security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Add provisions to build with Libgcrypt 1.6. 

Replace gcry_md_start_debug by gcry_md_debug in all files.

* agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
GCRY_THREAD_OPTION_VERSION is 0
* scd/scdaemon.c (fixed_gcry_pth_init): Ditto.
--

Libgcrypt 1.6 will have some minor API changes.  In particular some
deprecated macros and functions will be removed.  PTH will also be
dropped in favor of a thread model neutral locking method.
This commit is contained in:
Werner Koch 2012-05-24 10:55:11 +02:00
parent a4b22d8edf
commit b8d7b33d69
11 changed files with 179 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
agent/gpg-agent.c
View File

@ -278,11 +278,12 @@ static int check_for_running_agent (int silent, int mode);
ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void)
{
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
#endif
#ifndef PTH_HAVE_PTH_THREAD_ID
static unsigned long pth_thread_id (void)
@ -594,7 +595,9 @@ main (int argc, char **argv )
/* Libgcrypt requires us to register the threading model first.
Note that this will also do the pth_init. */
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init;
#endif
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err)
{

6
g10/cipher.c
View File

@ -61,12 +61,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
ed.mdc_method = DIGEST_ALGO_SHA1;
gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0);
if ( DBG_HASHING )
gcry_md_start_debug (cfx->mdc_hash, "creatmdc");
gcry_md_debug (cfx->mdc_hash, "creatmdc");
}
{
char buf[20];
sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo);
write_status_text (STATUS_BEGIN_ENCRYPTION, buf);
}
@ -81,7 +81,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
temp[nprefix] = temp[nprefix-2];
temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
err = openpgp_cipher_open (&cfx->cipher_hd,
err = openpgp_cipher_open (&cfx->cipher_hd,
cfx->dek->algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE

2
g10/encr-data.c
View File

@ -119,7 +119,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 ))
BUG ();
if ( DBG_HASHING )
gcry_md_start_debug (dfx->mdc_hash, "checkmdc");
gcry_md_debug (dfx->mdc_hash, "checkmdc");
}
rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo,

82
g10/keylist.c
View File

@ -141,7 +141,7 @@ print_seckey_info (PKT_secret_key *sk)
nbits_from_sk (sk),
pubkey_letter (sk->pubkey_algo),
keystr(keyid), datestr_from_sk (sk), p);
xfree (p);
}
@ -185,13 +185,13 @@ print_card_key_info (FILE *fp, KBNODE keyblock)
KBNODE node;
int i;
for (node = keyblock; node; node = node->next )
for (node = keyblock; node; node = node->next )
{
if (node->pkt->pkttype == PKT_SECRET_KEY
|| (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
{
PKT_secret_key *sk = node->pkt->pkt.secret_key;
tty_fprintf (fp, "%s%c %4u%c/%s ",
node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
(sk->protect.s2k.mode==1001)?'#':
@ -205,10 +205,10 @@ print_card_key_info (FILE *fp, KBNODE keyblock)
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{
tty_fprintf (fp, "\n ");
tty_fprintf (fp, _("card-no: "));
tty_fprintf (fp, _("card-no: "));
if (sk->protect.ivlen == 16
&& !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
{
{
/* This is an OpenPGP card. */
for (i=8; i < 14; i++)
{
@ -454,7 +454,7 @@ list_all( int secret )
merge_keys_and_selfsig( keyblock );
list_keyblock( keyblock, secret, opt.fingerprint,
opt.check_sigs?&stats:NULL);
release_kbnode( keyblock );
release_kbnode( keyblock );
keyblock = NULL;
} while (!(rc = keydb_search_next (hd)));
if( rc && rc != -1 )
@ -548,7 +548,7 @@ locate_one (strlist_t names)
struct sig_stats stats;
memset (&stats,0,sizeof(stats));
for (sl=names; sl; sl = sl->next)
{
rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
@ -559,18 +559,18 @@ locate_one (strlist_t names)
}
else
{
do
do
{
list_keyblock (keyblock, 0, opt.fingerprint,
opt.check_sigs? &stats : NULL );
release_kbnode (keyblock);
}
}
while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock));
get_pubkey_end (ctx);
ctx = NULL;
}
}
}
if (opt.check_sigs && !opt.with_colons)
print_signature_stats (&stats);
}
@ -597,7 +597,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
{
unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
int c_printed = 0;
if ( use & PUBKEY_USAGE_ENC )
putchar ('e');
@ -627,7 +627,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
int enc=0, sign=0, cert=0, auth=0, disabled=0;
for (k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
pk = k->pkt->pkt.public_key;
@ -649,7 +649,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
auth = 1;
}
}
else if ( k->pkt->pkttype == PKT_SECRET_KEY
else if ( k->pkt->pkttype == PKT_SECRET_KEY
|| k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
sk = k->pkt->pkt.secret_key;
if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
@ -982,7 +982,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
case 0: sigrc = '!'; break;
case GPG_ERR_BAD_SIGNATURE:
stats->inv_sigs++; sigrc = '-'; break;
case GPG_ERR_NO_PUBKEY:
case GPG_ERR_NO_PUBKEY:
case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
default: stats->oth_err++; sigrc = '%'; break;
}
@ -1128,9 +1128,9 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
putchar ('r');
else if ( pk->has_expired )
putchar ('e');
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
;
else
else
{
trustletter = get_validity_info ( pk, NULL );
if ( trustletter == 'u' )
@ -1186,7 +1186,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
dump_attribs (node->pkt->pkt.user_id,pk,sk);
/*
* Fixme: We need a is_valid flag here too
* Fixme: We need a is_valid flag here too
*/
str = uid->attrib_data? "uat":"uid";
/* If we're listing a secret key, leave out the validity
@ -1199,25 +1199,25 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
printf ("%s:e::::",str);
else if ( opt.no_expensive_trust_checks )
printf ("%s:::::",str);
else
else
{
int uid_validity;
if ( pk && !ulti_hack )
uid_validity=get_validity_info (pk, uid);
else
uid_validity = 'u';
printf ("%s:%c::::",str,uid_validity);
}
printf ("%s:", colon_strtime (uid->created));
printf ("%s:", colon_strtime (uid->expiredate));
namehash_from_uid (uid);
for (i=0; i < 20; i++ )
printf ("%02X",uid->namehash[i]);
printf ("::");
if (uid->attrib_data)
@ -1227,11 +1227,11 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
putchar (':');
putchar ('\n');
}
else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
{
u32 keyid2[2];
PKT_public_key *pk2 = node->pkt->pkt.public_key;
keyid_from_pk ( pk2, keyid2 );
fputs ("sub:", stdout );
if ( !pk2->is_valid )
@ -1291,7 +1291,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
}
putchar(':'); /* End of field 15. */
putchar ('\n');
if ( fpr > 1 )
print_fingerprint ( NULL, sk2, 0 );
}
@ -1302,7 +1302,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
char *sigstr;
size_t fplen;
byte fparray[MAX_FINGERPRINT_LEN];
if ( sig->sig_class == 0x20 || sig->sig_class == 0x28
|| sig->sig_class == 0x30 )
sigstr = "rev";
@ -1312,7 +1312,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
sigstr = "sig";
else if ( sig->sig_class == 0x1F )
sigstr = "sig";
else
else
{
printf ("sig::::::::::%02x%c:\n",
sig->sig_class, sig->flags.exportable?'x':'l');
@ -1322,18 +1322,18 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
if ( opt.check_sigs )
{
PKT_public_key *signer_pk=NULL;
fflush (stdout);
if (opt.no_sig_cache)
signer_pk = xmalloc_clear (sizeof(PKT_public_key));
rc = check_key_signature2 ( keyblock, node, NULL, signer_pk,
NULL, NULL, NULL );
switch ( gpg_err_code (rc) )
{
case 0: sigrc = '!'; break;
case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
case GPG_ERR_NO_PUBKEY:
case GPG_ERR_NO_PUBKEY:
case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
default: sigrc = '%'; break;
}
@ -1348,7 +1348,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
free_public_key(signer_pk);
}
}
else
else
{
rc = 0;
sigrc = ' ';
@ -1370,7 +1370,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_string (stdout,sig->trust_regexp,
strlen(sig->trust_regexp),':');
printf(":");
if ( sigrc == '%' )
printf("[%s] ", g10_errstr(rc) );
else if ( sigrc == '?' )
@ -1417,8 +1417,8 @@ do_reorder_keyblock (KBNODE keyblock,int attr)
node->pkt->pkt.user_id->is_primary ) {
primary = primary2 = node;
for (node=node->next; node; primary2=node, node = node->next ) {
if( node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY
if( node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
break;
}
@ -1540,7 +1540,7 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
fp = stdout;
text = _(" Key fingerprint =");
}
if (sk)
fingerprint_from_sk (sk, array, &n);
else
@ -1600,7 +1600,7 @@ print_card_serialno (PKT_secret_key *sk)
if (!sk)
return;
if (!sk->is_protected || sk->protect.s2k.mode != 1002)
if (!sk->is_protected || sk->protect.s2k.mode != 1002)
return; /* Not a card. */
if (opt.with_colons)
return; /* Handled elsewhere. */
@ -1635,11 +1635,11 @@ set_attrib_fd (int fd)
if ( fd != -1 && last_fd == fd )
return;
if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr
if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr
&& attrib_fp != log_get_stream () )
fclose (attrib_fp);
attrib_fp = NULL;
if ( fd == -1 )
if ( fd == -1 )
return;
#ifdef HAVE_DOSISH_SYSTEM
@ -1651,11 +1651,11 @@ set_attrib_fd (int fd)
attrib_fp = stderr;
else
attrib_fp = fdopen (fd, "wb");
if (!attrib_fp)
if (!attrib_fp)
{
log_fatal("can't open fd %d for attribute output: %s\n",
fd, strerror(errno));
}
last_fd = fd;
}

8
g10/mainproc.c
View File

@ -699,9 +699,9 @@ proc_plaintext( CTX c, PACKET *pkt )
BUG ();
}
if ( DBG_HASHING ) {
gcry_md_start_debug ( c->mfx.md, "verify" );
gcry_md_debug ( c->mfx.md, "verify" );
if ( c->mfx.md2 )
gcry_md_start_debug ( c->mfx.md2, "verify2" );
gcry_md_debug ( c->mfx.md2, "verify2" );
}
rc=0;
@ -2138,9 +2138,9 @@ proc_tree( CTX c, KBNODE node )
/* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
#endif
if ( DBG_HASHING ) {
gcry_md_start_debug( c->mfx.md, "verify" );
gcry_md_debug( c->mfx.md, "verify" );
if ( c->mfx.md2 )
gcry_md_start_debug( c->mfx.md2, "verify2" );
gcry_md_debug( c->mfx.md2, "verify2" );
}
if( c->sigs_only ) {
if (c->signed_data.used && c->signed_data.data_fd != -1)

48
g10/sign.c
View File

@ -150,7 +150,7 @@ mk_notation_policy_etc( PKT_signature *sig,
/*
* Helper to hash a user ID packet.
* Helper to hash a user ID packet.
*/
static void
hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
@ -188,7 +188,7 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
static void
hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
{
if (sig->version >= 4)
if (sig->version >= 4)
gcry_md_putc (md, sig->version);
gcry_md_putc (md, sig->sig_class);
if (sig->version < 4) {
@ -201,7 +201,7 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
else {
byte buf[6];
size_t n;
gcry_md_putc (md, sig->pubkey_algo);
gcry_md_putc (md, sig->digest_algo);
if (sig->hashed) {
@ -257,13 +257,13 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
sig->digest_algo = digest_algo;
sig->digest_start[0] = dp[0];
sig->digest_start[1] = dp[1];
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{
#ifdef ENABLE_CARD_SUPPORT
unsigned char *rbuf;
size_t rbuflen;
char *snbuf;
snbuf = serialno_and_fpr_from_sk (sk->protect.iv,
sk->protect.ivlen, sk);
rc = agent_scd_pksign (snbuf, digest_algo,
@ -282,7 +282,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif /* ENABLE_CARD_SUPPORT */
}
else
else
{
frame = encode_md_value( NULL, sk, md, digest_algo );
if (!frame)
@ -495,7 +495,7 @@ print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what )
* Loop over the secret certificates in SK_LIST and build the one pass
* signature packets. OpenPGP says that the data should be bracket by
* the onepass-sig and signature-packet; so we build these onepass
* packet here in reverse order
* packet here in reverse order
*/
static int
write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
@ -511,7 +511,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
PKT_onepass_sig *ops;
PACKET pkt;
int i, rc;
for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
if (++i == skcount)
break;
@ -524,7 +524,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
ops->pubkey_algo = sk->pubkey_algo;
keyid_from_sk (sk, ops->keyid);
ops->last = (skcount == 1);
init_packet(&pkt);
pkt.pkttype = PKT_ONEPASS_SIG;
pkt.pkt.onepass_sig = ops;
@ -612,7 +612,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
wipememory(copy_buffer,4096); /* burn buffer */
}
/* fixme: it seems that we never freed pt/pkt */
return rc;
}
@ -777,7 +777,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
inp = NULL;
errno = EPERM;
}
if( !inp )
if( !inp )
{
rc = gpg_error_from_syserror ();
log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]",
@ -817,7 +817,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
if ( gcry_md_open (&mfx.md, 0, 0) )
BUG ();
if (DBG_HASHING)
gcry_md_start_debug (mfx.md, "sign");
gcry_md_debug (mfx.md, "sign");
/* If we're encrypting and signing, it is reasonable to pick the
hash algorithm to use out of the recepient key prefs. This is
@ -928,7 +928,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
there is an assumed preference for uncompressed data.
Still, if it did fail, we'll also end up with the
default. */
if((compr_algo=
select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
compr_algo=default_compress_algo();
@ -1091,7 +1091,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
}
if( !inp ) {
rc = gpg_error_from_syserror ();
log_error (_("can't open `%s': %s\n"),
log_error (_("can't open `%s': %s\n"),
fname? fname: "[stdin]", strerror(errno) );
goto leave;
}
@ -1102,7 +1102,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
outfile = NULL;
errno = EPERM;
}
else
else
out = iobuf_create( outfile );
if( !out )
{
@ -1166,7 +1166,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
gcry_md_enable (textmd, hash_for(sk));
}
if ( DBG_HASHING )
gcry_md_start_debug ( textmd, "clearsign" );
gcry_md_debug ( textmd, "clearsign" );
copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
opt.escape_from, (old_style && only_md5) );
@ -1190,7 +1190,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
gcry_md_close ( textmd );
release_sk_list( sk_list );
release_progress_context (pfx);
release_armor_context (afx);
release_armor_context (afx);
return rc;
}
@ -1234,7 +1234,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
}
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
if (rc)
if (rc)
goto leave;
/* prepare iobufs */
@ -1247,7 +1247,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
}
if( !inp ) {
rc = gpg_error_from_syserror ();
log_error (_("can't open `%s': %s\n"),
log_error (_("can't open `%s': %s\n"),
fname? fname: "[stdin]", strerror(errno) );
goto leave;
}
@ -1288,7 +1288,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
if ( gcry_md_open (&mfx.md, 0, 0) )
BUG ();
if ( DBG_HASHING )
gcry_md_start_debug (mfx.md, "symc-sign");
gcry_md_debug (mfx.md, "symc-sign");
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
PKT_secret_key *sk = sk_rover->sk;
@ -1338,7 +1338,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
if (rc)
goto leave;
/* Write the signatures */
/*(current filters: zip - encrypt - armor)*/
rc = write_signature_packets (sk_list, out, mfx.md,
@ -1497,7 +1497,7 @@ int
update_keysig_packet( PKT_signature **ret_sig,
PKT_signature *orig_sig,
PKT_public_key *pk,
PKT_user_id *uid,
PKT_user_id *uid,
PKT_public_key *subpk,
PKT_secret_key *sk,
int (*mksubpkt)(PKT_signature *, void *),
@ -1530,7 +1530,7 @@ update_keysig_packet( PKT_signature **ret_sig,
/* create a new signature packet */
sig = copy_signature (NULL, orig_sig);
/* We need to create a new timestamp so that new sig expiration
calculations are done correctly... */
sig->timestamp=make_timestamp();

5
scd/scdaemon.c
View File

@ -206,11 +206,12 @@ static void handle_connections (int listen_fd);
ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void)
{
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
#endif
static char *
@ -409,7 +410,9 @@ main (int argc, char **argv )
/* Libgcrypt requires us to register the threading model first.
Note that this will also do the pth_init. */
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init;
#endif
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err)
{

20
sm/certcheck.c
View File

@ -22,7 +22,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <unistd.h>
#include <time.h>
#include <assert.h>
@ -106,7 +106,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
{
log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
(unsigned int)nframe*8,
gcry_pk_get_nbits (pkey),
gcry_pk_get_nbits (pkey),
gcry_pk_algo_name (pkalgo));
/* FIXME: we need to check the requirements for ECDSA. */
if (nframe < 20 || pkalgo == GCRY_PK_DSA )
@ -139,16 +139,16 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
log_error ("no object identifier for algo %d\n", algo);
return gpg_error (GPG_ERR_INTERNAL);
}
len = gcry_md_get_algo_dlen (algo);
if ( len + asnlen + 4 > nframe )
{
log_error ("can't encode a %d bit MD into a %d bits frame\n",
(int)(len*8), (int)nbits);
return gpg_error (GPG_ERR_INTERNAL);
}
/* We encode the MD in this way:
*
* 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
@ -177,7 +177,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
log_printf (" %02X", frame[j]);
log_printf ("\n");
}
gcry_mpi_scan (r_val, GCRYMPI_FMT_USG, frame, n, &nframe);
xfree (frame);
return 0;
@ -251,7 +251,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
return rc;
}
if (DBG_HASHING)
gcry_md_start_debug (md, "hash.cert");
gcry_md_debug (md, "hash.cert");
rc = ksba_cert_hash (cert, 1, HASH_FNC, md);
if (rc)
@ -324,7 +324,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
BUG ();
gcry_mpi_release (frame);
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_X509)
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
@ -400,7 +400,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
BUG ();
gcry_mpi_release (frame);
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_X509)
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
@ -427,7 +427,7 @@ gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
desc = gpgsm_format_keydesc (cert);
rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo),
rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), mdalgo,
r_sigval, &siglen);
xfree (desc);

58
sm/certreqgen.c
View File

@ -74,9 +74,9 @@ The format of the native parameter file is follows:
This is the DN name of the subject in rfc2253 format.
Name-Email: <string>
The is an email address for the altSubjectName
Name-DNS: <string>
Name-DNS: <string>
The is an DNS name for the altSubjectName
Name-URI: <string>
Name-URI: <string>
The is an URI for the altSubjectName
Here is an example:
@ -98,7 +98,7 @@ EOF
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <unistd.h>
#include <time.h>
#include <assert.h>
@ -126,7 +126,7 @@ struct para_data_s {
int lnr;
enum para_name key;
union {
unsigned int usage;
unsigned int usage;
char value[1];
} u;
};
@ -156,7 +156,7 @@ static void
release_parameter_list (struct para_data_s *r)
{
struct para_data_s *r2;
for (; r ; r = r2)
{
r2 = r->next;
@ -168,7 +168,7 @@ static struct para_data_s *
get_parameter (struct para_data_s *para, enum para_name key, int seq)
{
struct para_data_s *r;
for (r = para; r ; r = r->next)
if ( r->key == key && !seq--)
return r;
@ -190,7 +190,7 @@ get_parameter_algo (struct para_data_s *para, enum para_name key)
return -1;
if (digitp (r->u.value))
return atoi( r->u.value );
return gcry_pk_map_name (r->u.value);
return gcry_pk_map_name (r->u.value);
}
/* Parse the usage parameter. Returns 0 on success. Note that we
@ -203,10 +203,10 @@ parse_parameter_usage (struct para_data_s *para, enum para_name key)
struct para_data_s *r = get_parameter (para, key, 0);
char *p, *pn;
unsigned int use;
if (!r)
return 0; /* none (this is an optional parameter)*/
use = 0;
pn = r->u.value;
while ( (p = strsep (&pn, " \t,")) )
@ -474,7 +474,7 @@ proc_parameters (ctrl_t ctrl,
log_error (_("line %d: invalid algorithm\n"), r->lnr);
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* Check the keylength. */
if (!get_parameter (para, pKEYLENGTH, 0))
nbits = 2048;
@ -489,7 +489,7 @@ proc_parameters (ctrl_t ctrl,
xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* Check the usage. */
if (parse_parameter_usage (para, pKEYUSAGE))
{
@ -523,7 +523,7 @@ proc_parameters (ctrl_t ctrl,
/* Check that the optional email address is okay. */
for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
{
{
if (has_invalid_email_chars (s)
|| *s == '@'
|| s[strlen(s)-1] == '@'
@ -564,7 +564,7 @@ proc_parameters (ctrl_t ctrl,
else /* Generate new key. */
{
sprintf (numbuf, "%u", nbits);
snprintf ((char*)keyparms, DIM (keyparms)-1,
snprintf ((char*)keyparms, DIM (keyparms)-1,
"(6:genkey(3:rsa(5:nbits%d:%s)))",
(int)strlen (numbuf), numbuf);
rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
@ -589,8 +589,8 @@ proc_parameters (ctrl_t ctrl,
/* Parameters are checked, the key pair has been created. Now
generate the request and write it out */
static int
create_request (ctrl_t ctrl,
struct para_data_s *para,
create_request (ctrl_t ctrl,
struct para_data_s *para,
const char *carddirect,
ksba_const_sexp_t public,
struct reqgen_ctrl_s *outctrl)
@ -618,11 +618,11 @@ create_request (ctrl_t ctrl,
goto leave;
}
if (DBG_HASHING)
gcry_md_start_debug (md, "cr.cri");
gcry_md_debug (md, "cr.cri");
ksba_certreq_set_hash_function (cr, HASH_FNC, md);
ksba_certreq_set_writer (cr, outctrl->writer);
err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0));
if (err)
{
@ -718,14 +718,14 @@ create_request (ctrl_t ctrl,
goto leave;
}
use = get_parameter_uint (para, pKEYUSAGE);
if (use == GCRY_PK_USAGE_SIGN)
{
/* For signing only we encode the bits:
KSBA_KEYUSAGE_DIGITAL_SIGNATURE
KSBA_KEYUSAGE_NON_REPUDIATION */
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
"\x03\x02\x06\xC0", 4);
}
else if (use == GCRY_PK_USAGE_ENCR)
@ -733,7 +733,7 @@ create_request (ctrl_t ctrl,
/* For encrypt only we encode the bits:
KSBA_KEYUSAGE_KEY_ENCIPHERMENT
KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
"\x03\x02\x04\x30", 4);
}
else
@ -746,7 +746,7 @@ create_request (ctrl_t ctrl,
goto leave;
}
do
{
err = ksba_certreq_build (cr, &stopreason);
@ -788,11 +788,11 @@ create_request (ctrl_t ctrl,
gcry_sexp_release (s_pkey);
bin2hex (grip, 20, hexgrip);
log_info ("about to sign CSR for key: &%s\n", hexgrip);
log_info ("about to sign CSR for key: &%s\n", hexgrip);
if (carddirect)
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_get_algo_dlen (GCRY_MD_SHA1),
GCRY_MD_SHA1,
&sigval, &siglen);
@ -802,13 +802,13 @@ create_request (ctrl_t ctrl,
char *desc;
orig_codeset = i18n_switchto_utf8 ();
desc = percent_plus_escape
desc = percent_plus_escape
(_("To complete this certificate request please enter"
" the passphrase for the key you just created once"
" more.\n"));
i18n_switchback (orig_codeset);
rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_get_algo_dlen (GCRY_MD_SHA1),
GCRY_MD_SHA1,
&sigval, &siglen);
@ -819,7 +819,7 @@ create_request (ctrl_t ctrl,
log_error ("signing failed: %s\n", gpg_strerror (rc));
goto leave;
}
err = ksba_certreq_set_sig_val (cr, sigval);
xfree (sigval);
if (err)
@ -831,13 +831,13 @@ create_request (ctrl_t ctrl,
}
}
}
while (stopreason != KSBA_SR_READY);
while (stopreason != KSBA_SR_READY);
leave:
gcry_md_close (md);
ksba_certreq_release (cr);
return rc;
return rc;
}
@ -868,7 +868,7 @@ gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp)
}
rc = gpgsm_finish_writer (b64writer);
if (rc)
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;

62
sm/sign.c
View File

@ -22,7 +22,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <unistd.h>
#include <time.h>
#include <assert.h>
@ -50,7 +50,7 @@ hash_data (int fd, gcry_md_hd_t md)
return -1;
}
do
do
{
nread = fread (buffer, 1, DIM(buffer), fp);
gcry_md_write (md, buffer, nread);
@ -83,7 +83,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
return tmperr;
}
do
do
{
nread = fread (buffer, 1, DIM(buffer), fp);
if (nread)
@ -152,7 +152,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
do
{
rc = keydb_get_cert (hd, &cert);
if (rc)
if (rc)
{
log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
keydb_release (hd);
@ -175,13 +175,13 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
}
}
ksba_cert_release (cert);
ksba_cert_release (cert);
cert = NULL;
}
while (!(rc = keydb_search_next (hd)));
if (rc && rc != -1)
log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
ksba_cert_release (cert);
keydb_release (hd);
return rc;
@ -225,7 +225,7 @@ get_default_signer (ctrl_t ctrl)
{
log_debug ("failed to find default certificate: rc=%d\n", rc);
}
else
else
{
rc = keydb_get_cert (kh, &cert);
if (rc)
@ -241,7 +241,7 @@ get_default_signer (ctrl_t ctrl)
/* Depending on the options in CTRL add the certificate CERT as well as
other certificate up in the chain to the Root-CA to the CMS
object. */
static int
static int
add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
{
gpg_error_t err;
@ -302,7 +302,7 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
/* Perform a sign operation.
/* Perform a sign operation.
Sign the data received on DATA-FD in embedded mode or in detached
mode when DETACHED is true. Write the signature to OUT_FP. The
@ -380,7 +380,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (!cert)
{
log_error ("no default signer found\n");
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
@ -396,7 +396,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
char *tmpfpr;
tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
gpgsm_status2 (ctrl, STATUS_INV_SGNR,
get_inv_recpsgnr_code (rc), tmpfpr, NULL);
xfree (tmpfpr);
goto leave;
@ -442,13 +442,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break;
case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break;
/* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */
case GCRY_MD_MD5: /* We don't want to use MD5. */
case 0: /* No algorithm found in cert. */
default: /* Other algorithms. */
log_info (_("hash algorithm %d (%s) for signer %d not supported;"
" using %s\n"),
cl->hash_algo, oid? oid: "?", i,
cl->hash_algo, oid? oid: "?", i,
gcry_md_algo_name (GCRY_MD_SHA1));
cl->hash_algo = GCRY_MD_SHA1;
oid = "1.3.14.3.2.26";
@ -460,7 +460,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (opt.verbose)
{
for (i=0, cl=signerlist; cl; cl = cl->next, i++)
log_info (_("hash algorithm used for signer %d: %s (%s)\n"),
log_info (_("hash algorithm used for signer %d: %s (%s)\n"),
i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid);
}
@ -471,7 +471,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
rc = gpgsm_cert_use_sign_p (cl->cert);
if (rc)
goto leave;
err = ksba_cms_add_signer (cms, cl->cert);
if (err)
{
@ -505,13 +505,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
{
size_t buflen;
char buffer[1];
err = ksba_cert_get_user_data (cl->cert, "is_qualified",
err = ksba_cert_get_user_data (cl->cert, "is_qualified",
&buffer, sizeof (buffer), &buflen);
if (err || !buflen)
{
log_error (_("checking for qualified certificate failed: %s\n"),
gpg_strerror (err));
gpg_strerror (err));
rc = err;
goto leave;
}
@ -525,7 +525,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
goto leave;
}
}
/* Prepare hashing (actually we are figuring out what we have set
above). */
rc = gcry_md_open (&data_md, 0, 0);
@ -535,7 +535,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
goto leave;
}
if (DBG_HASHING)
gcry_md_start_debug (data_md, "sign.data");
gcry_md_debug (data_md, "sign.data");
for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++)
{
@ -614,7 +614,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
/* Main building loop. */
do
do
{
err = ksba_cms_build (cms, &stopreason);
if (err)
@ -625,7 +625,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
}
if (stopreason == KSBA_SR_BEGIN_DATA)
{
{
/* Hash the data and store the message digest. */
unsigned char *digest;
size_t digest_len;
@ -658,7 +658,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
}
}
else if (stopreason == KSBA_SR_NEED_SIG)
{
{
/* Compute the signature for all signers. */
gcry_md_hd_t md;
@ -669,7 +669,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
goto leave;
}
if (DBG_HASHING)
gcry_md_start_debug (md, "sign.attr");
gcry_md_debug (md, "sign.attr");
ksba_cms_set_hash_function (cms, HASH_FNC, md);
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
{
@ -685,7 +685,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next)
{
gcry_md_enable (md, cl_tmp->hash_algo);
audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO,
audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO,
cl_tmp->hash_algo);
}
}
@ -698,7 +698,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
gcry_md_close (md);
goto leave;
}
rc = gpgsm_create_cms_signature (ctrl, cl->cert,
md, cl->hash_algo, &sigval);
if (rc)
@ -733,8 +733,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL);
buf = xtryasprintf ("%c %d %d 00 %s %s",
detached? 'D':'S',
pkalgo,
cl->hash_algo,
pkalgo,
cl->hash_algo,
signed_at,
fpr);
if (!buf)
@ -753,10 +753,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
gcry_md_close (md);
}
}
while (stopreason != KSBA_SR_READY);
while (stopreason != KSBA_SR_READY);
rc = gpgsm_finish_writer (b64writer);
if (rc)
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
@ -774,7 +774,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
gpgsm_release_certlist (signerlist);
ksba_cms_release (cms);
gpgsm_destroy_writer (b64writer);
keydb_release (kh);
keydb_release (kh);
gcry_md_close (data_md);
return rc;
}

56
sm/verify.c
View File

@ -22,7 +22,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <unistd.h>
#include <unistd.h>
#include <time.h>
#include <assert.h>
@ -37,7 +37,7 @@ static char *
strtimestamp_r (ksba_isotime_t atime)
{
char *buffer = xmalloc (15);
if (!atime || !*atime)
strcpy (buffer, "none");
else
@ -64,7 +64,7 @@ hash_data (int fd, gcry_md_hd_t md)
return err;
}
do
do
{
nread = fread (buffer, 1, DIM(buffer), fp);
gcry_md_write (md, buffer, nread);
@ -160,12 +160,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
goto leave;
}
if (DBG_HASHING)
gcry_md_start_debug (data_md, "vrfy.data");
gcry_md_debug (data_md, "vrfy.data");
audit_log (ctrl->audit, AUDIT_SETUP_READY);
is_detached = 0;
do
do
{
rc = ksba_cms_parse (cms, &stopreason);
if (rc)
@ -184,7 +184,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
if (stopreason == KSBA_SR_NEED_HASH
|| stopreason == KSBA_SR_BEGIN_DATA)
{
{
audit_log (ctrl->audit, AUDIT_GOT_DATA);
/* We are now able to enable the hash algorithms */
@ -213,7 +213,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
if (opt.extra_digest_algo)
{
if (DBG_X509)
log_debug ("enabling extra hash algorithm %d\n",
log_debug ("enabling extra hash algorithm %d\n",
opt.extra_digest_algo);
gcry_md_enable (data_md, opt.extra_digest_algo);
audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO,
@ -241,12 +241,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0);
}
}
while (stopreason != KSBA_SR_READY);
while (stopreason != KSBA_SR_READY);
if (b64writer)
{
rc = gpgsm_finish_writer (b64writer);
if (rc)
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc);
@ -268,7 +268,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
certificate first before entering it into the DB. This way
we would avoid cluttering the DB with invalid
certificates. */
audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert,
audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert,
keydb_store_cert (cert, 0, NULL));
ksba_cert_release (cert);
}
@ -344,7 +344,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
&algo, &is_enabled)
|| !is_enabled)
{
log_error ("digest algo %d (%s) has not been enabled\n",
log_error ("digest algo %d (%s) has not been enabled\n",
algo, algoid?algoid:"");
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported");
goto next_signer;
@ -355,7 +355,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
assert (!msgdigest);
rc = 0;
algoid = NULL;
algo = 0;
algo = 0;
}
else /* real error */
{
@ -365,7 +365,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
rc = ksba_cms_get_sigattr_oids (cms, signer,
"1.2.840.113549.1.9.3", &ctattr);
if (!rc)
if (!rc)
{
const char *s;
@ -484,9 +484,9 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
xfree (fpr);
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
goto next_signer;
}
audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo);
rc = gcry_md_open (&md, sigval_hash_algo, 0);
if (rc)
@ -496,7 +496,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
goto next_signer;
}
if (DBG_HASHING)
gcry_md_start_debug (md, "vrfy.attr");
gcry_md_debug (md, "vrfy.attr");
ksba_cms_set_hash_function (cms, HASH_FNC, md);
rc = ksba_cms_hash_signed_attrs (cms, signer);
@ -508,13 +508,13 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
goto next_signer;
}
rc = gpgsm_check_cms_signature (cert, sigval, md,
rc = gpgsm_check_cms_signature (cert, sigval, md,
sigval_hash_algo, &info_pkalgo);
gcry_md_close (md);
}
else
{
rc = gpgsm_check_cms_signature (cert, sigval, data_md,
rc = gpgsm_check_cms_signature (cert, sigval, data_md,
algo, &info_pkalgo);
}
@ -542,7 +542,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN);
rc = gpgsm_validate_chain (ctrl, cert,
*sigtime? sigtime : "19700101T000000",
keyexptime, 0,
keyexptime, 0,
NULL, 0, &verifyflags);
{
char *fpr, *buf, *tstr;
@ -555,7 +555,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
}
else
gpgsm_status (ctrl, STATUS_GOODSIG, fpr);
xfree (fpr);
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
@ -581,7 +581,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL,
gpg_err_code (rc));
else
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL,
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL,
gpg_err_code (rc));
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer;
@ -603,7 +603,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
{
size_t qualbuflen;
char qualbuffer[1];
rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer,
sizeof (qualbuffer), &qualbuflen);
if (!rc && qualbuflen)
@ -612,20 +612,20 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
{
log_info (_("This is a qualified signature\n"));
if (!opt.qualsig_approval)
log_info
log_info
(_("Note, that this software is not officially approved "
"to create or verify such signatures.\n"));
}
}
}
else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
log_error ("get_user_data(is_qualified) failed: %s\n",
gpg_strerror (rc));
gpg_strerror (rc));
}
gpgsm_status (ctrl, STATUS_TRUST_FULLY,
gpgsm_status (ctrl, STATUS_TRUST_FULLY,
(verifyflags & VALIDATE_FLAG_CHAIN_MODEL)?
"0 chain": "0 shell");
next_signer:
rc = 0;
@ -642,7 +642,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
ksba_cms_release (cms);
gpgsm_destroy_reader (b64reader);
gpgsm_destroy_writer (b64writer);
keydb_release (kh);
keydb_release (kh);
gcry_md_close (data_md);
if (fp)
fclose (fp);