security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

sm: Use estream_t for DATA_FP for verify operation.

Browse source 
* sm/gpgsm.c (main): Use es_fopen for DATA_FP to call gpgsm_verify.
* sm/gpgsm.h (gpgsm_verify): Use estream_t for DATA_FP.
* sm/server.c (struct server_local_s): Rename MESSAGE_FD to
MESSAGE_FP.
(close_message_fp): Rename from close_message_fd.
(reset_notify): Follow the change of close_message_fp.
(cmd_encrypt, cmd_decrypt, cmd_verify, cmd_sign): Likewise.
(cmd_export, cmd_delkeys, gpgsm_server): Likewise.
(cmd_message): Setup MESSAGE_FP with open_stream_nc.
(cmd_verify): Use MESSAGE_FP.
* sm/verify.c (hash_data): Use estream_t for FP.
(gpgsm_verify): Use estream_t for DATA_FP.

--

GnuPG-bug-id: 6592
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-07-13 10:54:11 +09:00
parent fb046ccd93
commit a43d0f7d46
No known key found for this signature in database
GPG key ID: 640114AF89DE6054
4 changed files with 53 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

30
sm/verify.c
View file

@ -53,21 +53,12 @@ strtimestamp_r (ksba_isotime_t atime)
/* Hash the data for a detached signature. Returns 0 on success. */
static gpg_error_t
hash_data (int fd, gcry_md_hd_t md)
hash_data (estream_t fp, gcry_md_hd_t md)
{
gpg_error_t err = 0;
estream_t fp;
char buffer[4096];
int nread;
fp = es_fdopen_nc (fd, "rb");
if (!fp)
{
err = gpg_error_from_syserror ();
log_error ("fdopen(%d) failed: %s\n", fd, gpg_strerror (err));
return err;
}
do
{
nread = es_fread (buffer, 1, DIM(buffer), fp);
@ -77,20 +68,19 @@ hash_data (int fd, gcry_md_hd_t md)
if (es_ferror (fp))
{
err = gpg_error_from_syserror ();
log_error ("read error on fd %d: %s\n", fd, gpg_strerror (err));
log_error ("read error on fp %p: %s\n", fp, gpg_strerror (err));
}
es_fclose (fp);
return err;
}
/* Perform a verify operation. To verify detached signatures, DATA_FD
must be different than -1. With OUT_FP given and a non-detached
/* Perform a verify operation. To verify detached signatures, DATA_FP
must be different than NULL. With OUT_FP given and a non-detached
signature, the signed material is written to that stream. */
int
gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp)
{
int i, rc;
gnupg_ksba_io_t b64reader = NULL;
@ -114,7 +104,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
/* Although we detect detached signatures during the parsing phase,
* we need to know it earlier and thus accept the caller idea of
* what to verify. */
maybe_detached = (data_fd != -1);
maybe_detached = (data_fp != NULL);
kh = keydb_new (ctrl);
if (!kh)
@ -242,7 +232,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
if (is_detached)
{
if (data_fd == -1)
if (!data_fp)
{
log_info ("detached signature w/o data "
"- assuming certs-only\n");
@ -250,7 +240,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
else
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING,
hash_data (data_fd, data_md));
hash_data (data_fp, data_md));
}
else
{
@ -275,7 +265,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
}
if (data_fd != -1 && !is_detached)
if (data_fp && !is_detached)
{
log_error ("data given for a non-detached signature\n");
rc = gpg_error (GPG_ERR_CONFLICT);
@ -315,7 +305,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA
&& data_fd == -1 && is_detached)
&& !data_fp && is_detached)
{
log_info ("certs-only message accepted\n");
rc = 0;