));
|
log_error ("read error on fp %p: %s\n", fp, strerror (errno));
|
||||||
}
|
}
|
||||||
es_fclose (fp);
|
|
||||||
if (!any)
|
if (!any)
|
||||||
{
|
{
|
||||||
/* We can't allow signing an empty message because it does not
|
/* We can't allow signing an empty message because it does not
|
||||||
@ -622,7 +604,7 @@ write_detached_signature (ctrl_t ctrl, const void *blob, size_t bloblen,
|
|||||||
be used if the value of this argument is NULL. */
|
be used if the value of this argument is NULL. */
|
||||||
int
|
int
|
||||||
gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
||||||
int data_fd, int detached, estream_t out_fp)
|
estream_t data_fp, int detached, estream_t out_fp)
|
||||||
{
|
{
|
||||||
int i, rc;
|
int i, rc;
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
@ -959,7 +941,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
unsigned char *digest;
|
unsigned char *digest;
|
||||||
size_t digest_len;
|
size_t digest_len;
|
||||||
|
|
||||||
if (!hash_data (data_fd, data_md))
|
if (!hash_data (data_fp, data_md))
|
||||||
audit_log (ctrl->audit, AUDIT_GOT_DATA);
|
audit_log (ctrl->audit, AUDIT_GOT_DATA);
|
||||||
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
|
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
|
||||||
{
|
{
|
||||||
@ -1044,7 +1026,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||||||
|
|
||||||
log_assert (!detached);
|
log_assert (!detached);
|
||||||
|
|
||||||
rc = hash_and_copy_data (data_fd, data_md, writer);
|
rc = hash_and_copy_data (data_fp, data_md, writer);
|
||||||
if (rc)
|
if (rc)
|
||||||
goto leave;
|
goto leave;
|
||||||
audit_log (ctrl->audit, AUDIT_GOT_DATA);
|
audit_log (ctrl->audit, AUDIT_GOT_DATA);
|
||||||
|
41
sm/verify.c
41
sm/verify.c
@ -53,21 +53,12 @@ strtimestamp_r (ksba_isotime_t atime)
|
|||||||
|
|
||||||
/* Hash the data for a detached signature. Returns 0 on success. */
|
/* Hash the data for a detached signature. Returns 0 on success. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
hash_data (int fd, gcry_md_hd_t md)
|
hash_data (estream_t fp, gcry_md_hd_t md)
|
||||||
{
|
{
|
||||||
gpg_error_t err = 0;
|
gpg_error_t err = 0;
|
||||||
estream_t fp;
|
|
||||||
char buffer[4096];
|
char buffer[4096];
|
||||||
int nread;
|
int nread;
|
||||||
|
|
||||||
fp = es_fdopen_nc (fd, "rb");
|
|
||||||
if (!fp)
|
|
||||||
{
|
|
||||||
err = gpg_error_from_syserror ();
|
|
||||||
log_error ("fdopen(%d) failed: %s\n", fd, gpg_strerror (err));
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
nread = es_fread (buffer, 1, DIM(buffer), fp);
|
nread = es_fread (buffer, 1, DIM(buffer), fp);
|
||||||
@ -77,20 +68,20 @@ hash_data (int fd, gcry_md_hd_t md)
|
|||||||
if (es_ferror (fp))
|
if (es_ferror (fp))
|
||||||
{
|
{
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
log_error ("read error on fd %d: %s\n", fd, gpg_strerror (err));
|
log_error ("read error on fp %p: %s\n", fp, gpg_strerror (err));
|
||||||
}
|
}
|
||||||
es_fclose (fp);
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Perform a verify operation. To verify detached signatures, DATA_FD
|
/* Perform a verify operation. To verify detached signatures, DATA_FP
|
||||||
must be different than -1. With OUT_FP given and a non-detached
|
must be different than NULL. With OUT_FP given and a non-detached
|
||||||
signature, the signed material is written to that stream. */
|
signature, the signed material is written to that stream. */
|
||||||
int
|
int
|
||||||
gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
gpgsm_verify (ctrl_t ctrl, estream_t in_fp, estream_t data_fp,
|
||||||
|
estream_t out_fp)
|
||||||
{
|
{
|
||||||
int i, rc;
|
int i, rc;
|
||||||
gnupg_ksba_io_t b64reader = NULL;
|
gnupg_ksba_io_t b64reader = NULL;
|
||||||
@ -106,7 +97,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
const char *algoid;
|
const char *algoid;
|
||||||
int algo;
|
int algo;
|
||||||
int is_detached, maybe_detached;
|
int is_detached, maybe_detached;
|
||||||
estream_t in_fp = NULL;
|
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
|
audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
|
||||||
@ -114,7 +104,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
/* Although we detect detached signatures during the parsing phase,
|
/* Although we detect detached signatures during the parsing phase,
|
||||||
* we need to know it earlier and thus accept the caller idea of
|
* we need to know it earlier and thus accept the caller idea of
|
||||||
* what to verify. */
|
* what to verify. */
|
||||||
maybe_detached = (data_fd != -1);
|
maybe_detached = (data_fp != NULL);
|
||||||
|
|
||||||
kh = keydb_new (ctrl);
|
kh = keydb_new (ctrl);
|
||||||
if (!kh)
|
if (!kh)
|
||||||
@ -125,14 +115,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
in_fp = es_fdopen_nc (in_fd, "rb");
|
|
||||||
if (!in_fp)
|
|
||||||
{
|
|
||||||
rc = gpg_error_from_syserror ();
|
|
||||||
log_error ("fdopen() failed: %s\n", strerror (errno));
|
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
rc = gnupg_ksba_create_reader
|
rc = gnupg_ksba_create_reader
|
||||||
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
|
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
|
||||||
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
|
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
|
||||||
@ -242,7 +224,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
}
|
}
|
||||||
if (is_detached)
|
if (is_detached)
|
||||||
{
|
{
|
||||||
if (data_fd == -1)
|
if (!data_fp)
|
||||||
{
|
{
|
||||||
log_info ("detached signature w/o data "
|
log_info ("detached signature w/o data "
|
||||||
"- assuming certs-only\n");
|
"- assuming certs-only\n");
|
||||||
@ -250,7 +232,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING,
|
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING,
|
||||||
hash_data (data_fd, data_md));
|
hash_data (data_fp, data_md));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -275,7 +257,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (data_fd != -1 && !is_detached)
|
if (data_fp && !is_detached)
|
||||||
{
|
{
|
||||||
log_error ("data given for a non-detached signature\n");
|
log_error ("data given for a non-detached signature\n");
|
||||||
rc = gpg_error (GPG_ERR_CONFLICT);
|
rc = gpg_error (GPG_ERR_CONFLICT);
|
||||||
@ -315,7 +297,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
|
|
||||||
rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
|
rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
|
||||||
if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA
|
if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA
|
||||||
&& data_fd == -1 && is_detached)
|
&& !data_fp && is_detached)
|
||||||
{
|
{
|
||||||
log_info ("certs-only message accepted\n");
|
log_info ("certs-only message accepted\n");
|
||||||
rc = 0;
|
rc = 0;
|
||||||
@ -748,7 +730,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||||||
gnupg_ksba_destroy_writer (b64writer);
|
gnupg_ksba_destroy_writer (b64writer);
|
||||||
keydb_release (kh);
|
keydb_release (kh);
|
||||||
gcry_md_close (data_md);
|
gcry_md_close (data_md);
|
||||||
es_fclose (in_fp);
|
|
||||||
|
|
||||||
if (rc)
|
if (rc)
|
||||||
{
|
{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user