From b8d7b33d69e54feb1fcd2e87b8ffc260b0ba81e4 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 24 May 2012 10:55:11 +0200 Subject: [PATCH] Add provisions to build with Libgcrypt 1.6. Replace gcry_md_start_debug by gcry_md_debug in all files. * agent/gpg-agent.c (fixed_gcry_pth_init): Use only if GCRY_THREAD_OPTION_VERSION is 0 * scd/scdaemon.c (fixed_gcry_pth_init): Ditto. -- Libgcrypt 1.6 will have some minor API changes. In particular some deprecated macros and functions will be removed. PTH will also be dropped in favor of a thread model neutral locking method. --- agent/gpg-agent.c | 5 ++- g10/cipher.c | 6 ++-- g10/encr-data.c | 2 +- g10/keylist.c | 82 +++++++++++++++++++++++------------------------ g10/mainproc.c | 8 ++--- g10/sign.c | 48 +++++++++++++-------------- scd/scdaemon.c | 5 ++- sm/certcheck.c | 20 ++++++------ sm/certreqgen.c | 58 ++++++++++++++++----------------- sm/sign.c | 62 +++++++++++++++++------------------ sm/verify.c | 56 ++++++++++++++++---------------- 11 files changed, 179 insertions(+), 173 deletions(-) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index b00d899d0..ba25875be 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -278,11 +278,12 @@ static int check_for_running_agent (int silent, int mode); ASSUAN_SYSTEM_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL; +#if GCRY_THREAD_OPTION_VERSION < 1 static int fixed_gcry_pth_init (void) { return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; } - +#endif #ifndef PTH_HAVE_PTH_THREAD_ID static unsigned long pth_thread_id (void) @@ -594,7 +595,9 @@ main (int argc, char **argv ) /* Libgcrypt requires us to register the threading model first. Note that this will also do the pth_init. */ +#if GCRY_THREAD_OPTION_VERSION < 1 gcry_threads_pth.init = fixed_gcry_pth_init; +#endif err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); if (err) { diff --git a/g10/cipher.c b/g10/cipher.c index f0dc57719..10f0ebb96 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -61,12 +61,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) ed.mdc_method = DIGEST_ALGO_SHA1; gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0); if ( DBG_HASHING ) - gcry_md_start_debug (cfx->mdc_hash, "creatmdc"); + gcry_md_debug (cfx->mdc_hash, "creatmdc"); } { char buf[20]; - + sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo); write_status_text (STATUS_BEGIN_ENCRYPTION, buf); } @@ -81,7 +81,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) temp[nprefix] = temp[nprefix-2]; temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); - err = openpgp_cipher_open (&cfx->cipher_hd, + err = openpgp_cipher_open (&cfx->cipher_hd, cfx->dek->algo, GCRY_CIPHER_MODE_CFB, (GCRY_CIPHER_SECURE diff --git a/g10/encr-data.c b/g10/encr-data.c index 602ae55aa..ee988c9cb 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -119,7 +119,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) BUG (); if ( DBG_HASHING ) - gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); + gcry_md_debug (dfx->mdc_hash, "checkmdc"); } rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo, diff --git a/g10/keylist.c b/g10/keylist.c index 4c1624cb6..bb19bc30a 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -141,7 +141,7 @@ print_seckey_info (PKT_secret_key *sk) nbits_from_sk (sk), pubkey_letter (sk->pubkey_algo), keystr(keyid), datestr_from_sk (sk), p); - + xfree (p); } @@ -185,13 +185,13 @@ print_card_key_info (FILE *fp, KBNODE keyblock) KBNODE node; int i; - for (node = keyblock; node; node = node->next ) + for (node = keyblock; node; node = node->next ) { if (node->pkt->pkttype == PKT_SECRET_KEY || (node->pkt->pkttype == PKT_SECRET_SUBKEY) ) { PKT_secret_key *sk = node->pkt->pkt.secret_key; - + tty_fprintf (fp, "%s%c %4u%c/%s ", node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb", (sk->protect.s2k.mode==1001)?'#': @@ -205,10 +205,10 @@ print_card_key_info (FILE *fp, KBNODE keyblock) if (sk->is_protected && sk->protect.s2k.mode == 1002) { tty_fprintf (fp, "\n "); - tty_fprintf (fp, _("card-no: ")); + tty_fprintf (fp, _("card-no: ")); if (sk->protect.ivlen == 16 && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6)) - { + { /* This is an OpenPGP card. */ for (i=8; i < 14; i++) { @@ -454,7 +454,7 @@ list_all( int secret ) merge_keys_and_selfsig( keyblock ); list_keyblock( keyblock, secret, opt.fingerprint, opt.check_sigs?&stats:NULL); - release_kbnode( keyblock ); + release_kbnode( keyblock ); keyblock = NULL; } while (!(rc = keydb_search_next (hd))); if( rc && rc != -1 ) @@ -548,7 +548,7 @@ locate_one (strlist_t names) struct sig_stats stats; memset (&stats,0,sizeof(stats)); - + for (sl=names; sl; sl = sl->next) { rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0); @@ -559,18 +559,18 @@ locate_one (strlist_t names) } else { - do + do { list_keyblock (keyblock, 0, opt.fingerprint, opt.check_sigs? &stats : NULL ); release_kbnode (keyblock); - } + } while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock)); get_pubkey_end (ctx); ctx = NULL; - } + } } - + if (opt.check_sigs && !opt.with_colons) print_signature_stats (&stats); } @@ -597,7 +597,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) { unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage; int c_printed = 0; - + if ( use & PUBKEY_USAGE_ENC ) putchar ('e'); @@ -627,7 +627,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) int enc=0, sign=0, cert=0, auth=0, disabled=0; for (k=keyblock; k; k = k->next ) { - if ( k->pkt->pkttype == PKT_PUBLIC_KEY + if ( k->pkt->pkttype == PKT_PUBLIC_KEY || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { pk = k->pkt->pkt.public_key; @@ -649,7 +649,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock) auth = 1; } } - else if ( k->pkt->pkttype == PKT_SECRET_KEY + else if ( k->pkt->pkttype == PKT_SECRET_KEY || k->pkt->pkttype == PKT_SECRET_SUBKEY ) { sk = k->pkt->pkt.secret_key; if ( sk->is_valid && !sk->is_revoked && !sk->has_expired @@ -982,7 +982,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque ) case 0: sigrc = '!'; break; case GPG_ERR_BAD_SIGNATURE: stats->inv_sigs++; sigrc = '-'; break; - case GPG_ERR_NO_PUBKEY: + case GPG_ERR_NO_PUBKEY: case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue; default: stats->oth_err++; sigrc = '%'; break; } @@ -1128,9 +1128,9 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) putchar ('r'); else if ( pk->has_expired ) putchar ('e'); - else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) + else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) ; - else + else { trustletter = get_validity_info ( pk, NULL ); if ( trustletter == 'u' ) @@ -1186,7 +1186,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) dump_attribs (node->pkt->pkt.user_id,pk,sk); /* - * Fixme: We need a is_valid flag here too + * Fixme: We need a is_valid flag here too */ str = uid->attrib_data? "uat":"uid"; /* If we're listing a secret key, leave out the validity @@ -1199,25 +1199,25 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) printf ("%s:e::::",str); else if ( opt.no_expensive_trust_checks ) printf ("%s:::::",str); - else + else { int uid_validity; - + if ( pk && !ulti_hack ) uid_validity=get_validity_info (pk, uid); else uid_validity = 'u'; printf ("%s:%c::::",str,uid_validity); } - + printf ("%s:", colon_strtime (uid->created)); printf ("%s:", colon_strtime (uid->expiredate)); - + namehash_from_uid (uid); for (i=0; i < 20; i++ ) printf ("%02X",uid->namehash[i]); - + printf ("::"); if (uid->attrib_data) @@ -1227,11 +1227,11 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) putchar (':'); putchar ('\n'); } - else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { u32 keyid2[2]; PKT_public_key *pk2 = node->pkt->pkt.public_key; - + keyid_from_pk ( pk2, keyid2 ); fputs ("sub:", stdout ); if ( !pk2->is_valid ) @@ -1291,7 +1291,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) } putchar(':'); /* End of field 15. */ putchar ('\n'); - + if ( fpr > 1 ) print_fingerprint ( NULL, sk2, 0 ); } @@ -1302,7 +1302,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) char *sigstr; size_t fplen; byte fparray[MAX_FINGERPRINT_LEN]; - + if ( sig->sig_class == 0x20 || sig->sig_class == 0x28 || sig->sig_class == 0x30 ) sigstr = "rev"; @@ -1312,7 +1312,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) sigstr = "sig"; else if ( sig->sig_class == 0x1F ) sigstr = "sig"; - else + else { printf ("sig::::::::::%02x%c:\n", sig->sig_class, sig->flags.exportable?'x':'l'); @@ -1322,18 +1322,18 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) if ( opt.check_sigs ) { PKT_public_key *signer_pk=NULL; - + fflush (stdout); if (opt.no_sig_cache) signer_pk = xmalloc_clear (sizeof(PKT_public_key)); - + rc = check_key_signature2 ( keyblock, node, NULL, signer_pk, NULL, NULL, NULL ); switch ( gpg_err_code (rc) ) { case 0: sigrc = '!'; break; case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; - case GPG_ERR_NO_PUBKEY: + case GPG_ERR_NO_PUBKEY: case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; default: sigrc = '%'; break; } @@ -1348,7 +1348,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) free_public_key(signer_pk); } } - else + else { rc = 0; sigrc = ' '; @@ -1370,7 +1370,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) print_string (stdout,sig->trust_regexp, strlen(sig->trust_regexp),':'); printf(":"); - + if ( sigrc == '%' ) printf("[%s] ", g10_errstr(rc) ); else if ( sigrc == '?' ) @@ -1417,8 +1417,8 @@ do_reorder_keyblock (KBNODE keyblock,int attr) node->pkt->pkt.user_id->is_primary ) { primary = primary2 = node; for (node=node->next; node; primary2=node, node = node->next ) { - if( node->pkt->pkttype == PKT_USER_ID - || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + if( node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY ) { break; } @@ -1540,7 +1540,7 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode ) fp = stdout; text = _(" Key fingerprint ="); } - + if (sk) fingerprint_from_sk (sk, array, &n); else @@ -1600,7 +1600,7 @@ print_card_serialno (PKT_secret_key *sk) if (!sk) return; - if (!sk->is_protected || sk->protect.s2k.mode != 1002) + if (!sk->is_protected || sk->protect.s2k.mode != 1002) return; /* Not a card. */ if (opt.with_colons) return; /* Handled elsewhere. */ @@ -1635,11 +1635,11 @@ set_attrib_fd (int fd) if ( fd != -1 && last_fd == fd ) return; - if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr + if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr && attrib_fp != log_get_stream () ) fclose (attrib_fp); attrib_fp = NULL; - if ( fd == -1 ) + if ( fd == -1 ) return; #ifdef HAVE_DOSISH_SYSTEM @@ -1651,11 +1651,11 @@ set_attrib_fd (int fd) attrib_fp = stderr; else attrib_fp = fdopen (fd, "wb"); - if (!attrib_fp) + if (!attrib_fp) { log_fatal("can't open fd %d for attribute output: %s\n", fd, strerror(errno)); } - + last_fd = fd; } diff --git a/g10/mainproc.c b/g10/mainproc.c index c7df11381..b7f097b14 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -699,9 +699,9 @@ proc_plaintext( CTX c, PACKET *pkt ) BUG (); } if ( DBG_HASHING ) { - gcry_md_start_debug ( c->mfx.md, "verify" ); + gcry_md_debug ( c->mfx.md, "verify" ); if ( c->mfx.md2 ) - gcry_md_start_debug ( c->mfx.md2, "verify2" ); + gcry_md_debug ( c->mfx.md2, "verify2" ); } rc=0; @@ -2138,9 +2138,9 @@ proc_tree( CTX c, KBNODE node ) /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */ #endif if ( DBG_HASHING ) { - gcry_md_start_debug( c->mfx.md, "verify" ); + gcry_md_debug( c->mfx.md, "verify" ); if ( c->mfx.md2 ) - gcry_md_start_debug( c->mfx.md2, "verify2" ); + gcry_md_debug( c->mfx.md2, "verify2" ); } if( c->sigs_only ) { if (c->signed_data.used && c->signed_data.data_fd != -1) diff --git a/g10/sign.c b/g10/sign.c index 8d280ed85..a464bb6e9 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -150,7 +150,7 @@ mk_notation_policy_etc( PKT_signature *sig, /* - * Helper to hash a user ID packet. + * Helper to hash a user ID packet. */ static void hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) @@ -188,7 +188,7 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) static void hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) { - if (sig->version >= 4) + if (sig->version >= 4) gcry_md_putc (md, sig->version); gcry_md_putc (md, sig->sig_class); if (sig->version < 4) { @@ -201,7 +201,7 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) else { byte buf[6]; size_t n; - + gcry_md_putc (md, sig->pubkey_algo); gcry_md_putc (md, sig->digest_algo); if (sig->hashed) { @@ -257,13 +257,13 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, sig->digest_algo = digest_algo; sig->digest_start[0] = dp[0]; sig->digest_start[1] = dp[1]; - if (sk->is_protected && sk->protect.s2k.mode == 1002) - { + if (sk->is_protected && sk->protect.s2k.mode == 1002) + { #ifdef ENABLE_CARD_SUPPORT unsigned char *rbuf; size_t rbuflen; char *snbuf; - + snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk); rc = agent_scd_pksign (snbuf, digest_algo, @@ -282,7 +282,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, return gpg_error (GPG_ERR_NOT_SUPPORTED); #endif /* ENABLE_CARD_SUPPORT */ } - else + else { frame = encode_md_value( NULL, sk, md, digest_algo ); if (!frame) @@ -495,7 +495,7 @@ print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what ) * Loop over the secret certificates in SK_LIST and build the one pass * signature packets. OpenPGP says that the data should be bracket by * the onepass-sig and signature-packet; so we build these onepass - * packet here in reverse order + * packet here in reverse order */ static int write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) @@ -511,7 +511,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) PKT_onepass_sig *ops; PACKET pkt; int i, rc; - + for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { if (++i == skcount) break; @@ -524,7 +524,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) ops->pubkey_algo = sk->pubkey_algo; keyid_from_sk (sk, ops->keyid); ops->last = (skcount == 1); - + init_packet(&pkt); pkt.pkttype = PKT_ONEPASS_SIG; pkt.pkt.onepass_sig = ops; @@ -612,7 +612,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode) wipememory(copy_buffer,4096); /* burn buffer */ } /* fixme: it seems that we never freed pt/pkt */ - + return rc; } @@ -777,7 +777,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr, inp = NULL; errno = EPERM; } - if( !inp ) + if( !inp ) { rc = gpg_error_from_syserror (); log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", @@ -817,7 +817,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr, if ( gcry_md_open (&mfx.md, 0, 0) ) BUG (); if (DBG_HASHING) - gcry_md_start_debug (mfx.md, "sign"); + gcry_md_debug (mfx.md, "sign"); /* If we're encrypting and signing, it is reasonable to pick the hash algorithm to use out of the recepient key prefs. This is @@ -928,7 +928,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr, there is an assumed preference for uncompressed data. Still, if it did fail, we'll also end up with the default. */ - + if((compr_algo= select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1) compr_algo=default_compress_algo(); @@ -1091,7 +1091,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) } if( !inp ) { rc = gpg_error_from_syserror (); - log_error (_("can't open `%s': %s\n"), + log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", strerror(errno) ); goto leave; } @@ -1102,7 +1102,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) outfile = NULL; errno = EPERM; } - else + else out = iobuf_create( outfile ); if( !out ) { @@ -1166,7 +1166,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) gcry_md_enable (textmd, hash_for(sk)); } if ( DBG_HASHING ) - gcry_md_start_debug ( textmd, "clearsign" ); + gcry_md_debug ( textmd, "clearsign" ); copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped, opt.escape_from, (old_style && only_md5) ); @@ -1190,7 +1190,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) gcry_md_close ( textmd ); release_sk_list( sk_list ); release_progress_context (pfx); - release_armor_context (afx); + release_armor_context (afx); return rc; } @@ -1234,7 +1234,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) } rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); - if (rc) + if (rc) goto leave; /* prepare iobufs */ @@ -1247,7 +1247,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) } if( !inp ) { rc = gpg_error_from_syserror (); - log_error (_("can't open `%s': %s\n"), + log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", strerror(errno) ); goto leave; } @@ -1288,7 +1288,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) if ( gcry_md_open (&mfx.md, 0, 0) ) BUG (); if ( DBG_HASHING ) - gcry_md_start_debug (mfx.md, "symc-sign"); + gcry_md_debug (mfx.md, "symc-sign"); for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) { PKT_secret_key *sk = sk_rover->sk; @@ -1338,7 +1338,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b'); if (rc) goto leave; - + /* Write the signatures */ /*(current filters: zip - encrypt - armor)*/ rc = write_signature_packets (sk_list, out, mfx.md, @@ -1497,7 +1497,7 @@ int update_keysig_packet( PKT_signature **ret_sig, PKT_signature *orig_sig, PKT_public_key *pk, - PKT_user_id *uid, + PKT_user_id *uid, PKT_public_key *subpk, PKT_secret_key *sk, int (*mksubpkt)(PKT_signature *, void *), @@ -1530,7 +1530,7 @@ update_keysig_packet( PKT_signature **ret_sig, /* create a new signature packet */ sig = copy_signature (NULL, orig_sig); - + /* We need to create a new timestamp so that new sig expiration calculations are done correctly... */ sig->timestamp=make_timestamp(); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 064d3424c..defd03910 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -206,11 +206,12 @@ static void handle_connections (int listen_fd); ASSUAN_SYSTEM_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL; +#if GCRY_THREAD_OPTION_VERSION < 1 static int fixed_gcry_pth_init (void) { return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; } - +#endif static char * @@ -409,7 +410,9 @@ main (int argc, char **argv ) /* Libgcrypt requires us to register the threading model first. Note that this will also do the pth_init. */ +#if GCRY_THREAD_OPTION_VERSION < 1 gcry_threads_pth.init = fixed_gcry_pth_init; +#endif err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); if (err) { diff --git a/sm/certcheck.c b/sm/certcheck.c index 51a809b8f..e2e4a4ba3 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -22,7 +22,7 @@ #include #include #include -#include +#include #include #include @@ -106,7 +106,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, { log_error (_("a %u bit hash is not valid for a %u bit %s key\n"), (unsigned int)nframe*8, - gcry_pk_get_nbits (pkey), + gcry_pk_get_nbits (pkey), gcry_pk_algo_name (pkalgo)); /* FIXME: we need to check the requirements for ECDSA. */ if (nframe < 20 || pkalgo == GCRY_PK_DSA ) @@ -139,16 +139,16 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, log_error ("no object identifier for algo %d\n", algo); return gpg_error (GPG_ERR_INTERNAL); } - + len = gcry_md_get_algo_dlen (algo); - + if ( len + asnlen + 4 > nframe ) { log_error ("can't encode a %d bit MD into a %d bits frame\n", (int)(len*8), (int)nbits); return gpg_error (GPG_ERR_INTERNAL); } - + /* We encode the MD in this way: * * 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes) @@ -177,7 +177,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, log_printf (" %02X", frame[j]); log_printf ("\n"); } - + gcry_mpi_scan (r_val, GCRYMPI_FMT_USG, frame, n, &nframe); xfree (frame); return 0; @@ -251,7 +251,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) return rc; } if (DBG_HASHING) - gcry_md_start_debug (md, "hash.cert"); + gcry_md_debug (md, "hash.cert"); rc = ksba_cert_hash (cert, 1, HASH_FNC, md); if (rc) @@ -324,7 +324,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) BUG (); gcry_mpi_release (frame); - + rc = gcry_pk_verify (s_sig, s_hash, s_pkey); if (DBG_X509) log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc)); @@ -400,7 +400,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval, if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) ) BUG (); gcry_mpi_release (frame); - + rc = gcry_pk_verify (s_sig, s_hash, s_pkey); if (DBG_X509) log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc)); @@ -427,7 +427,7 @@ gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert, desc = gpgsm_format_keydesc (cert); - rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo), + rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo), gcry_md_get_algo_dlen (mdalgo), mdalgo, r_sigval, &siglen); xfree (desc); diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 49b2b9208..c3f3165c2 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -74,9 +74,9 @@ The format of the native parameter file is follows: This is the DN name of the subject in rfc2253 format. Name-Email: The is an email address for the altSubjectName - Name-DNS: + Name-DNS: The is an DNS name for the altSubjectName - Name-URI: + Name-URI: The is an URI for the altSubjectName Here is an example: @@ -98,7 +98,7 @@ EOF #include #include #include -#include +#include #include #include @@ -126,7 +126,7 @@ struct para_data_s { int lnr; enum para_name key; union { - unsigned int usage; + unsigned int usage; char value[1]; } u; }; @@ -156,7 +156,7 @@ static void release_parameter_list (struct para_data_s *r) { struct para_data_s *r2; - + for (; r ; r = r2) { r2 = r->next; @@ -168,7 +168,7 @@ static struct para_data_s * get_parameter (struct para_data_s *para, enum para_name key, int seq) { struct para_data_s *r; - + for (r = para; r ; r = r->next) if ( r->key == key && !seq--) return r; @@ -190,7 +190,7 @@ get_parameter_algo (struct para_data_s *para, enum para_name key) return -1; if (digitp (r->u.value)) return atoi( r->u.value ); - return gcry_pk_map_name (r->u.value); + return gcry_pk_map_name (r->u.value); } /* Parse the usage parameter. Returns 0 on success. Note that we @@ -203,10 +203,10 @@ parse_parameter_usage (struct para_data_s *para, enum para_name key) struct para_data_s *r = get_parameter (para, key, 0); char *p, *pn; unsigned int use; - + if (!r) return 0; /* none (this is an optional parameter)*/ - + use = 0; pn = r->u.value; while ( (p = strsep (&pn, " \t,")) ) @@ -474,7 +474,7 @@ proc_parameters (ctrl_t ctrl, log_error (_("line %d: invalid algorithm\n"), r->lnr); return gpg_error (GPG_ERR_INV_PARAMETER); } - + /* Check the keylength. */ if (!get_parameter (para, pKEYLENGTH, 0)) nbits = 2048; @@ -489,7 +489,7 @@ proc_parameters (ctrl_t ctrl, xfree (cardkeyid); return gpg_error (GPG_ERR_INV_PARAMETER); } - + /* Check the usage. */ if (parse_parameter_usage (para, pKEYUSAGE)) { @@ -523,7 +523,7 @@ proc_parameters (ctrl_t ctrl, /* Check that the optional email address is okay. */ for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++) - { + { if (has_invalid_email_chars (s) || *s == '@' || s[strlen(s)-1] == '@' @@ -564,7 +564,7 @@ proc_parameters (ctrl_t ctrl, else /* Generate new key. */ { sprintf (numbuf, "%u", nbits); - snprintf ((char*)keyparms, DIM (keyparms)-1, + snprintf ((char*)keyparms, DIM (keyparms)-1, "(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf); rc = gpgsm_agent_genkey (ctrl, keyparms, &public); @@ -589,8 +589,8 @@ proc_parameters (ctrl_t ctrl, /* Parameters are checked, the key pair has been created. Now generate the request and write it out */ static int -create_request (ctrl_t ctrl, - struct para_data_s *para, +create_request (ctrl_t ctrl, + struct para_data_s *para, const char *carddirect, ksba_const_sexp_t public, struct reqgen_ctrl_s *outctrl) @@ -618,11 +618,11 @@ create_request (ctrl_t ctrl, goto leave; } if (DBG_HASHING) - gcry_md_start_debug (md, "cr.cri"); + gcry_md_debug (md, "cr.cri"); ksba_certreq_set_hash_function (cr, HASH_FNC, md); ksba_certreq_set_writer (cr, outctrl->writer); - + err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0)); if (err) { @@ -718,14 +718,14 @@ create_request (ctrl_t ctrl, goto leave; } - + use = get_parameter_uint (para, pKEYUSAGE); if (use == GCRY_PK_USAGE_SIGN) { /* For signing only we encode the bits: KSBA_KEYUSAGE_DIGITAL_SIGNATURE KSBA_KEYUSAGE_NON_REPUDIATION */ - err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, + err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, "\x03\x02\x06\xC0", 4); } else if (use == GCRY_PK_USAGE_ENCR) @@ -733,7 +733,7 @@ create_request (ctrl_t ctrl, /* For encrypt only we encode the bits: KSBA_KEYUSAGE_KEY_ENCIPHERMENT KSBA_KEYUSAGE_DATA_ENCIPHERMENT */ - err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, + err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, "\x03\x02\x04\x30", 4); } else @@ -746,7 +746,7 @@ create_request (ctrl_t ctrl, goto leave; } - + do { err = ksba_certreq_build (cr, &stopreason); @@ -788,11 +788,11 @@ create_request (ctrl_t ctrl, gcry_sexp_release (s_pkey); bin2hex (grip, 20, hexgrip); - log_info ("about to sign CSR for key: &%s\n", hexgrip); + log_info ("about to sign CSR for key: &%s\n", hexgrip); if (carddirect) rc = gpgsm_scd_pksign (ctrl, carddirect, NULL, - gcry_md_read(md, GCRY_MD_SHA1), + gcry_md_read(md, GCRY_MD_SHA1), gcry_md_get_algo_dlen (GCRY_MD_SHA1), GCRY_MD_SHA1, &sigval, &siglen); @@ -802,13 +802,13 @@ create_request (ctrl_t ctrl, char *desc; orig_codeset = i18n_switchto_utf8 (); - desc = percent_plus_escape + desc = percent_plus_escape (_("To complete this certificate request please enter" " the passphrase for the key you just created once" " more.\n")); i18n_switchback (orig_codeset); rc = gpgsm_agent_pksign (ctrl, hexgrip, desc, - gcry_md_read(md, GCRY_MD_SHA1), + gcry_md_read(md, GCRY_MD_SHA1), gcry_md_get_algo_dlen (GCRY_MD_SHA1), GCRY_MD_SHA1, &sigval, &siglen); @@ -819,7 +819,7 @@ create_request (ctrl_t ctrl, log_error ("signing failed: %s\n", gpg_strerror (rc)); goto leave; } - + err = ksba_certreq_set_sig_val (cr, sigval); xfree (sigval); if (err) @@ -831,13 +831,13 @@ create_request (ctrl_t ctrl, } } } - while (stopreason != KSBA_SR_READY); + while (stopreason != KSBA_SR_READY); leave: gcry_md_close (md); ksba_certreq_release (cr); - return rc; + return rc; } @@ -868,7 +868,7 @@ gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp) } rc = gpgsm_finish_writer (b64writer); - if (rc) + if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); goto leave; diff --git a/sm/sign.c b/sm/sign.c index fd7c4ff2f..a9d4990f6 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -22,7 +22,7 @@ #include #include #include -#include +#include #include #include @@ -50,7 +50,7 @@ hash_data (int fd, gcry_md_hd_t md) return -1; } - do + do { nread = fread (buffer, 1, DIM(buffer), fp); gcry_md_write (md, buffer, nread); @@ -83,7 +83,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer) return tmperr; } - do + do { nread = fread (buffer, 1, DIM(buffer), fp); if (nread) @@ -152,7 +152,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert) do { rc = keydb_get_cert (hd, &cert); - if (rc) + if (rc) { log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc)); keydb_release (hd); @@ -175,13 +175,13 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert) } } - ksba_cert_release (cert); + ksba_cert_release (cert); cert = NULL; } while (!(rc = keydb_search_next (hd))); if (rc && rc != -1) log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc)); - + ksba_cert_release (cert); keydb_release (hd); return rc; @@ -225,7 +225,7 @@ get_default_signer (ctrl_t ctrl) { log_debug ("failed to find default certificate: rc=%d\n", rc); } - else + else { rc = keydb_get_cert (kh, &cert); if (rc) @@ -241,7 +241,7 @@ get_default_signer (ctrl_t ctrl) /* Depending on the options in CTRL add the certificate CERT as well as other certificate up in the chain to the Root-CA to the CMS object. */ -static int +static int add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert) { gpg_error_t err; @@ -302,7 +302,7 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert) -/* Perform a sign operation. +/* Perform a sign operation. Sign the data received on DATA-FD in embedded mode or in detached mode when DETACHED is true. Write the signature to OUT_FP. The @@ -380,7 +380,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (!cert) { log_error ("no default signer found\n"); - gpgsm_status2 (ctrl, STATUS_INV_SGNR, + gpgsm_status2 (ctrl, STATUS_INV_SGNR, get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL); rc = gpg_error (GPG_ERR_GENERAL); goto leave; @@ -396,7 +396,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, char *tmpfpr; tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0); - gpgsm_status2 (ctrl, STATUS_INV_SGNR, + gpgsm_status2 (ctrl, STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), tmpfpr, NULL); xfree (tmpfpr); goto leave; @@ -442,13 +442,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break; case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break; /* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */ - + case GCRY_MD_MD5: /* We don't want to use MD5. */ case 0: /* No algorithm found in cert. */ default: /* Other algorithms. */ log_info (_("hash algorithm %d (%s) for signer %d not supported;" " using %s\n"), - cl->hash_algo, oid? oid: "?", i, + cl->hash_algo, oid? oid: "?", i, gcry_md_algo_name (GCRY_MD_SHA1)); cl->hash_algo = GCRY_MD_SHA1; oid = "1.3.14.3.2.26"; @@ -460,7 +460,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (opt.verbose) { for (i=0, cl=signerlist; cl; cl = cl->next, i++) - log_info (_("hash algorithm used for signer %d: %s (%s)\n"), + log_info (_("hash algorithm used for signer %d: %s (%s)\n"), i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid); } @@ -471,7 +471,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, rc = gpgsm_cert_use_sign_p (cl->cert); if (rc) goto leave; - + err = ksba_cms_add_signer (cms, cl->cert); if (err) { @@ -505,13 +505,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { size_t buflen; char buffer[1]; - - err = ksba_cert_get_user_data (cl->cert, "is_qualified", + + err = ksba_cert_get_user_data (cl->cert, "is_qualified", &buffer, sizeof (buffer), &buflen); if (err || !buflen) { log_error (_("checking for qualified certificate failed: %s\n"), - gpg_strerror (err)); + gpg_strerror (err)); rc = err; goto leave; } @@ -525,7 +525,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, goto leave; } } - + /* Prepare hashing (actually we are figuring out what we have set above). */ rc = gcry_md_open (&data_md, 0, 0); @@ -535,7 +535,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, goto leave; } if (DBG_HASHING) - gcry_md_start_debug (data_md, "sign.data"); + gcry_md_debug (data_md, "sign.data"); for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++) { @@ -614,7 +614,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, /* Main building loop. */ - do + do { err = ksba_cms_build (cms, &stopreason); if (err) @@ -625,7 +625,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } if (stopreason == KSBA_SR_BEGIN_DATA) - { + { /* Hash the data and store the message digest. */ unsigned char *digest; size_t digest_len; @@ -658,7 +658,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } } else if (stopreason == KSBA_SR_NEED_SIG) - { + { /* Compute the signature for all signers. */ gcry_md_hd_t md; @@ -669,7 +669,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, goto leave; } if (DBG_HASHING) - gcry_md_start_debug (md, "sign.attr"); + gcry_md_debug (md, "sign.attr"); ksba_cms_set_hash_function (cms, HASH_FNC, md); for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) { @@ -685,7 +685,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next) { gcry_md_enable (md, cl_tmp->hash_algo); - audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, cl_tmp->hash_algo); } } @@ -698,7 +698,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, gcry_md_close (md); goto leave; } - + rc = gpgsm_create_cms_signature (ctrl, cl->cert, md, cl->hash_algo, &sigval); if (rc) @@ -733,8 +733,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL); buf = xtryasprintf ("%c %d %d 00 %s %s", detached? 'D':'S', - pkalgo, - cl->hash_algo, + pkalgo, + cl->hash_algo, signed_at, fpr); if (!buf) @@ -753,10 +753,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, gcry_md_close (md); } } - while (stopreason != KSBA_SR_READY); + while (stopreason != KSBA_SR_READY); rc = gpgsm_finish_writer (b64writer); - if (rc) + if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); goto leave; @@ -774,7 +774,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, gpgsm_release_certlist (signerlist); ksba_cms_release (cms); gpgsm_destroy_writer (b64writer); - keydb_release (kh); + keydb_release (kh); gcry_md_close (data_md); return rc; } diff --git a/sm/verify.c b/sm/verify.c index c8663e3e6..6bc44d2a6 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -22,7 +22,7 @@ #include #include #include -#include +#include #include #include @@ -37,7 +37,7 @@ static char * strtimestamp_r (ksba_isotime_t atime) { char *buffer = xmalloc (15); - + if (!atime || !*atime) strcpy (buffer, "none"); else @@ -64,7 +64,7 @@ hash_data (int fd, gcry_md_hd_t md) return err; } - do + do { nread = fread (buffer, 1, DIM(buffer), fp); gcry_md_write (md, buffer, nread); @@ -160,12 +160,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) goto leave; } if (DBG_HASHING) - gcry_md_start_debug (data_md, "vrfy.data"); + gcry_md_debug (data_md, "vrfy.data"); audit_log (ctrl->audit, AUDIT_SETUP_READY); is_detached = 0; - do + do { rc = ksba_cms_parse (cms, &stopreason); if (rc) @@ -184,7 +184,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) if (stopreason == KSBA_SR_NEED_HASH || stopreason == KSBA_SR_BEGIN_DATA) - { + { audit_log (ctrl->audit, AUDIT_GOT_DATA); /* We are now able to enable the hash algorithms */ @@ -213,7 +213,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) if (opt.extra_digest_algo) { if (DBG_X509) - log_debug ("enabling extra hash algorithm %d\n", + log_debug ("enabling extra hash algorithm %d\n", opt.extra_digest_algo); gcry_md_enable (data_md, opt.extra_digest_algo); audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, @@ -241,12 +241,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0); } } - while (stopreason != KSBA_SR_READY); + while (stopreason != KSBA_SR_READY); if (b64writer) { rc = gpgsm_finish_writer (b64writer); - if (rc) + if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc); @@ -268,7 +268,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) certificate first before entering it into the DB. This way we would avoid cluttering the DB with invalid certificates. */ - audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, + audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, keydb_store_cert (cert, 0, NULL)); ksba_cert_release (cert); } @@ -344,7 +344,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) &algo, &is_enabled) || !is_enabled) { - log_error ("digest algo %d (%s) has not been enabled\n", + log_error ("digest algo %d (%s) has not been enabled\n", algo, algoid?algoid:""); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported"); goto next_signer; @@ -355,7 +355,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) assert (!msgdigest); rc = 0; algoid = NULL; - algo = 0; + algo = 0; } else /* real error */ { @@ -365,7 +365,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) rc = ksba_cms_get_sigattr_oids (cms, signer, "1.2.840.113549.1.9.3", &ctattr); - if (!rc) + if (!rc) { const char *s; @@ -484,9 +484,9 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) gpgsm_status (ctrl, STATUS_BADSIG, fpr); xfree (fpr); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad"); - goto next_signer; + goto next_signer; } - + audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo); rc = gcry_md_open (&md, sigval_hash_algo, 0); if (rc) @@ -496,7 +496,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) goto next_signer; } if (DBG_HASHING) - gcry_md_start_debug (md, "vrfy.attr"); + gcry_md_debug (md, "vrfy.attr"); ksba_cms_set_hash_function (cms, HASH_FNC, md); rc = ksba_cms_hash_signed_attrs (cms, signer); @@ -508,13 +508,13 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error"); goto next_signer; } - rc = gpgsm_check_cms_signature (cert, sigval, md, + rc = gpgsm_check_cms_signature (cert, sigval, md, sigval_hash_algo, &info_pkalgo); gcry_md_close (md); } else { - rc = gpgsm_check_cms_signature (cert, sigval, data_md, + rc = gpgsm_check_cms_signature (cert, sigval, data_md, algo, &info_pkalgo); } @@ -542,7 +542,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN); rc = gpgsm_validate_chain (ctrl, cert, *sigtime? sigtime : "19700101T000000", - keyexptime, 0, + keyexptime, 0, NULL, 0, &verifyflags); { char *fpr, *buf, *tstr; @@ -555,7 +555,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) } else gpgsm_status (ctrl, STATUS_GOODSIG, fpr); - + xfree (fpr); fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); @@ -581,7 +581,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL, gpg_err_code (rc)); else - gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL, + gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL, gpg_err_code (rc)); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad"); goto next_signer; @@ -603,7 +603,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) { size_t qualbuflen; char qualbuffer[1]; - + rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer, sizeof (qualbuffer), &qualbuflen); if (!rc && qualbuflen) @@ -612,20 +612,20 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) { log_info (_("This is a qualified signature\n")); if (!opt.qualsig_approval) - log_info + log_info (_("Note, that this software is not officially approved " "to create or verify such signatures.\n")); } - } + } else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("get_user_data(is_qualified) failed: %s\n", - gpg_strerror (rc)); + gpg_strerror (rc)); } - gpgsm_status (ctrl, STATUS_TRUST_FULLY, + gpgsm_status (ctrl, STATUS_TRUST_FULLY, (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)? "0 chain": "0 shell"); - + next_signer: rc = 0; @@ -642,7 +642,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp) ksba_cms_release (cms); gpgsm_destroy_reader (b64reader); gpgsm_destroy_writer (b64writer); - keydb_release (kh); + keydb_release (kh); gcry_md_close (data_md); if (fp) fclose (fp);