security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

Add provisions to build with Libgcrypt 1.6.

Browse Source 
Replace gcry_md_start_debug by gcry_md_debug in all files.

* agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
GCRY_THREAD_OPTION_VERSION is 0
* scd/scdaemon.c (fixed_gcry_pth_init): Ditto.
--

Libgcrypt 1.6 will have some minor API changes.  In particular some
deprecated macros and functions will be removed.  PTH will also be
dropped in favor of a thread model neutral locking method.
This commit is contained in:
Werner Koch 2012-05-24 10:55:11 +02:00
parent a4b22d8edf
commit b8d7b33d69
11 changed files with 179 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
agent/gpg-agent.c
View File

@ -278,11 +278,12 @@ static int check_for_running_agent (int silent, int mode);
ASSUAN_SYSTEM_PTH_IMPL; ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void) static int fixed_gcry_pth_init (void)
{ {
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
} }
#endif
#ifndef PTH_HAVE_PTH_THREAD_ID #ifndef PTH_HAVE_PTH_THREAD_ID
static unsigned long pth_thread_id (void) static unsigned long pth_thread_id (void)
@ -594,7 +595,9 @@ main (int argc, char **argv )
/* Libgcrypt requires us to register the threading model first. /* Libgcrypt requires us to register the threading model first.
Note that this will also do the pth_init. */ Note that this will also do the pth_init. */
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init; gcry_threads_pth.init = fixed_gcry_pth_init;
#endif
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err) if (err)
{ {

6
g10/cipher.c
View File

@ -61,12 +61,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
ed.mdc_method = DIGEST_ALGO_SHA1; ed.mdc_method = DIGEST_ALGO_SHA1;
gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0); gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0);
if ( DBG_HASHING ) if ( DBG_HASHING )
gcry_md_start_debug (cfx->mdc_hash, "creatmdc"); gcry_md_debug (cfx->mdc_hash, "creatmdc");
} }
{ {
char buf[20]; char buf[20];
sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo); sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo);
write_status_text (STATUS_BEGIN_ENCRYPTION, buf); write_status_text (STATUS_BEGIN_ENCRYPTION, buf);
} }
@ -81,7 +81,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
temp[nprefix] = temp[nprefix-2]; temp[nprefix] = temp[nprefix-2];
temp[nprefix+1] = temp[nprefix-1]; temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo ); print_cipher_algo_note( cfx->dek->algo );
err = openpgp_cipher_open (&cfx->cipher_hd, err = openpgp_cipher_open (&cfx->cipher_hd,
cfx->dek->algo, cfx->dek->algo,
GCRY_CIPHER_MODE_CFB, GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE (GCRY_CIPHER_SECURE

2
g10/encr-data.c
View File

@ -119,7 +119,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 ))
BUG (); BUG ();
if ( DBG_HASHING ) if ( DBG_HASHING )
gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); gcry_md_debug (dfx->mdc_hash, "checkmdc");
} }
rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo, rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo,

82
g10/keylist.c
View File

@ -141,7 +141,7 @@ print_seckey_info (PKT_secret_key *sk)
nbits_from_sk (sk), nbits_from_sk (sk),
pubkey_letter (sk->pubkey_algo), pubkey_letter (sk->pubkey_algo),
keystr(keyid), datestr_from_sk (sk), p); keystr(keyid), datestr_from_sk (sk), p);
xfree (p); xfree (p);
} }
@ -185,13 +185,13 @@ print_card_key_info (FILE *fp, KBNODE keyblock)
KBNODE node; KBNODE node;
int i; int i;
for (node = keyblock; node; node = node->next ) for (node = keyblock; node; node = node->next )
{ {
if (node->pkt->pkttype == PKT_SECRET_KEY if (node->pkt->pkttype == PKT_SECRET_KEY
|| (node->pkt->pkttype == PKT_SECRET_SUBKEY) ) || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
{ {
PKT_secret_key *sk = node->pkt->pkt.secret_key; PKT_secret_key *sk = node->pkt->pkt.secret_key;
tty_fprintf (fp, "%s%c %4u%c/%s ", tty_fprintf (fp, "%s%c %4u%c/%s ",
node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb", node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
(sk->protect.s2k.mode==1001)?'#': (sk->protect.s2k.mode==1001)?'#':
@ -205,10 +205,10 @@ print_card_key_info (FILE *fp, KBNODE keyblock)
if (sk->is_protected && sk->protect.s2k.mode == 1002) if (sk->is_protected && sk->protect.s2k.mode == 1002)
{ {
tty_fprintf (fp, "\n "); tty_fprintf (fp, "\n ");
tty_fprintf (fp, _("card-no: ")); tty_fprintf (fp, _("card-no: "));
if (sk->protect.ivlen == 16 if (sk->protect.ivlen == 16
&& !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6)) && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
{ {
/* This is an OpenPGP card. */ /* This is an OpenPGP card. */
for (i=8; i < 14; i++) for (i=8; i < 14; i++)
{ {
@ -454,7 +454,7 @@ list_all( int secret )
merge_keys_and_selfsig( keyblock ); merge_keys_and_selfsig( keyblock );
list_keyblock( keyblock, secret, opt.fingerprint, list_keyblock( keyblock, secret, opt.fingerprint,
opt.check_sigs?&stats:NULL); opt.check_sigs?&stats:NULL);
release_kbnode( keyblock ); release_kbnode( keyblock );
keyblock = NULL; keyblock = NULL;
} while (!(rc = keydb_search_next (hd))); } while (!(rc = keydb_search_next (hd)));
if( rc && rc != -1 ) if( rc && rc != -1 )
@ -548,7 +548,7 @@ locate_one (strlist_t names)
struct sig_stats stats; struct sig_stats stats;
memset (&stats,0,sizeof(stats)); memset (&stats,0,sizeof(stats));
for (sl=names; sl; sl = sl->next) for (sl=names; sl; sl = sl->next)
{ {
rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0); rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
@ -559,18 +559,18 @@ locate_one (strlist_t names)
} }
else else
{ {
do do
{ {
list_keyblock (keyblock, 0, opt.fingerprint, list_keyblock (keyblock, 0, opt.fingerprint,
opt.check_sigs? &stats : NULL ); opt.check_sigs? &stats : NULL );
release_kbnode (keyblock); release_kbnode (keyblock);
} }
while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock)); while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock));
get_pubkey_end (ctx); get_pubkey_end (ctx);
ctx = NULL; ctx = NULL;
} }
} }
if (opt.check_sigs && !opt.with_colons) if (opt.check_sigs && !opt.with_colons)
print_signature_stats (&stats); print_signature_stats (&stats);
} }
@ -597,7 +597,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
{ {
unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage; unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
int c_printed = 0; int c_printed = 0;
if ( use & PUBKEY_USAGE_ENC ) if ( use & PUBKEY_USAGE_ENC )
putchar ('e'); putchar ('e');
@ -627,7 +627,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
int enc=0, sign=0, cert=0, auth=0, disabled=0; int enc=0, sign=0, cert=0, auth=0, disabled=0;
for (k=keyblock; k; k = k->next ) { for (k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
pk = k->pkt->pkt.public_key; pk = k->pkt->pkt.public_key;
@ -649,7 +649,7 @@ print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
auth = 1; auth = 1;
} }
} }
else if ( k->pkt->pkttype == PKT_SECRET_KEY else if ( k->pkt->pkttype == PKT_SECRET_KEY
|| k->pkt->pkttype == PKT_SECRET_SUBKEY ) { || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
sk = k->pkt->pkt.secret_key; sk = k->pkt->pkt.secret_key;
if ( sk->is_valid && !sk->is_revoked && !sk->has_expired if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
@ -982,7 +982,7 @@ list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
case 0: sigrc = '!'; break; case 0: sigrc = '!'; break;
case GPG_ERR_BAD_SIGNATURE: case GPG_ERR_BAD_SIGNATURE:
stats->inv_sigs++; sigrc = '-'; break; stats->inv_sigs++; sigrc = '-'; break;
case GPG_ERR_NO_PUBKEY: case GPG_ERR_NO_PUBKEY:
case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue; case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
default: stats->oth_err++; sigrc = '%'; break; default: stats->oth_err++; sigrc = '%'; break;
} }
@ -1128,9 +1128,9 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
putchar ('r'); putchar ('r');
else if ( pk->has_expired ) else if ( pk->has_expired )
putchar ('e'); putchar ('e');
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
; ;
else else
{ {
trustletter = get_validity_info ( pk, NULL ); trustletter = get_validity_info ( pk, NULL );
if ( trustletter == 'u' ) if ( trustletter == 'u' )
@ -1186,7 +1186,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL) if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
dump_attribs (node->pkt->pkt.user_id,pk,sk); dump_attribs (node->pkt->pkt.user_id,pk,sk);
/* /*
* Fixme: We need a is_valid flag here too * Fixme: We need a is_valid flag here too
*/ */
str = uid->attrib_data? "uat":"uid"; str = uid->attrib_data? "uat":"uid";
/* If we're listing a secret key, leave out the validity /* If we're listing a secret key, leave out the validity
@ -1199,25 +1199,25 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
printf ("%s:e::::",str); printf ("%s:e::::",str);
else if ( opt.no_expensive_trust_checks ) else if ( opt.no_expensive_trust_checks )
printf ("%s:::::",str); printf ("%s:::::",str);
else else
{ {
int uid_validity; int uid_validity;
if ( pk && !ulti_hack ) if ( pk && !ulti_hack )
uid_validity=get_validity_info (pk, uid); uid_validity=get_validity_info (pk, uid);
else else
uid_validity = 'u'; uid_validity = 'u';
printf ("%s:%c::::",str,uid_validity); printf ("%s:%c::::",str,uid_validity);
} }
printf ("%s:", colon_strtime (uid->created)); printf ("%s:", colon_strtime (uid->created));
printf ("%s:", colon_strtime (uid->expiredate)); printf ("%s:", colon_strtime (uid->expiredate));
namehash_from_uid (uid); namehash_from_uid (uid);
for (i=0; i < 20; i++ ) for (i=0; i < 20; i++ )
printf ("%02X",uid->namehash[i]); printf ("%02X",uid->namehash[i]);
printf ("::"); printf ("::");
if (uid->attrib_data) if (uid->attrib_data)
@ -1227,11 +1227,11 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
putchar (':'); putchar (':');
putchar ('\n'); putchar ('\n');
} }
else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
{ {
u32 keyid2[2]; u32 keyid2[2];
PKT_public_key *pk2 = node->pkt->pkt.public_key; PKT_public_key *pk2 = node->pkt->pkt.public_key;
keyid_from_pk ( pk2, keyid2 ); keyid_from_pk ( pk2, keyid2 );
fputs ("sub:", stdout ); fputs ("sub:", stdout );
if ( !pk2->is_valid ) if ( !pk2->is_valid )
@ -1291,7 +1291,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
} }
putchar(':'); /* End of field 15. */ putchar(':'); /* End of field 15. */
putchar ('\n'); putchar ('\n');
if ( fpr > 1 ) if ( fpr > 1 )
print_fingerprint ( NULL, sk2, 0 ); print_fingerprint ( NULL, sk2, 0 );
} }
@ -1302,7 +1302,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
char *sigstr; char *sigstr;
size_t fplen; size_t fplen;
byte fparray[MAX_FINGERPRINT_LEN]; byte fparray[MAX_FINGERPRINT_LEN];
if ( sig->sig_class == 0x20 || sig->sig_class == 0x28 if ( sig->sig_class == 0x20 || sig->sig_class == 0x28
|| sig->sig_class == 0x30 ) || sig->sig_class == 0x30 )
sigstr = "rev"; sigstr = "rev";
@ -1312,7 +1312,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
sigstr = "sig"; sigstr = "sig";
else if ( sig->sig_class == 0x1F ) else if ( sig->sig_class == 0x1F )
sigstr = "sig"; sigstr = "sig";
else else
{ {
printf ("sig::::::::::%02x%c:\n", printf ("sig::::::::::%02x%c:\n",
sig->sig_class, sig->flags.exportable?'x':'l'); sig->sig_class, sig->flags.exportable?'x':'l');
@ -1322,18 +1322,18 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
if ( opt.check_sigs ) if ( opt.check_sigs )
{ {
PKT_public_key *signer_pk=NULL; PKT_public_key *signer_pk=NULL;
fflush (stdout); fflush (stdout);
if (opt.no_sig_cache) if (opt.no_sig_cache)
signer_pk = xmalloc_clear (sizeof(PKT_public_key)); signer_pk = xmalloc_clear (sizeof(PKT_public_key));
rc = check_key_signature2 ( keyblock, node, NULL, signer_pk, rc = check_key_signature2 ( keyblock, node, NULL, signer_pk,
NULL, NULL, NULL ); NULL, NULL, NULL );
switch ( gpg_err_code (rc) ) switch ( gpg_err_code (rc) )
{ {
case 0: sigrc = '!'; break; case 0: sigrc = '!'; break;
case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break; case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
case GPG_ERR_NO_PUBKEY: case GPG_ERR_NO_PUBKEY:
case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break; case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
default: sigrc = '%'; break; default: sigrc = '%'; break;
} }
@ -1348,7 +1348,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
free_public_key(signer_pk); free_public_key(signer_pk);
} }
} }
else else
{ {
rc = 0; rc = 0;
sigrc = ' '; sigrc = ' ';
@ -1370,7 +1370,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_string (stdout,sig->trust_regexp, print_string (stdout,sig->trust_regexp,
strlen(sig->trust_regexp),':'); strlen(sig->trust_regexp),':');
printf(":"); printf(":");
if ( sigrc == '%' ) if ( sigrc == '%' )
printf("[%s] ", g10_errstr(rc) ); printf("[%s] ", g10_errstr(rc) );
else if ( sigrc == '?' ) else if ( sigrc == '?' )
@ -1417,8 +1417,8 @@ do_reorder_keyblock (KBNODE keyblock,int attr)
node->pkt->pkt.user_id->is_primary ) { node->pkt->pkt.user_id->is_primary ) {
primary = primary2 = node; primary = primary2 = node;
for (node=node->next; node; primary2=node, node = node->next ) { for (node=node->next; node; primary2=node, node = node->next ) {
if( node->pkt->pkttype == PKT_USER_ID if( node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) { || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
break; break;
} }
@ -1540,7 +1540,7 @@ print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
fp = stdout; fp = stdout;
text = _(" Key fingerprint ="); text = _(" Key fingerprint =");
} }
if (sk) if (sk)
fingerprint_from_sk (sk, array, &n); fingerprint_from_sk (sk, array, &n);
else else
@ -1600,7 +1600,7 @@ print_card_serialno (PKT_secret_key *sk)
if (!sk) if (!sk)
return; return;
if (!sk->is_protected || sk->protect.s2k.mode != 1002) if (!sk->is_protected || sk->protect.s2k.mode != 1002)
return; /* Not a card. */ return; /* Not a card. */
if (opt.with_colons) if (opt.with_colons)
return; /* Handled elsewhere. */ return; /* Handled elsewhere. */
@ -1635,11 +1635,11 @@ set_attrib_fd (int fd)
if ( fd != -1 && last_fd == fd ) if ( fd != -1 && last_fd == fd )
return; return;
if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr
&& attrib_fp != log_get_stream () ) && attrib_fp != log_get_stream () )
fclose (attrib_fp); fclose (attrib_fp);
attrib_fp = NULL; attrib_fp = NULL;
if ( fd == -1 ) if ( fd == -1 )
return; return;
#ifdef HAVE_DOSISH_SYSTEM #ifdef HAVE_DOSISH_SYSTEM
@ -1651,11 +1651,11 @@ set_attrib_fd (int fd)
attrib_fp = stderr; attrib_fp = stderr;
else else
attrib_fp = fdopen (fd, "wb"); attrib_fp = fdopen (fd, "wb");
if (!attrib_fp) if (!attrib_fp)
{ {
log_fatal("can't open fd %d for attribute output: %s\n", log_fatal("can't open fd %d for attribute output: %s\n",
fd, strerror(errno)); fd, strerror(errno));
} }
last_fd = fd; last_fd = fd;
} }

8
g10/mainproc.c
View File

@ -699,9 +699,9 @@ proc_plaintext( CTX c, PACKET *pkt )
BUG (); BUG ();
} }
if ( DBG_HASHING ) { if ( DBG_HASHING ) {
gcry_md_start_debug ( c->mfx.md, "verify" ); gcry_md_debug ( c->mfx.md, "verify" );
if ( c->mfx.md2 ) if ( c->mfx.md2 )
gcry_md_start_debug ( c->mfx.md2, "verify2" ); gcry_md_debug ( c->mfx.md2, "verify2" );
} }
rc=0; rc=0;
@ -2138,9 +2138,9 @@ proc_tree( CTX c, KBNODE node )
/* c->mfx.md2? 0 :(sig->sig_class == 0x01) */ /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */
#endif #endif
if ( DBG_HASHING ) { if ( DBG_HASHING ) {
gcry_md_start_debug( c->mfx.md, "verify" ); gcry_md_debug( c->mfx.md, "verify" );
if ( c->mfx.md2 ) if ( c->mfx.md2 )
gcry_md_start_debug( c->mfx.md2, "verify2" ); gcry_md_debug( c->mfx.md2, "verify2" );
} }
if( c->sigs_only ) { if( c->sigs_only ) {
if (c->signed_data.used && c->signed_data.data_fd != -1) if (c->signed_data.used && c->signed_data.data_fd != -1)

48
g10/sign.c
View File

@ -150,7 +150,7 @@ mk_notation_policy_etc( PKT_signature *sig,
/* /*
* Helper to hash a user ID packet. * Helper to hash a user ID packet.
*/ */
static void static void
hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
@ -188,7 +188,7 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
static void static void
hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
{ {
if (sig->version >= 4) if (sig->version >= 4)
gcry_md_putc (md, sig->version); gcry_md_putc (md, sig->version);
gcry_md_putc (md, sig->sig_class); gcry_md_putc (md, sig->sig_class);
if (sig->version < 4) { if (sig->version < 4) {
@ -201,7 +201,7 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
else { else {
byte buf[6]; byte buf[6];
size_t n; size_t n;
gcry_md_putc (md, sig->pubkey_algo); gcry_md_putc (md, sig->pubkey_algo);
gcry_md_putc (md, sig->digest_algo); gcry_md_putc (md, sig->digest_algo);
if (sig->hashed) { if (sig->hashed) {
@ -257,13 +257,13 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
sig->digest_algo = digest_algo; sig->digest_algo = digest_algo;
sig->digest_start[0] = dp[0]; sig->digest_start[0] = dp[0];
sig->digest_start[1] = dp[1]; sig->digest_start[1] = dp[1];
if (sk->is_protected && sk->protect.s2k.mode == 1002) if (sk->is_protected && sk->protect.s2k.mode == 1002)
{ {
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
unsigned char *rbuf; unsigned char *rbuf;
size_t rbuflen; size_t rbuflen;
char *snbuf; char *snbuf;
snbuf = serialno_and_fpr_from_sk (sk->protect.iv, snbuf = serialno_and_fpr_from_sk (sk->protect.iv,
sk->protect.ivlen, sk); sk->protect.ivlen, sk);
rc = agent_scd_pksign (snbuf, digest_algo, rc = agent_scd_pksign (snbuf, digest_algo,
@ -282,7 +282,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
return gpg_error (GPG_ERR_NOT_SUPPORTED); return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif /* ENABLE_CARD_SUPPORT */ #endif /* ENABLE_CARD_SUPPORT */
} }
else else
{ {
frame = encode_md_value( NULL, sk, md, digest_algo ); frame = encode_md_value( NULL, sk, md, digest_algo );
if (!frame) if (!frame)
@ -495,7 +495,7 @@ print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what )
* Loop over the secret certificates in SK_LIST and build the one pass * Loop over the secret certificates in SK_LIST and build the one pass
* signature packets. OpenPGP says that the data should be bracket by * signature packets. OpenPGP says that the data should be bracket by
* the onepass-sig and signature-packet; so we build these onepass * the onepass-sig and signature-packet; so we build these onepass
* packet here in reverse order * packet here in reverse order
*/ */
static int static int
write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
@ -511,7 +511,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
PKT_onepass_sig *ops; PKT_onepass_sig *ops;
PACKET pkt; PACKET pkt;
int i, rc; int i, rc;
for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
if (++i == skcount) if (++i == skcount)
break; break;
@ -524,7 +524,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass )
ops->pubkey_algo = sk->pubkey_algo; ops->pubkey_algo = sk->pubkey_algo;
keyid_from_sk (sk, ops->keyid); keyid_from_sk (sk, ops->keyid);
ops->last = (skcount == 1); ops->last = (skcount == 1);
init_packet(&pkt); init_packet(&pkt);
pkt.pkttype = PKT_ONEPASS_SIG; pkt.pkttype = PKT_ONEPASS_SIG;
pkt.pkt.onepass_sig = ops; pkt.pkt.onepass_sig = ops;
@ -612,7 +612,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
wipememory(copy_buffer,4096); /* burn buffer */ wipememory(copy_buffer,4096); /* burn buffer */
} }
/* fixme: it seems that we never freed pt/pkt */ /* fixme: it seems that we never freed pt/pkt */
return rc; return rc;
} }
@ -777,7 +777,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
inp = NULL; inp = NULL;
errno = EPERM; errno = EPERM;
} }
if( !inp ) if( !inp )
{ {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]",
@ -817,7 +817,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
if ( gcry_md_open (&mfx.md, 0, 0) ) if ( gcry_md_open (&mfx.md, 0, 0) )
BUG (); BUG ();
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (mfx.md, "sign"); gcry_md_debug (mfx.md, "sign");
/* If we're encrypting and signing, it is reasonable to pick the /* If we're encrypting and signing, it is reasonable to pick the
hash algorithm to use out of the recepient key prefs. This is hash algorithm to use out of the recepient key prefs. This is
@ -928,7 +928,7 @@ sign_file( strlist_t filenames, int detached, strlist_t locusr,
there is an assumed preference for uncompressed data. there is an assumed preference for uncompressed data.
Still, if it did fail, we'll also end up with the Still, if it did fail, we'll also end up with the
default. */ default. */
if((compr_algo= if((compr_algo=
select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1) select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1)
compr_algo=default_compress_algo(); compr_algo=default_compress_algo();
@ -1091,7 +1091,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
} }
if( !inp ) { if( !inp ) {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
log_error (_("can't open `%s': %s\n"), log_error (_("can't open `%s': %s\n"),
fname? fname: "[stdin]", strerror(errno) ); fname? fname: "[stdin]", strerror(errno) );
goto leave; goto leave;
} }
@ -1102,7 +1102,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
outfile = NULL; outfile = NULL;
errno = EPERM; errno = EPERM;
} }
else else
out = iobuf_create( outfile ); out = iobuf_create( outfile );
if( !out ) if( !out )
{ {
@ -1166,7 +1166,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
gcry_md_enable (textmd, hash_for(sk)); gcry_md_enable (textmd, hash_for(sk));
} }
if ( DBG_HASHING ) if ( DBG_HASHING )
gcry_md_start_debug ( textmd, "clearsign" ); gcry_md_debug ( textmd, "clearsign" );
copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped, copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
opt.escape_from, (old_style && only_md5) ); opt.escape_from, (old_style && only_md5) );
@ -1190,7 +1190,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
gcry_md_close ( textmd ); gcry_md_close ( textmd );
release_sk_list( sk_list ); release_sk_list( sk_list );
release_progress_context (pfx); release_progress_context (pfx);
release_armor_context (afx); release_armor_context (afx);
return rc; return rc;
} }
@ -1234,7 +1234,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
} }
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
if (rc) if (rc)
goto leave; goto leave;
/* prepare iobufs */ /* prepare iobufs */
@ -1247,7 +1247,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
} }
if( !inp ) { if( !inp ) {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
log_error (_("can't open `%s': %s\n"), log_error (_("can't open `%s': %s\n"),
fname? fname: "[stdin]", strerror(errno) ); fname? fname: "[stdin]", strerror(errno) );
goto leave; goto leave;
} }
@ -1288,7 +1288,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
if ( gcry_md_open (&mfx.md, 0, 0) ) if ( gcry_md_open (&mfx.md, 0, 0) )
BUG (); BUG ();
if ( DBG_HASHING ) if ( DBG_HASHING )
gcry_md_start_debug (mfx.md, "symc-sign"); gcry_md_debug (mfx.md, "symc-sign");
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) { for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) {
PKT_secret_key *sk = sk_rover->sk; PKT_secret_key *sk = sk_rover->sk;
@ -1338,7 +1338,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b'); rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b');
if (rc) if (rc)
goto leave; goto leave;
/* Write the signatures */ /* Write the signatures */
/*(current filters: zip - encrypt - armor)*/ /*(current filters: zip - encrypt - armor)*/
rc = write_signature_packets (sk_list, out, mfx.md, rc = write_signature_packets (sk_list, out, mfx.md,
@ -1497,7 +1497,7 @@ int
update_keysig_packet( PKT_signature **ret_sig, update_keysig_packet( PKT_signature **ret_sig,
PKT_signature *orig_sig, PKT_signature *orig_sig,
PKT_public_key *pk, PKT_public_key *pk,
PKT_user_id *uid, PKT_user_id *uid,
PKT_public_key *subpk, PKT_public_key *subpk,
PKT_secret_key *sk, PKT_secret_key *sk,
int (*mksubpkt)(PKT_signature *, void *), int (*mksubpkt)(PKT_signature *, void *),
@ -1530,7 +1530,7 @@ update_keysig_packet( PKT_signature **ret_sig,
/* create a new signature packet */ /* create a new signature packet */
sig = copy_signature (NULL, orig_sig); sig = copy_signature (NULL, orig_sig);
/* We need to create a new timestamp so that new sig expiration /* We need to create a new timestamp so that new sig expiration
calculations are done correctly... */ calculations are done correctly... */
sig->timestamp=make_timestamp(); sig->timestamp=make_timestamp();

5
scd/scdaemon.c
View File

@ -206,11 +206,12 @@ static void handle_connections (int listen_fd);
ASSUAN_SYSTEM_PTH_IMPL; ASSUAN_SYSTEM_PTH_IMPL;
GCRY_THREAD_OPTION_PTH_IMPL; GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void) static int fixed_gcry_pth_init (void)
{ {
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0; return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
} }
#endif
static char * static char *
@ -409,7 +410,9 @@ main (int argc, char **argv )
/* Libgcrypt requires us to register the threading model first. /* Libgcrypt requires us to register the threading model first.
Note that this will also do the pth_init. */ Note that this will also do the pth_init. */
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init; gcry_threads_pth.init = fixed_gcry_pth_init;
#endif
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth); err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err) if (err)
{ {

20
sm/certcheck.c
View File

@ -22,7 +22,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
#include <time.h> #include <time.h>
#include <assert.h> #include <assert.h>
@ -106,7 +106,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
{ {
log_error (_("a %u bit hash is not valid for a %u bit %s key\n"), log_error (_("a %u bit hash is not valid for a %u bit %s key\n"),
(unsigned int)nframe*8, (unsigned int)nframe*8,
gcry_pk_get_nbits (pkey), gcry_pk_get_nbits (pkey),
gcry_pk_algo_name (pkalgo)); gcry_pk_algo_name (pkalgo));
/* FIXME: we need to check the requirements for ECDSA. */ /* FIXME: we need to check the requirements for ECDSA. */
if (nframe < 20 || pkalgo == GCRY_PK_DSA ) if (nframe < 20 || pkalgo == GCRY_PK_DSA )
@ -139,16 +139,16 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
log_error ("no object identifier for algo %d\n", algo); log_error ("no object identifier for algo %d\n", algo);
return gpg_error (GPG_ERR_INTERNAL); return gpg_error (GPG_ERR_INTERNAL);
} }
len = gcry_md_get_algo_dlen (algo); len = gcry_md_get_algo_dlen (algo);
if ( len + asnlen + 4 > nframe ) if ( len + asnlen + 4 > nframe )
{ {
log_error ("can't encode a %d bit MD into a %d bits frame\n", log_error ("can't encode a %d bit MD into a %d bits frame\n",
(int)(len*8), (int)nbits); (int)(len*8), (int)nbits);
return gpg_error (GPG_ERR_INTERNAL); return gpg_error (GPG_ERR_INTERNAL);
} }
/* We encode the MD in this way: /* We encode the MD in this way:
* *
* 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes) * 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
@ -177,7 +177,7 @@ do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits,
log_printf (" %02X", frame[j]); log_printf (" %02X", frame[j]);
log_printf ("\n"); log_printf ("\n");
} }
gcry_mpi_scan (r_val, GCRYMPI_FMT_USG, frame, n, &nframe); gcry_mpi_scan (r_val, GCRYMPI_FMT_USG, frame, n, &nframe);
xfree (frame); xfree (frame);
return 0; return 0;
@ -251,7 +251,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
return rc; return rc;
} }
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (md, "hash.cert"); gcry_md_debug (md, "hash.cert");
rc = ksba_cert_hash (cert, 1, HASH_FNC, md); rc = ksba_cert_hash (cert, 1, HASH_FNC, md);
if (rc) if (rc)
@ -324,7 +324,7 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
BUG (); BUG ();
gcry_mpi_release (frame); gcry_mpi_release (frame);
rc = gcry_pk_verify (s_sig, s_hash, s_pkey); rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_X509) if (DBG_X509)
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc)); log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
@ -400,7 +400,7 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) ) if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) )
BUG (); BUG ();
gcry_mpi_release (frame); gcry_mpi_release (frame);
rc = gcry_pk_verify (s_sig, s_hash, s_pkey); rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (DBG_X509) if (DBG_X509)
log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc)); log_debug ("gcry_pk_verify: %s\n", gpg_strerror (rc));
@ -427,7 +427,7 @@ gpgsm_create_cms_signature (ctrl_t ctrl, ksba_cert_t cert,
desc = gpgsm_format_keydesc (cert); desc = gpgsm_format_keydesc (cert);
rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo), rc = gpgsm_agent_pksign (ctrl, grip, desc, gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), mdalgo, gcry_md_get_algo_dlen (mdalgo), mdalgo,
r_sigval, &siglen); r_sigval, &siglen);
xfree (desc); xfree (desc);

58
sm/certreqgen.c
View File

@ -74,9 +74,9 @@ The format of the native parameter file is follows:
This is the DN name of the subject in rfc2253 format. This is the DN name of the subject in rfc2253 format.
Name-Email: <string> Name-Email: <string>
The is an email address for the altSubjectName The is an email address for the altSubjectName
Name-DNS: <string> Name-DNS: <string>
The is an DNS name for the altSubjectName The is an DNS name for the altSubjectName
Name-URI: <string> Name-URI: <string>
The is an URI for the altSubjectName The is an URI for the altSubjectName
Here is an example: Here is an example:
@ -98,7 +98,7 @@ EOF
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
#include <time.h> #include <time.h>
#include <assert.h> #include <assert.h>
@ -126,7 +126,7 @@ struct para_data_s {
int lnr; int lnr;
enum para_name key; enum para_name key;
union { union {
unsigned int usage; unsigned int usage;
char value[1]; char value[1];
} u; } u;
}; };
@ -156,7 +156,7 @@ static void
release_parameter_list (struct para_data_s *r) release_parameter_list (struct para_data_s *r)
{ {
struct para_data_s *r2; struct para_data_s *r2;
for (; r ; r = r2) for (; r ; r = r2)
{ {
r2 = r->next; r2 = r->next;
@ -168,7 +168,7 @@ static struct para_data_s *
get_parameter (struct para_data_s *para, enum para_name key, int seq) get_parameter (struct para_data_s *para, enum para_name key, int seq)
{ {
struct para_data_s *r; struct para_data_s *r;
for (r = para; r ; r = r->next) for (r = para; r ; r = r->next)
if ( r->key == key && !seq--) if ( r->key == key && !seq--)
return r; return r;
@ -190,7 +190,7 @@ get_parameter_algo (struct para_data_s *para, enum para_name key)
return -1; return -1;
if (digitp (r->u.value)) if (digitp (r->u.value))
return atoi( r->u.value ); return atoi( r->u.value );
return gcry_pk_map_name (r->u.value); return gcry_pk_map_name (r->u.value);
} }
/* Parse the usage parameter. Returns 0 on success. Note that we /* Parse the usage parameter. Returns 0 on success. Note that we
@ -203,10 +203,10 @@ parse_parameter_usage (struct para_data_s *para, enum para_name key)
struct para_data_s *r = get_parameter (para, key, 0); struct para_data_s *r = get_parameter (para, key, 0);
char *p, *pn; char *p, *pn;
unsigned int use; unsigned int use;
if (!r) if (!r)
return 0; /* none (this is an optional parameter)*/ return 0; /* none (this is an optional parameter)*/
use = 0; use = 0;
pn = r->u.value; pn = r->u.value;
while ( (p = strsep (&pn, " \t,")) ) while ( (p = strsep (&pn, " \t,")) )
@ -474,7 +474,7 @@ proc_parameters (ctrl_t ctrl,
log_error (_("line %d: invalid algorithm\n"), r->lnr); log_error (_("line %d: invalid algorithm\n"), r->lnr);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* Check the keylength. */ /* Check the keylength. */
if (!get_parameter (para, pKEYLENGTH, 0)) if (!get_parameter (para, pKEYLENGTH, 0))
nbits = 2048; nbits = 2048;
@ -489,7 +489,7 @@ proc_parameters (ctrl_t ctrl,
xfree (cardkeyid); xfree (cardkeyid);
return gpg_error (GPG_ERR_INV_PARAMETER); return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* Check the usage. */ /* Check the usage. */
if (parse_parameter_usage (para, pKEYUSAGE)) if (parse_parameter_usage (para, pKEYUSAGE))
{ {
@ -523,7 +523,7 @@ proc_parameters (ctrl_t ctrl,
/* Check that the optional email address is okay. */ /* Check that the optional email address is okay. */
for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++) for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
{ {
if (has_invalid_email_chars (s) if (has_invalid_email_chars (s)
|| *s == '@' || *s == '@'
|| s[strlen(s)-1] == '@' || s[strlen(s)-1] == '@'
@ -564,7 +564,7 @@ proc_parameters (ctrl_t ctrl,
else /* Generate new key. */ else /* Generate new key. */
{ {
sprintf (numbuf, "%u", nbits); sprintf (numbuf, "%u", nbits);
snprintf ((char*)keyparms, DIM (keyparms)-1, snprintf ((char*)keyparms, DIM (keyparms)-1,
"(6:genkey(3:rsa(5:nbits%d:%s)))", "(6:genkey(3:rsa(5:nbits%d:%s)))",
(int)strlen (numbuf), numbuf); (int)strlen (numbuf), numbuf);
rc = gpgsm_agent_genkey (ctrl, keyparms, &public); rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
@ -589,8 +589,8 @@ proc_parameters (ctrl_t ctrl,
/* Parameters are checked, the key pair has been created. Now /* Parameters are checked, the key pair has been created. Now
generate the request and write it out */ generate the request and write it out */
static int static int
create_request (ctrl_t ctrl, create_request (ctrl_t ctrl,
struct para_data_s *para, struct para_data_s *para,
const char *carddirect, const char *carddirect,
ksba_const_sexp_t public, ksba_const_sexp_t public,
struct reqgen_ctrl_s *outctrl) struct reqgen_ctrl_s *outctrl)
@ -618,11 +618,11 @@ create_request (ctrl_t ctrl,
goto leave; goto leave;
} }
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (md, "cr.cri"); gcry_md_debug (md, "cr.cri");
ksba_certreq_set_hash_function (cr, HASH_FNC, md); ksba_certreq_set_hash_function (cr, HASH_FNC, md);
ksba_certreq_set_writer (cr, outctrl->writer); ksba_certreq_set_writer (cr, outctrl->writer);
err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0)); err = ksba_certreq_add_subject (cr, get_parameter_value (para, pNAMEDN, 0));
if (err) if (err)
{ {
@ -718,14 +718,14 @@ create_request (ctrl_t ctrl,
goto leave; goto leave;
} }
use = get_parameter_uint (para, pKEYUSAGE); use = get_parameter_uint (para, pKEYUSAGE);
if (use == GCRY_PK_USAGE_SIGN) if (use == GCRY_PK_USAGE_SIGN)
{ {
/* For signing only we encode the bits: /* For signing only we encode the bits:
KSBA_KEYUSAGE_DIGITAL_SIGNATURE KSBA_KEYUSAGE_DIGITAL_SIGNATURE
KSBA_KEYUSAGE_NON_REPUDIATION */ KSBA_KEYUSAGE_NON_REPUDIATION */
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
"\x03\x02\x06\xC0", 4); "\x03\x02\x06\xC0", 4);
} }
else if (use == GCRY_PK_USAGE_ENCR) else if (use == GCRY_PK_USAGE_ENCR)
@ -733,7 +733,7 @@ create_request (ctrl_t ctrl,
/* For encrypt only we encode the bits: /* For encrypt only we encode the bits:
KSBA_KEYUSAGE_KEY_ENCIPHERMENT KSBA_KEYUSAGE_KEY_ENCIPHERMENT
KSBA_KEYUSAGE_DATA_ENCIPHERMENT */ KSBA_KEYUSAGE_DATA_ENCIPHERMENT */
err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1,
"\x03\x02\x04\x30", 4); "\x03\x02\x04\x30", 4);
} }
else else
@ -746,7 +746,7 @@ create_request (ctrl_t ctrl,
goto leave; goto leave;
} }
do do
{ {
err = ksba_certreq_build (cr, &stopreason); err = ksba_certreq_build (cr, &stopreason);
@ -788,11 +788,11 @@ create_request (ctrl_t ctrl,
gcry_sexp_release (s_pkey); gcry_sexp_release (s_pkey);
bin2hex (grip, 20, hexgrip); bin2hex (grip, 20, hexgrip);
log_info ("about to sign CSR for key: &%s\n", hexgrip); log_info ("about to sign CSR for key: &%s\n", hexgrip);
if (carddirect) if (carddirect)
rc = gpgsm_scd_pksign (ctrl, carddirect, NULL, rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
gcry_md_read(md, GCRY_MD_SHA1), gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_get_algo_dlen (GCRY_MD_SHA1), gcry_md_get_algo_dlen (GCRY_MD_SHA1),
GCRY_MD_SHA1, GCRY_MD_SHA1,
&sigval, &siglen); &sigval, &siglen);
@ -802,13 +802,13 @@ create_request (ctrl_t ctrl,
char *desc; char *desc;
orig_codeset = i18n_switchto_utf8 (); orig_codeset = i18n_switchto_utf8 ();
desc = percent_plus_escape desc = percent_plus_escape
(_("To complete this certificate request please enter" (_("To complete this certificate request please enter"
" the passphrase for the key you just created once" " the passphrase for the key you just created once"
" more.\n")); " more.\n"));
i18n_switchback (orig_codeset); i18n_switchback (orig_codeset);
rc = gpgsm_agent_pksign (ctrl, hexgrip, desc, rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
gcry_md_read(md, GCRY_MD_SHA1), gcry_md_read(md, GCRY_MD_SHA1),
gcry_md_get_algo_dlen (GCRY_MD_SHA1), gcry_md_get_algo_dlen (GCRY_MD_SHA1),
GCRY_MD_SHA1, GCRY_MD_SHA1,
&sigval, &siglen); &sigval, &siglen);
@ -819,7 +819,7 @@ create_request (ctrl_t ctrl,
log_error ("signing failed: %s\n", gpg_strerror (rc)); log_error ("signing failed: %s\n", gpg_strerror (rc));
goto leave; goto leave;
} }
err = ksba_certreq_set_sig_val (cr, sigval); err = ksba_certreq_set_sig_val (cr, sigval);
xfree (sigval); xfree (sigval);
if (err) if (err)
@ -831,13 +831,13 @@ create_request (ctrl_t ctrl,
} }
} }
} }
while (stopreason != KSBA_SR_READY); while (stopreason != KSBA_SR_READY);
leave: leave:
gcry_md_close (md); gcry_md_close (md);
ksba_certreq_release (cr); ksba_certreq_release (cr);
return rc; return rc;
} }
@ -868,7 +868,7 @@ gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, FILE *out_fp)
} }
rc = gpgsm_finish_writer (b64writer); rc = gpgsm_finish_writer (b64writer);
if (rc) if (rc)
{ {
log_error ("write failed: %s\n", gpg_strerror (rc)); log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave; goto leave;

62
sm/sign.c
View File

@ -22,7 +22,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
#include <time.h> #include <time.h>
#include <assert.h> #include <assert.h>
@ -50,7 +50,7 @@ hash_data (int fd, gcry_md_hd_t md)
return -1; return -1;
} }
do do
{ {
nread = fread (buffer, 1, DIM(buffer), fp); nread = fread (buffer, 1, DIM(buffer), fp);
gcry_md_write (md, buffer, nread); gcry_md_write (md, buffer, nread);
@ -83,7 +83,7 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
return tmperr; return tmperr;
} }
do do
{ {
nread = fread (buffer, 1, DIM(buffer), fp); nread = fread (buffer, 1, DIM(buffer), fp);
if (nread) if (nread)
@ -152,7 +152,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
do do
{ {
rc = keydb_get_cert (hd, &cert); rc = keydb_get_cert (hd, &cert);
if (rc) if (rc)
{ {
log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc)); log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));
keydb_release (hd); keydb_release (hd);
@ -175,13 +175,13 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
} }
} }
ksba_cert_release (cert); ksba_cert_release (cert);
cert = NULL; cert = NULL;
} }
while (!(rc = keydb_search_next (hd))); while (!(rc = keydb_search_next (hd)));
if (rc && rc != -1) if (rc && rc != -1)
log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc)); log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc));
ksba_cert_release (cert); ksba_cert_release (cert);
keydb_release (hd); keydb_release (hd);
return rc; return rc;
@ -225,7 +225,7 @@ get_default_signer (ctrl_t ctrl)
{ {
log_debug ("failed to find default certificate: rc=%d\n", rc); log_debug ("failed to find default certificate: rc=%d\n", rc);
} }
else else
{ {
rc = keydb_get_cert (kh, &cert); rc = keydb_get_cert (kh, &cert);
if (rc) if (rc)
@ -241,7 +241,7 @@ get_default_signer (ctrl_t ctrl)
/* Depending on the options in CTRL add the certificate CERT as well as /* Depending on the options in CTRL add the certificate CERT as well as
other certificate up in the chain to the Root-CA to the CMS other certificate up in the chain to the Root-CA to the CMS
object. */ object. */
static int static int
add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert) add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
{ {
gpg_error_t err; gpg_error_t err;
@ -302,7 +302,7 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
/* Perform a sign operation. /* Perform a sign operation.
Sign the data received on DATA-FD in embedded mode or in detached Sign the data received on DATA-FD in embedded mode or in detached
mode when DETACHED is true. Write the signature to OUT_FP. The mode when DETACHED is true. Write the signature to OUT_FP. The
@ -380,7 +380,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (!cert) if (!cert)
{ {
log_error ("no default signer found\n"); log_error ("no default signer found\n");
gpgsm_status2 (ctrl, STATUS_INV_SGNR, gpgsm_status2 (ctrl, STATUS_INV_SGNR,
get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL); get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
rc = gpg_error (GPG_ERR_GENERAL); rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
@ -396,7 +396,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
char *tmpfpr; char *tmpfpr;
tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0); tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
gpgsm_status2 (ctrl, STATUS_INV_SGNR, gpgsm_status2 (ctrl, STATUS_INV_SGNR,
get_inv_recpsgnr_code (rc), tmpfpr, NULL); get_inv_recpsgnr_code (rc), tmpfpr, NULL);
xfree (tmpfpr); xfree (tmpfpr);
goto leave; goto leave;
@ -442,13 +442,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break; case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break;
case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break; case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break;
/* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */ /* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */
case GCRY_MD_MD5: /* We don't want to use MD5. */ case GCRY_MD_MD5: /* We don't want to use MD5. */
case 0: /* No algorithm found in cert. */ case 0: /* No algorithm found in cert. */
default: /* Other algorithms. */ default: /* Other algorithms. */
log_info (_("hash algorithm %d (%s) for signer %d not supported;" log_info (_("hash algorithm %d (%s) for signer %d not supported;"
" using %s\n"), " using %s\n"),
cl->hash_algo, oid? oid: "?", i, cl->hash_algo, oid? oid: "?", i,
gcry_md_algo_name (GCRY_MD_SHA1)); gcry_md_algo_name (GCRY_MD_SHA1));
cl->hash_algo = GCRY_MD_SHA1; cl->hash_algo = GCRY_MD_SHA1;
oid = "1.3.14.3.2.26"; oid = "1.3.14.3.2.26";
@ -460,7 +460,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (opt.verbose) if (opt.verbose)
{ {
for (i=0, cl=signerlist; cl; cl = cl->next, i++) for (i=0, cl=signerlist; cl; cl = cl->next, i++)
log_info (_("hash algorithm used for signer %d: %s (%s)\n"), log_info (_("hash algorithm used for signer %d: %s (%s)\n"),
i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid); i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid);
} }
@ -471,7 +471,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
rc = gpgsm_cert_use_sign_p (cl->cert); rc = gpgsm_cert_use_sign_p (cl->cert);
if (rc) if (rc)
goto leave; goto leave;
err = ksba_cms_add_signer (cms, cl->cert); err = ksba_cms_add_signer (cms, cl->cert);
if (err) if (err)
{ {
@ -505,13 +505,13 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
{ {
size_t buflen; size_t buflen;
char buffer[1]; char buffer[1];
err = ksba_cert_get_user_data (cl->cert, "is_qualified", err = ksba_cert_get_user_data (cl->cert, "is_qualified",
&buffer, sizeof (buffer), &buflen); &buffer, sizeof (buffer), &buflen);
if (err || !buflen) if (err || !buflen)
{ {
log_error (_("checking for qualified certificate failed: %s\n"), log_error (_("checking for qualified certificate failed: %s\n"),
gpg_strerror (err)); gpg_strerror (err));
rc = err; rc = err;
goto leave; goto leave;
} }
@ -525,7 +525,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
goto leave; goto leave;
} }
} }
/* Prepare hashing (actually we are figuring out what we have set /* Prepare hashing (actually we are figuring out what we have set
above). */ above). */
rc = gcry_md_open (&data_md, 0, 0); rc = gcry_md_open (&data_md, 0, 0);
@ -535,7 +535,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
goto leave; goto leave;
} }
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (data_md, "sign.data"); gcry_md_debug (data_md, "sign.data");
for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++) for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++)
{ {
@ -614,7 +614,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
/* Main building loop. */ /* Main building loop. */
do do
{ {
err = ksba_cms_build (cms, &stopreason); err = ksba_cms_build (cms, &stopreason);
if (err) if (err)
@ -625,7 +625,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
} }
if (stopreason == KSBA_SR_BEGIN_DATA) if (stopreason == KSBA_SR_BEGIN_DATA)
{ {
/* Hash the data and store the message digest. */ /* Hash the data and store the message digest. */
unsigned char *digest; unsigned char *digest;
size_t digest_len; size_t digest_len;
@ -658,7 +658,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
} }
} }
else if (stopreason == KSBA_SR_NEED_SIG) else if (stopreason == KSBA_SR_NEED_SIG)
{ {
/* Compute the signature for all signers. */ /* Compute the signature for all signers. */
gcry_md_hd_t md; gcry_md_hd_t md;
@ -669,7 +669,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
goto leave; goto leave;
} }
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (md, "sign.attr"); gcry_md_debug (md, "sign.attr");
ksba_cms_set_hash_function (cms, HASH_FNC, md); ksba_cms_set_hash_function (cms, HASH_FNC, md);
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
{ {
@ -685,7 +685,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next) for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next)
{ {
gcry_md_enable (md, cl_tmp->hash_algo); gcry_md_enable (md, cl_tmp->hash_algo);
audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO,
cl_tmp->hash_algo); cl_tmp->hash_algo);
} }
} }
@ -698,7 +698,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
gcry_md_close (md); gcry_md_close (md);
goto leave; goto leave;
} }
rc = gpgsm_create_cms_signature (ctrl, cl->cert, rc = gpgsm_create_cms_signature (ctrl, cl->cert,
md, cl->hash_algo, &sigval); md, cl->hash_algo, &sigval);
if (rc) if (rc)
@ -733,8 +733,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL); int pkalgo = gpgsm_get_key_algo_info (cl->cert, NULL);
buf = xtryasprintf ("%c %d %d 00 %s %s", buf = xtryasprintf ("%c %d %d 00 %s %s",
detached? 'D':'S', detached? 'D':'S',
pkalgo, pkalgo,
cl->hash_algo, cl->hash_algo,
signed_at, signed_at,
fpr); fpr);
if (!buf) if (!buf)
@ -753,10 +753,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
gcry_md_close (md); gcry_md_close (md);
} }
} }
while (stopreason != KSBA_SR_READY); while (stopreason != KSBA_SR_READY);
rc = gpgsm_finish_writer (b64writer); rc = gpgsm_finish_writer (b64writer);
if (rc) if (rc)
{ {
log_error ("write failed: %s\n", gpg_strerror (rc)); log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave; goto leave;
@ -774,7 +774,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
gpgsm_release_certlist (signerlist); gpgsm_release_certlist (signerlist);
ksba_cms_release (cms); ksba_cms_release (cms);
gpgsm_destroy_writer (b64writer); gpgsm_destroy_writer (b64writer);
keydb_release (kh); keydb_release (kh);
gcry_md_close (data_md); gcry_md_close (data_md);
return rc; return rc;
} }

56
sm/verify.c
View File

@ -22,7 +22,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
#include <time.h> #include <time.h>
#include <assert.h> #include <assert.h>
@ -37,7 +37,7 @@ static char *
strtimestamp_r (ksba_isotime_t atime) strtimestamp_r (ksba_isotime_t atime)
{ {
char *buffer = xmalloc (15); char *buffer = xmalloc (15);
if (!atime || !*atime) if (!atime || !*atime)
strcpy (buffer, "none"); strcpy (buffer, "none");
else else
@ -64,7 +64,7 @@ hash_data (int fd, gcry_md_hd_t md)
return err; return err;
} }
do do
{ {
nread = fread (buffer, 1, DIM(buffer), fp); nread = fread (buffer, 1, DIM(buffer), fp);
gcry_md_write (md, buffer, nread); gcry_md_write (md, buffer, nread);
@ -160,12 +160,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
goto leave; goto leave;
} }
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (data_md, "vrfy.data"); gcry_md_debug (data_md, "vrfy.data");
audit_log (ctrl->audit, AUDIT_SETUP_READY); audit_log (ctrl->audit, AUDIT_SETUP_READY);
is_detached = 0; is_detached = 0;
do do
{ {
rc = ksba_cms_parse (cms, &stopreason); rc = ksba_cms_parse (cms, &stopreason);
if (rc) if (rc)
@ -184,7 +184,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
if (stopreason == KSBA_SR_NEED_HASH if (stopreason == KSBA_SR_NEED_HASH
|| stopreason == KSBA_SR_BEGIN_DATA) || stopreason == KSBA_SR_BEGIN_DATA)
{ {
audit_log (ctrl->audit, AUDIT_GOT_DATA); audit_log (ctrl->audit, AUDIT_GOT_DATA);
/* We are now able to enable the hash algorithms */ /* We are now able to enable the hash algorithms */
@ -213,7 +213,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
if (opt.extra_digest_algo) if (opt.extra_digest_algo)
{ {
if (DBG_X509) if (DBG_X509)
log_debug ("enabling extra hash algorithm %d\n", log_debug ("enabling extra hash algorithm %d\n",
opt.extra_digest_algo); opt.extra_digest_algo);
gcry_md_enable (data_md, opt.extra_digest_algo); gcry_md_enable (data_md, opt.extra_digest_algo);
audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO,
@ -241,12 +241,12 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0); audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, 0);
} }
} }
while (stopreason != KSBA_SR_READY); while (stopreason != KSBA_SR_READY);
if (b64writer) if (b64writer)
{ {
rc = gpgsm_finish_writer (b64writer); rc = gpgsm_finish_writer (b64writer);
if (rc) if (rc)
{ {
log_error ("write failed: %s\n", gpg_strerror (rc)); log_error ("write failed: %s\n", gpg_strerror (rc));
audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc); audit_log_ok (ctrl->audit, AUDIT_WRITE_ERROR, rc);
@ -268,7 +268,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
certificate first before entering it into the DB. This way certificate first before entering it into the DB. This way
we would avoid cluttering the DB with invalid we would avoid cluttering the DB with invalid
certificates. */ certificates. */
audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert, audit_log_cert (ctrl->audit, AUDIT_SAVE_CERT, cert,
keydb_store_cert (cert, 0, NULL)); keydb_store_cert (cert, 0, NULL));
ksba_cert_release (cert); ksba_cert_release (cert);
} }
@ -344,7 +344,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
&algo, &is_enabled) &algo, &is_enabled)
|| !is_enabled) || !is_enabled)
{ {
log_error ("digest algo %d (%s) has not been enabled\n", log_error ("digest algo %d (%s) has not been enabled\n",
algo, algoid?algoid:""); algo, algoid?algoid:"");
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported"); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported");
goto next_signer; goto next_signer;
@ -355,7 +355,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
assert (!msgdigest); assert (!msgdigest);
rc = 0; rc = 0;
algoid = NULL; algoid = NULL;
algo = 0; algo = 0;
} }
else /* real error */ else /* real error */
{ {
@ -365,7 +365,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
rc = ksba_cms_get_sigattr_oids (cms, signer, rc = ksba_cms_get_sigattr_oids (cms, signer,
"1.2.840.113549.1.9.3", &ctattr); "1.2.840.113549.1.9.3", &ctattr);
if (!rc) if (!rc)
{ {
const char *s; const char *s;
@ -484,9 +484,9 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
gpgsm_status (ctrl, STATUS_BADSIG, fpr); gpgsm_status (ctrl, STATUS_BADSIG, fpr);
xfree (fpr); xfree (fpr);
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad"); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer; goto next_signer;
} }
audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo); audit_log_i (ctrl->audit, AUDIT_ATTR_HASH_ALGO, sigval_hash_algo);
rc = gcry_md_open (&md, sigval_hash_algo, 0); rc = gcry_md_open (&md, sigval_hash_algo, 0);
if (rc) if (rc)
@ -496,7 +496,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
goto next_signer; goto next_signer;
} }
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (md, "vrfy.attr"); gcry_md_debug (md, "vrfy.attr");
ksba_cms_set_hash_function (cms, HASH_FNC, md); ksba_cms_set_hash_function (cms, HASH_FNC, md);
rc = ksba_cms_hash_signed_attrs (cms, signer); rc = ksba_cms_hash_signed_attrs (cms, signer);
@ -508,13 +508,13 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error"); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error");
goto next_signer; goto next_signer;
} }
rc = gpgsm_check_cms_signature (cert, sigval, md, rc = gpgsm_check_cms_signature (cert, sigval, md,
sigval_hash_algo, &info_pkalgo); sigval_hash_algo, &info_pkalgo);
gcry_md_close (md); gcry_md_close (md);
} }
else else
{ {
rc = gpgsm_check_cms_signature (cert, sigval, data_md, rc = gpgsm_check_cms_signature (cert, sigval, data_md,
algo, &info_pkalgo); algo, &info_pkalgo);
} }
@ -542,7 +542,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN); audit_log (ctrl->audit, AUDIT_VALIDATE_CHAIN);
rc = gpgsm_validate_chain (ctrl, cert, rc = gpgsm_validate_chain (ctrl, cert,
*sigtime? sigtime : "19700101T000000", *sigtime? sigtime : "19700101T000000",
keyexptime, 0, keyexptime, 0,
NULL, 0, &verifyflags); NULL, 0, &verifyflags);
{ {
char *fpr, *buf, *tstr; char *fpr, *buf, *tstr;
@ -555,7 +555,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
} }
else else
gpgsm_status (ctrl, STATUS_GOODSIG, fpr); gpgsm_status (ctrl, STATUS_GOODSIG, fpr);
xfree (fpr); xfree (fpr);
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
@ -581,7 +581,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL, gpgsm_status_with_err_code (ctrl, STATUS_TRUST_NEVER, NULL,
gpg_err_code (rc)); gpg_err_code (rc));
else else
gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL, gpgsm_status_with_err_code (ctrl, STATUS_TRUST_UNDEFINED, NULL,
gpg_err_code (rc)); gpg_err_code (rc));
audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad"); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad");
goto next_signer; goto next_signer;
@ -603,7 +603,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
{ {
size_t qualbuflen; size_t qualbuflen;
char qualbuffer[1]; char qualbuffer[1];
rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer, rc = ksba_cert_get_user_data (cert, "is_qualified", &qualbuffer,
sizeof (qualbuffer), &qualbuflen); sizeof (qualbuffer), &qualbuflen);
if (!rc && qualbuflen) if (!rc && qualbuflen)
@ -612,20 +612,20 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
{ {
log_info (_("This is a qualified signature\n")); log_info (_("This is a qualified signature\n"));
if (!opt.qualsig_approval) if (!opt.qualsig_approval)
log_info log_info
(_("Note, that this software is not officially approved " (_("Note, that this software is not officially approved "
"to create or verify such signatures.\n")); "to create or verify such signatures.\n"));
} }
} }
else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND) else if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
log_error ("get_user_data(is_qualified) failed: %s\n", log_error ("get_user_data(is_qualified) failed: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
} }
gpgsm_status (ctrl, STATUS_TRUST_FULLY, gpgsm_status (ctrl, STATUS_TRUST_FULLY,
(verifyflags & VALIDATE_FLAG_CHAIN_MODEL)? (verifyflags & VALIDATE_FLAG_CHAIN_MODEL)?
"0 chain": "0 shell"); "0 chain": "0 shell");
next_signer: next_signer:
rc = 0; rc = 0;
@ -642,7 +642,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
ksba_cms_release (cms); ksba_cms_release (cms);
gpgsm_destroy_reader (b64reader); gpgsm_destroy_reader (b64reader);
gpgsm_destroy_writer (b64writer); gpgsm_destroy_writer (b64writer);
keydb_release (kh); keydb_release (kh);
gcry_md_close (data_md); gcry_md_close (data_md);
if (fp) if (fp)
fclose (fp); fclose (fp);