From aa4f78a45aa436a2d451d2155bac214ce9c1ac61 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 20 Nov 2001 18:28:53 +0000
Subject: [PATCH] Map Libksba's OIDs to Libgcrypt digest algo numbers. The
 latest Libgcrypt CVS version is needed.

---
 sm/Makefile.am |  2 +-
 sm/certcheck.c |  8 +++++++-
 sm/certdump.c  |  2 +-
 sm/verify.c    | 28 +++++++++++++++++-----------
 4 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/sm/Makefile.am b/sm/Makefile.am
index a7bd02f4f..00bb6d9b4 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -40,7 +40,7 @@ gpgsm_SOURCES = \
 
 gpgsm_LDADD = ../jnlib/libjnlib.a ../assuan/libassuan.a ../kbx/libkeybox.a \
               ../../libksba/src/.libs/libksba.a \
-              ../../libgcrypt/src/.libs/libgcrypt.so.1
+              ../../libgcrypt/src/.libs/libgcrypt.so.1 
 
 
 errors.c : gpgsm.h mkerrors
diff --git a/sm/certcheck.c b/sm/certcheck.c
index 8a9c2c2b2..0e609a2df 100644
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@@ -103,13 +103,19 @@ do_encode_md (GCRY_MD_HD md, int algo,  unsigned int nbits,
 int
 gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
 {
+  const char *algoid;
   GCRY_MD_HD md;
   int rc, algo;
   GCRY_MPI frame;
   char *p;
   GCRY_SEXP s_sig, s_hash, s_pkey;
 
-  algo = ksba_cert_get_digest_algo (cert);
+  algo = gcry_md_map_name ( (algoid=ksba_cert_get_digest_algo (cert)));
+  if (!algo)
+    {
+      log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
+      return GPGSM_General_Error;
+    }
   md = gcry_md_open (algo, 0);
   if (!md)
     {
diff --git a/sm/certdump.c b/sm/certdump.c
index 9685b1aa8..698937d8a 100644
--- a/sm/certdump.c
+++ b/sm/certdump.c
@@ -115,7 +115,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
       ksba_free (dn);
       log_printf ("\n");
 
-      log_debug ("  hash algo: %d\n", ksba_cert_get_digest_algo (cert));
+      log_debug ("  hash algo: %s\n", ksba_cert_get_digest_algo (cert));
 
       p = gpgsm_get_fingerprint_string (cert, 0);
       log_debug ("  SHA1 Fingerprint: %s\n", p);
diff --git a/sm/verify.c b/sm/verify.c
index 6b4ef5c09..7a576cf19 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -127,12 +127,12 @@ print_integer (unsigned char *p)
   unsigned long len;
 
   if (!p)
-    printf ("none");
+    log_printf ("none");
   else
     {
       len = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
       for (p+=4; len; len--, p++)
-        printf ("%02X", *p);
+        log_printf ("%02X", *p);
     }
 }
 
@@ -180,6 +180,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd)
   GCRY_MD_HD data_md = NULL;
   struct reader_cb_parm_s rparm;
   int signer;
+  const char *algoid;
   int algo;
   int is_detached;
 
@@ -270,9 +271,13 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd)
       if (stopreason == KSBA_SR_NEED_HASH
           || stopreason == KSBA_SR_BEGIN_DATA)
         { /* We are now able to enable the hash algorithms */
-          for (i=0; (algo = ksba_cms_get_digest_algo_list (cms, i)) >= 0; i++)
+          for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++)
             {
-              if (algo)
+              algo = gcry_md_map_name (algoid);
+              if (!algo)
+                log_error ("unknown hash algorithm `%s'\n",
+                           algoid? algoid:"?");
+              else
                 gcry_md_enable (data_md, algo);
             }
           if (is_detached)
@@ -319,18 +324,19 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd)
       err = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
       if (err)
         break;
-      printf ("signer %d - issuer: `%s'\n", signer, issuer? issuer:"[NONE]");
-      printf ("signer %d - serial: ", signer);
+      log_debug ("signer %d - issuer: `%s'\n", signer, issuer? issuer:"[NONE]");
+      log_debug ("signer %d - serial: ", signer);
       print_integer (serial);
-      putchar ('\n');
+      log_printf ("\n");
 
       err = ksba_cms_get_message_digest (cms, signer,
                                          &msgdigest, &msgdigestlen);
       if (err)
         break;
 
-      algo = ksba_cms_get_digest_algo (cms, signer);
-      printf ("signer %d - digest algo: %d\n", signer, algo);
+      algoid = ksba_cms_get_digest_algo (cms, signer);
+      algo = gcry_md_map_name (algoid);
+      log_debug ("signer %d - digest algo: %d\n", signer, algo);
       if ( !gcry_md_info (data_md, GCRYCTL_IS_ALGO_ENABLED, &algo, NULL) )
         {
           log_debug ("digest algo %d has not been enabled\n", algo);
@@ -338,8 +344,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd)
         }
 
       sigval = ksba_cms_get_sig_val (cms, signer);
-      printf ("signer %d - signature: `%s'\n",
-              signer, sigval? sigval: "[ERROR]");
+      log_debug ("signer %d - signature: `%s'\n",
+                 signer, sigval? sigval: "[ERROR]");
 
       /* Find the certificate of the signer */
       keydb_search_reset (kh);