security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Make use of libgpg-error

This commit is contained in:
Werner Koch 2003-06-03 19:55:50 +00:00
parent 7c9855aaa2
commit c3cdaeeff7
58 changed files with 1110 additions and 684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
agent/ChangeLog
View File

@ -1,3 +1,14 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* agent.h: Include gpg-error.h and errno.h
* Makefile.am: Link with libgpg-error
* query.c: assuan.h is now a system header.
* genkey.c (agent_genkey): Fixed silly use of xmalloc by
xtrymalloc.
2003-04-29 Werner Koch <wk@gnupg.org>
* command.c (register_commands): Adjusted for new Assuan semantics.

6
agent/Makefile.am
View File

@ -46,7 +46,7 @@ gpg_agent_SOURCES = \
gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS)
$(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) -lgpg-error
gpg_protect_tool_SOURCES = \
protect-tool.c \
@ -55,8 +55,6 @@ gpg_protect_tool_SOURCES = \
simple-pwquery.c simple-pwquery.h
gpg_protect_tool_LDADD = ../jnlib/libjnlib.a \
../common/libcommon.a $(LIBGCRYPT_LIBS)
../common/libcommon.a $(LIBGCRYPT_LIBS) -lgpg-error

15
agent/agent.h
View File

@ -21,10 +21,25 @@
#ifndef AGENT_H
#define AGENT_H
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGAGENT
#include <gpg-error.h>
#include <errno.h>
#include <gcrypt.h>
#include "../common/util.h"
#include "../common/errors.h"
/* Convenience function to be used instead of returning the old
GNUPG_Out_Of_Core. */
static __inline__ gpg_error_t
out_of_core (void)
{
return gpg_error (gpg_err_code_from_errno (errno));
}
#define MAX_DIGEST_LEN 24
/* A large struct name "opt" to keep global flags */

26
agent/call-scd.c
View File

@ -38,7 +38,7 @@
#endif
#include "agent.h"
#include "../assuan/assuan.h"
#include <assuan.h>
#ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
@ -144,7 +144,7 @@ unlock_scd (int rc)
{
log_error ("failed to release the SCD lock\n");
if (!rc)
rc = GNUPG_Internal_Error;
rc = gpg_error (GPG_ERR_INTERNAL);
}
#endif
return rc;
@ -165,7 +165,7 @@ start_scd (void)
if (!pth_mutex_acquire (&scd_lock, 0, NULL))
{
log_error ("failed to acquire the SCD lock\n");
return GNUPG_Internal_Error;
return gpg_error (GPG_ERR_INTERNAL);
}
#endif
@ -179,8 +179,9 @@ start_scd (void)
if (fflush (NULL))
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno));
return unlock_scd (seterr (Write_Error));
return unlock_scd (tmperr);
}
if (!opt.scdaemon_program || !*opt.scdaemon_program)
@ -210,7 +211,7 @@ start_scd (void)
{
log_error ("can't connect to the SCdaemon: %s\n",
assuan_strerror (rc));
return unlock_scd (seterr (No_Scdaemon));
return unlock_scd (gpg_error (GPG_ERR_NO_SCDAEMON));
}
scd_ctx = ctx;
@ -410,7 +411,7 @@ agent_card_pksign (const char *keyid,
return rc;
if (indatalen*2 + 50 > DIM(line))
return unlock_scd (seterr (General_Error));
return unlock_scd (gpg_error (GPG_ERR_GENERAL));
sprintf (line, "SETDATA ");
p = line + strlen (line);
@ -443,8 +444,9 @@ agent_card_pksign (const char *keyid,
*r_buf = xtrymalloc (*r_buflen);
if (!*r_buf)
{
gpg_error_t tmperr = out_of_core ();
xfree (*r_buf);
return unlock_scd (GNUPG_Out_Of_Core);
return unlock_scd (tmperr);
}
p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" );
sprintf (p, "%u:", (unsigned int)sigbuflen);
@ -479,7 +481,7 @@ agent_card_pkdecrypt (const char *keyid,
/* FIXME: use secure memory where appropriate */
if (indatalen*2 + 50 > DIM(line))
return unlock_scd (seterr (General_Error));
return unlock_scd (gpg_error (GPG_ERR_GENERAL));
sprintf (line, "SETDATA ");
p = line + strlen (line);
@ -506,7 +508,7 @@ agent_card_pkdecrypt (const char *keyid,
}
*r_buf = get_membuf (&data, r_buflen);
if (!*r_buf)
return unlock_scd (GNUPG_Out_Of_Core);
return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
return unlock_scd (0);
}
@ -541,7 +543,7 @@ agent_card_readcert (const char *id, char **r_buf, size_t *r_buflen)
}
*r_buf = get_membuf (&data, r_buflen);
if (!*r_buf)
return unlock_scd (GNUPG_Out_Of_Core);
return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
return unlock_scd (0);
}
@ -577,12 +579,12 @@ agent_card_readkey (const char *id, unsigned char **r_buf)
}
*r_buf = get_membuf (&data, &buflen);
if (!*r_buf)
return unlock_scd (GNUPG_Out_Of_Core);
return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
{
xfree (*r_buf); *r_buf = NULL;
return unlock_scd (GNUPG_Invalid_Value);
return unlock_scd (gpg_error (GPG_ERR_INV_VALUE));
}
return unlock_scd (0);

4
agent/command.c
View File

@ -559,11 +559,11 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line)
s_skey = agent_key_from_file (ctrl, grip, &shadow_info, 1);
if (!s_skey && !shadow_info)
rc = seterr (No_Secret_Key);
rc = gpg_error (GPG_ERR_NO_SECKEY);
else if (!s_skey)
{
log_error ("changing a smartcard PIN is not yet supported\n");
rc = seterr (Not_Implemented);
rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
}
else
rc = agent_protect_and_store (ctrl, s_skey);

41
agent/divert-scd.c
View File

@ -48,14 +48,14 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
*r_kid = NULL;
s = shadow_info;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
want_sn = xtrymalloc (n*2+1);
if (!want_sn)
return GNUPG_Out_Of_Core;
return out_of_core ();
for (i=0; i < n; i++)
sprintf (want_sn+2*i, "%02X", s[i]);
s += n;
@ -68,12 +68,13 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
want_kid = xtrymalloc (n+1);
if (!want_kid)
{
gpg_error_t tmperr = out_of_core ();
xfree (want_sn);
return GNUPG_Out_Of_Core;
return tmperr;
}
memcpy (want_kid, s, n);
want_kid[n] = 0;
@ -94,7 +95,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
return 0; /* yes, we have the correct card */
}
}
else if (rc == GNUPG_Card_Not_Present)
else if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
{
log_debug ("no card present\n");
rc = 0;
@ -115,7 +116,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
"insert the one with serial number",
want_sn_displen, want_sn) < 0)
{
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
}
else
{
@ -146,12 +147,12 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
{
log_error ("no object identifier for algo %d\n", algo);
return GNUPG_Internal_Error;
return gpg_error (GPG_ERR_INTERNAL);
}
frame = xtrymalloc (asnlen + digestlen);
if (!frame)
return GNUPG_Out_Of_Core;
return out_of_core ();
memcpy (frame, asn, asnlen);
memcpy (frame+asnlen, digest, digestlen);
if (DBG_CRYPTO)
@ -177,7 +178,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
CTRL ctrl = opaque;
if (maxbuf < 2)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
/* FIXME: keep PI and TRIES in OPAQUE. Frankly this is a whole
@ -260,32 +261,32 @@ divert_pkdecrypt (CTRL ctrl,
s = cipher;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "enc-val"))
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "rsa"))
return GNUPG_Unsupported_Algorithm;
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
if (*s != '(')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "a"))
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
n = snext (&s);
if (!n)
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
ciphertext = s;
ciphertextlen = n;

23
agent/findkey.c
View File

@ -64,7 +64,7 @@ agent_write_private_key (const unsigned char *grip,
{
log_error ("secret key file `%s' already exists\n", fname);
xfree (fname);
return seterr (General_Error);
return gpg_error (GPG_ERR_GENERAL);
}
/* We would like to create FNAME but only if it does not already
@ -82,32 +82,39 @@ agent_write_private_key (const unsigned char *grip,
else
{
fp = fdopen (fd, "wb");
if (! fp)
close (fd);
if (!fp)
{
int save_e = errno;
close (fd);
errno = save_e;
}
}
}
if (!fp)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("can't create `%s': %s\n", fname, strerror (errno));
xfree (fname);
return seterr (File_Create_Error);
return tmperr;
}
if (fwrite (buffer, length, 1, fp) != 1)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error writing `%s': %s\n", fname, strerror (errno));
fclose (fp);
remove (fname);
xfree (fname);
return seterr (File_Create_Error);
return tmperr;
}
if ( fclose (fp) )
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error closing `%s': %s\n", fname, strerror (errno));
remove (fname);
xfree (fname);
return seterr (File_Create_Error);
return tmperr;
}
xfree (fname);
@ -291,7 +298,7 @@ agent_key_from_file (CTRL ctrl,
assert (n);
*shadow_info = xtrymalloc (n);
if (!*shadow_info)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
else
{
memcpy (*shadow_info, s, n);
@ -306,7 +313,7 @@ agent_key_from_file (CTRL ctrl,
break;
default:
log_error ("invalid private key format\n");
rc = GNUPG_Bad_Secret_Key;
rc = gpg_error (GPG_ERR_BAD_SECKEY);
break;
}
if (rc)

18
agent/genkey.c
View File

@ -40,14 +40,14 @@ store_key (GCRY_SEXP private, const char *passphrase, int force)
if ( !gcry_pk_get_keygrip (private, grip) )
{
log_error ("can't calculate keygrip\n");
return seterr (General_Error);
return gpg_error (GPG_ERR_GENERAL);
}
len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len);
buf = gcry_malloc_secure (len);
if (!buf)
return seterr (Out_Of_Core);
return out_of_core ();
len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
@ -101,7 +101,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
if (rc)
{
log_error ("failed to convert keyparam: %s\n", gcry_strerror (rc));
return seterr (Invalid_Data);
return gpg_error (GPG_ERR_INVALID_DATA);
}
/* Get the passphrase now, cause key generation may take a while. */
@ -147,7 +147,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
log_error ("key generation failed: invalid return value\n");
gcry_sexp_release (s_key);
xfree (pi);
return seterr (Invalid_Data);
return gpg_error (GPG_ERR_INVALID_DATA);
}
s_public = gcry_sexp_find_token (s_key, "public-key", 0);
if (!s_public)
@ -156,7 +156,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
gcry_sexp_release (s_private);
gcry_sexp_release (s_key);
xfree (pi);
return seterr (Invalid_Data);
return gpg_error (GPG_ERR_INVALID_DATA);
}
gcry_sexp_release (s_key); s_key = NULL;
@ -175,22 +175,24 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
log_debug ("returning public key\n");
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len);
buf = xmalloc (len);
buf = xtrymalloc (len);
if (!buf)
{
gpg_error_t tmperr = out_of_core ();
gcry_sexp_release (s_private);
gcry_sexp_release (s_public);
return seterr (Out_Of_Core);
return tmperr;
}
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
if (fwrite (buf, len, 1, outfp) != 1)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error writing public key: %s\n", strerror (errno));
gcry_sexp_release (s_private);
gcry_sexp_release (s_public);
xfree (buf);
return seterr (File_Create_Error);
return tmperr;
}
gcry_sexp_release (s_public);
xfree (buf);

14
agent/learncard.c
View File

@ -29,7 +29,7 @@
#include <sys/stat.h>
#include "agent.h"
#include "../assuan/assuan.h"
#include <assuan.h>
struct keypair_info_s {
struct keypair_info_s *next;
@ -97,7 +97,7 @@ kpinfo_cb (void *opaque, const char *line)
item = xtrycalloc (1, sizeof *item + strlen (line));
if (!item)
{
parm->error = GNUPG_Out_Of_Core;
parm->error = out_of_core ();
return;
}
strcpy (item->hexgrip, line);
@ -110,7 +110,7 @@ kpinfo_cb (void *opaque, const char *line)
}
else if ((p - item->hexgrip) != 40 || !spacep (p))
{ /* not a 20 byte hex keygrip or not followed by a space */
parm->error = GNUPG_Invalid_Response;
parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
xfree (item);
return;
}
@ -122,7 +122,7 @@ kpinfo_cb (void *opaque, const char *line)
p++;
if (p == item->id)
{ /* invalid ID string */
parm->error = GNUPG_Invalid_Response;
parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
xfree (item);
return;
}
@ -154,7 +154,7 @@ certinfo_cb (void *opaque, const char *line)
;
if (p == pend || !*p)
{
parm->error = GNUPG_Invalid_Response;
parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
return;
}
*pend = 0; /* ignore trailing stuff */
@ -162,7 +162,7 @@ certinfo_cb (void *opaque, const char *line)
item = xtrycalloc (1, sizeof *item + strlen (p));
if (!item)
{
parm->error = GNUPG_Out_Of_Core;
parm->error = out_of_core ();
return;
}
item->type = type;
@ -323,7 +323,7 @@ agent_handle_learn (void *assuan_context)
unsigned char *shadow_info = make_shadow_info (serialno, item->id);
if (!shadow_info)
{
rc = GNUPG_Out_Of_Core;
rc = gpg_error (GPG_ERR_ENOMEM);
xfree (pubkey);
goto leave;
}

8
agent/pkdecrypt.c
View File

@ -47,7 +47,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (!ctrl->have_keygrip)
{
log_error ("speculative decryption not yet supported\n");
rc = seterr (No_Secret_Key);
rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave;
}
@ -55,7 +55,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (rc)
{
log_error ("failed to convert ciphertext: %s\n", gcry_strerror (rc));
rc = seterr (Invalid_Data);
rc = gpg_error (GPG_ERR_INV_DATA);
goto leave;
}
@ -68,7 +68,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (!s_skey && !shadow_info)
{
log_error ("failed to read the secret key\n");
rc = seterr (No_Secret_Key);
rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave;
}
@ -77,7 +77,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL))
{
rc = GNUPG_Invalid_Sexp;
rc = gpg_error (GPG_ERR_INVALID_SEXP);
goto leave;
}

10
agent/pksign.c
View File

@ -45,14 +45,14 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
{
log_error ("no object identifier for algo %d\n", algo);
return GNUPG_Internal_Error;
return gpg_error (GPG_ERR_INTERNAL);
}
if (digestlen + asnlen + 4 > nframe )
{
log_error ("can't encode a %d bit MD into a %d bits frame\n",
(int)(digestlen*8), (int)nbits);
return GNUPG_Internal_Error;
return gpg_error (GPG_ERR_INTERNAL);
}
/* We encode the MD in this way:
@ -63,7 +63,7 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
*/
frame = xtrymalloc (nframe);
if (!frame)
return GNUPG_Out_Of_Core;
return out_of_core ();
n = 0;
frame[n++] = 0;
frame[n++] = 1; /* block type */
@ -96,14 +96,14 @@ agent_pksign (CTRL ctrl, FILE *outfp, int ignore_cache)
size_t len;
if (!ctrl->have_keygrip)
return seterr (No_Secret_Key);
return gpg_error (GPG_ERR_NO_SECKEY);
s_skey = agent_key_from_file (ctrl,
ctrl->keygrip, &shadow_info, ignore_cache);
if (!s_skey && !shadow_info)
{
log_error ("failed to read the secret key\n");
rc = seterr (No_Secret_Key);
rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave;
}

172
agent/protect.c
View File

@ -68,20 +68,20 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
s = plainkey;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "private-key"))
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
hash_begin = s;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; /* skip over the algorithm name */
while (*s == '(')
@ -89,18 +89,18 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n;
if ( *s != ')' )
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s++;
}
if (*s != ')')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s++;
hash_end = s;
@ -164,13 +164,13 @@ do_encryption (const char *protbegin, size_t protlen,
enclen = outlen/blklen * blklen;
outbuf = gcry_malloc_secure (outlen);
if (!outbuf)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
if (!rc)
{
/* allocate random bytes to be used as IV, padding and s2k salt*/
iv = gcry_random_bytes (blklen*2+8, GCRY_WEAK_RANDOM);
if (!iv)
rc = GNUPG_Out_Of_Core;
rc = gpg_error (GPG_ERR_ENOMEM);
else
rc = gcry_cipher_setiv (hd, iv, blklen);
}
@ -181,7 +181,7 @@ do_encryption (const char *protbegin, size_t protlen,
key = gcry_malloc_secure (keylen);
if (!key)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
else
{
rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@ -232,7 +232,7 @@ do_encryption (const char *protbegin, size_t protlen,
blklen, &ivpos, blklen, "",
enclen, &encpos, enclen, "");
if (p)
{ /* asprintf does not use out malloc system */
{ /* asprintf does not use our malloc system */
char *psave = p;
p = xtrymalloc (strlen (psave)+1);
if (p)
@ -241,9 +241,10 @@ do_encryption (const char *protbegin, size_t protlen,
}
if (!p)
{
gpg_error_t tmperr = out_of_core ();
xfree (iv);
xfree (outbuf);
return GNUPG_Out_Of_Core;
return tmperr;
}
*resultlen = strlen (p);
*result = p;
@ -277,28 +278,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
s = plainkey;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "private-key"))
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++;
hash_begin = s;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
for (infidx=0; protect_info[infidx].algo
&& !smatch (&s, n, protect_info[infidx].algo); infidx++)
;
if (!protect_info[infidx].algo)
return GNUPG_Unsupported_Algorithm;
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
prot_begin = prot_end = NULL;
for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
@ -306,28 +307,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
if (i == protect_info[infidx].prot_from)
prot_begin = s;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (n != 1 || c != *s)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s +=n; /* skip value */
if (*s != ')')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth--;
if (i == protect_info[infidx].prot_to)
prot_end = s;
s++;
}
if (*s != ')' || !prot_begin || !prot_end )
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth--;
hash_end = s;
s++;
@ -358,8 +359,9 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
*result = p = xtrymalloc (*resultlen);
if (!p)
{
gpg_error_t tmperr = out_of_core ();
xfree (protected);
return GNUPG_Out_Of_Core;
return tmperr;
}
memcpy (p, "(21:protected-", 14);
p += 14;
@ -391,7 +393,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER);
if (protectedlen < 4 || (protectedlen%blklen))
return GNUPG_Corrupted_Protection;
return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
hd = gcry_cipher_open (PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
GCRY_CIPHER_SECURE);
@ -400,7 +402,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
outbuf = gcry_malloc_secure (protectedlen);
if (!outbuf)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
if (!rc)
rc = gcry_cipher_setiv (hd, iv, ivlen);
if (!rc)
@ -410,7 +412,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
key = gcry_malloc_secure (keylen);
if (!key)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
else
{
rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@ -433,14 +435,14 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
if (*outbuf != '(' && outbuf[1] != '(')
{
xfree (outbuf);
return GNUPG_Bad_Passphrase;
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
}
/* check that we have a consistent S-Exp */
reallen = gcry_sexp_canon_len (outbuf, protectedlen, NULL, NULL);
if (!reallen || (reallen + blklen < protectedlen) )
{
xfree (outbuf);
return GNUPG_Bad_Passphrase;
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
}
*result = outbuf;
return 0;
@ -464,21 +466,21 @@ merge_lists (const unsigned char *protectedkey,
int i, rc;
if (replacepos < 26)
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
/* Estimate the required size of the resulting list. We have a large
safety margin of >20 bytes (MIC hash from CLEARTEXT and the
removed "protected-" */
newlistlen = gcry_sexp_canon_len (protectedkey, 0, NULL, NULL);
if (!newlistlen)
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
n = gcry_sexp_canon_len (cleartext, 0, NULL, NULL);
if (!n)
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
newlistlen += n;
newlist = gcry_malloc_secure (newlistlen);
if (!newlist)
return GNUPG_Out_Of_Core;
return out_of_core ();
/* Copy the initial segment */
strcpy (newlist, "(11:private-key");
@ -489,7 +491,7 @@ merge_lists (const unsigned char *protectedkey,
/* copy the cleartext */
s = cleartext;
if (*s != '(' && s[1] != '(')
return GNUPG_Bug; /*we already checked this */
return gpg_error (GPG_ERR_BUG); /*we already checked this */
s += 2;
startpos = s;
while ( *s == '(' )
@ -564,7 +566,7 @@ merge_lists (const unsigned char *protectedkey,
invalid_sexp:
xfree (newlist);
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
}
@ -589,25 +591,25 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
s = protectedkey;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "protected-private-key"))
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
for (infidx=0; protect_info[infidx].algo
&& !smatch (&s, n, protect_info[infidx].algo); infidx++)
;
if (!protect_info[infidx].algo)
return GNUPG_Unsupported_Algorithm;
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
/* now find the list with the protected information. Here is an
example for such a list:
@ -618,12 +620,12 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
for (;;)
{
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
prot_begin = s;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (smatch (&s, n, "protected"))
break;
s += n;
@ -635,47 +637,47 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
/* found */
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"))
return GNUPG_Unsupported_Protection;
return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
if (*s != '(' || s[1] != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += 2;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "sha1"))
return GNUPG_Unsupported_Protection;
return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
n = snext (&s);
if (n != 8)
return GNUPG_Corrupted_Protection;
return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
s2ksalt = s;
s += n;
n = snext (&s);
if (!n)
return GNUPG_Corrupted_Protection;
return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
/* We expect a list close as next, so we can simply use strtoul()
here. We might want to check that we only have digits - but this
is nothing we should worry about */
if (s[n] != ')' )
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s2kcount = strtoul (s, NULL, 10);
if (!s2kcount)
return GNUPG_Corrupted_Protection;
return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
s += n;
s++; /* skip list end */
n = snext (&s);
if (n != 16) /* Wrong blocksize for IV (we support ony aes-128) */
return GNUPG_Corrupted_Protection;
return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
iv = s;
s += n;
if (*s != ')' )
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
rc = do_decryption (s, n,
passphrase, s2ksalt, s2kcount,
@ -692,7 +694,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
rc = calculate_mic (final, sha1hash2);
if (!rc && memcmp (sha1hash, sha1hash2, 20))
rc = GNUPG_Corrupted_Protection;
rc = gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
if (rc)
{
xfree (final);
@ -755,9 +757,9 @@ hash_passphrase (const char *passphrase, int hashalgo,
if ( (s2kmode != 0 && s2kmode != 1 && s2kmode != 3)
|| !hashalgo || !keylen || !key || !passphrase)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
md = gcry_md_open (hashalgo, GCRY_MD_FLAG_SECURE);
if (!md)
@ -834,42 +836,42 @@ agent_shadow_key (const unsigned char *pubkey,
size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL);
if (!pubkey_len || !shadow_info_len)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
s = pubkey;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "public-key"))
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; /* skip over the algorithm name */
while (*s != ')')
{
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s +=n; /* skip value */
if (*s != ')')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth--;
s++;
}
@ -883,7 +885,7 @@ agent_shadow_key (const unsigned char *pubkey,
n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
*result = p = xtrymalloc (n);
if (!p)
return GNUPG_Out_Of_Core;
return out_of_core ();
p = stpcpy (p, "(20:shadowed-private-key");
/* (10:public-key ...)*/
memcpy (p, pubkey+14, point - (pubkey+14));
@ -910,58 +912,58 @@ agent_get_shadow_info (const unsigned char *shadowkey,
s = shadowkey;
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "shadowed-private-key"))
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; /* skip over the algorithm name */
for (;;)
{
if (*s == ')')
return GNUPG_Unknown_Sexp;
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth++;
s++;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (smatch (&s, n, "shadowed"))
break;
s += n;
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s +=n; /* skip value */
if (*s != ')')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
depth--;
s++;
}
/* found the shadowed list, s points to the protocol */
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
if (smatch (&s, n, "t1-v1"))
{
if (*s != '(')
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
*shadow_info = s;
}
else
return GNUPG_Unsupported_Protocol;
return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
return 0;
}

37
agent/query.c
View File

@ -33,7 +33,7 @@
#include "agent.h"
#include "i18n.h"
#include "../assuan/assuan.h"
#include <assuan.h>
#ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX
@ -70,7 +70,7 @@ unlock_pinentry (int rc)
{
log_error ("failed to release the entry lock\n");
if (!rc)
rc = GNUPG_Internal_Error;
rc = gpg_error (GPG_ERR_INTERNAL);
}
#endif
entry_ctx = NULL;
@ -96,7 +96,7 @@ start_pinentry (CTRL ctrl)
if (!pth_mutex_acquire (&entry_lock, 0, NULL))
{
log_error ("failed to acquire the entry lock\n");
return GNUPG_Internal_Error;
return gpg_error (GPG_ERR_INTERNAL);
}
#endif
@ -108,8 +108,9 @@ start_pinentry (CTRL ctrl)
if (fflush (NULL))
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno));
return unlock_pinentry (seterr (Write_Error));
return unlock_pinentry (tmperr);
}
if (!opt.pinentry_program || !*opt.pinentry_program)
@ -145,7 +146,7 @@ start_pinentry (CTRL ctrl)
{
log_error ("can't connect to the PIN entry module: %s\n",
assuan_strerror (rc));
return unlock_pinentry (seterr (No_PIN_Entry));
return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
}
entry_ctx = ctx;
@ -161,7 +162,7 @@ start_pinentry (CTRL ctrl)
{
char *optstr;
if (asprintf (&optstr, "OPTION ttyname=%s", ctrl->ttyname) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core);
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
@ -172,7 +173,7 @@ start_pinentry (CTRL ctrl)
{
char *optstr;
if (asprintf (&optstr, "OPTION ttytype=%s", ctrl->ttytype) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core);
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
if (rc)
@ -182,7 +183,7 @@ start_pinentry (CTRL ctrl)
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core);
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
if (rc)
@ -192,7 +193,7 @@ start_pinentry (CTRL ctrl)
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core);
return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
if (rc)
@ -250,7 +251,7 @@ agent_askpin (CTRL ctrl,
return 0; /* fixme: we should return BAD PIN */
if (!pininfo || pininfo->max_length < 1)
return seterr (Invalid_Value);
return gpg_error (GPG_ERR_INV_VALUE);
if (!desc_text && pininfo->min_digits)
desc_text = _("Please enter your PIN, so that the secret key "
"can be unlocked for this session");
@ -322,7 +323,8 @@ agent_askpin (CTRL ctrl,
rc = pininfo->check_cb (pininfo);
if (rc == -1 && pininfo->cb_errtext)
errtext = pininfo->cb_errtext;
else if (rc == GNUPG_Bad_Passphrase || rc == GNUPG_Bad_PIN)
else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN)
errtext = (is_pin? _("Bad PIN")
: _("Bad Passphrase"));
else if (rc)
@ -333,8 +335,8 @@ agent_askpin (CTRL ctrl,
return unlock_pinentry (0); /* okay, got a PIN or passphrase */
}
return unlock_pinentry (pininfo->min_digits? GNUPG_Bad_PIN
: GNUPG_Bad_Passphrase);
return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
: GPG_ERR_BAD_PASSPHRASE));
}
@ -356,7 +358,7 @@ agent_get_passphrase (CTRL ctrl,
*retpass = NULL;
if (opt.batch)
return GNUPG_Bad_Passphrase;
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
rc = start_pinentry (ctrl);
if (rc)
@ -394,7 +396,7 @@ agent_get_passphrase (CTRL ctrl,
parm.size = ASSUAN_LINELENGTH/2 - 5;
parm.buffer = gcry_malloc_secure (parm.size+10);
if (!parm.buffer)
return unlock_pinentry (seterr (Out_Of_Core));
return unlock_pinentry (out_of_core ());
assuan_begin_confidential (entry_ctx);
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL);
@ -407,8 +409,9 @@ agent_get_passphrase (CTRL ctrl,
hexstring = gcry_malloc_secure (strlen (parm.buffer)*2+1);
if (!hexstring)
{
gpg_error_t tmperr = out_of_core ();
xfree (parm.buffer);
return unlock_pinentry (seterr (Out_Of_Core));
return unlock_pinentry (tmperr);
}
for (i=0, p=parm.buffer; *p; p++, i += 2)
@ -423,7 +426,7 @@ agent_get_passphrase (CTRL ctrl,
/* Pop up the PIN-entry, display the text and the prompt and ask the
user to confirm this. We return 0 for success, ie. the used
confirmed it, GNUPG_Not_Confirmed for what the text says or an
confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
other error. */
int
agent_get_confirmation (CTRL ctrl,

4
agent/sexp-parse.h
View File

@ -68,10 +68,10 @@ sskip (unsigned char const **buf, int *depth)
else
{
if (!d)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
n = snext (&s);
if (!n)
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
s += n;
}
}

28
agent/trustlist.c
View File

@ -29,8 +29,7 @@
#include <sys/stat.h>
#include "agent.h"
#include "../assuan/assuan.h" /* fixme: need a way to avoid assuan
calls here */
#include <assuan.h> /* fixme: need a way to avoid assuan calls here */
static const char headerblurb[] =
"# This is the list of trusted keys. Comments like this one and empty\n"
@ -60,9 +59,10 @@ open_list (int append)
trustfp = fopen (fname, "wx");
if (!trustfp)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("can't create `%s': %s\n", fname, strerror (errno));
xfree (fname);
return seterr (File_Create_Error);
return tmperr;
}
fputs (headerblurb, trustfp);
fclose (trustfp);
@ -71,9 +71,10 @@ open_list (int append)
if (!trustfp)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("can't open `%s': %s\n", fname, strerror (errno));
xfree (fname);
return seterr (File_Open_Error);
return tmperr;
}
/*FIXME: check the MAC */
@ -109,7 +110,7 @@ read_list (char *key, int *keyflag)
{
if (feof (trustfp))
return -1;
return GNUPG_Read_Error;
return gpg_error (gpg_err_code_from_errno (errno));
}
if (!*line || line[strlen(line)-1] != '\n')
@ -117,7 +118,8 @@ read_list (char *key, int *keyflag)
/* eat until end of line */
while ( (c=getc (trustfp)) != EOF && c != '\n')
;
return *line? GNUPG_Line_Too_Long: GNUPG_Incomplete_Line;
return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
: GPG_ERR_INCOMPLETE_LINE);
}
/* Allow for emty lines and spaces */
@ -132,7 +134,7 @@ read_list (char *key, int *keyflag)
if (i!=40 || !(spacep (p+i) || p[i] == '\n'))
{
log_error ("invalid formatted fingerprint in trustlist\n");
return GNUPG_Bad_Data;
return gpg_error (GPG_ERR_BAD_DATA);
}
assert (p[i]);
if (p[i] == '\n')
@ -149,13 +151,13 @@ read_list (char *key, int *keyflag)
else
{
log_error ("invalid keyflag in trustlist\n");
return GNUPG_Bad_Data;
return gpg_error (GPG_ERR_BAD_DATA);
}
i++;
if ( !(spacep (p+i) || p[i] == '\n'))
{
log_error ("invalid keyflag in trustlist\n");
return GNUPG_Bad_Data;
return gpg_error (GPG_ERR_BAD_DATA);
}
}
@ -253,7 +255,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
" \"%s\"%%0A"
"has the fingerprint:%%0A"
" %s", name, fpr) < 0 )
return GNUPG_Out_Of_Core;
return out_of_core ();
rc = agent_get_confirmation (ctrl, desc, "Correct", "No");
free (desc);
if (rc)
@ -264,7 +266,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
" \"%s\"%%0A"
"to correctly certify user certificates?",
name) < 0 )
return GNUPG_Out_Of_Core;
return out_of_core ();
rc = agent_get_confirmation (ctrl, desc, "Yes", "No");
free (desc);
if (rc)
@ -294,11 +296,11 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
print_sanitized_string (trustfp, name, 0);
fprintf (trustfp, "\n%s %c\n", fpr, flag);
if (ferror (trustfp))
rc = GNUPG_Write_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
/* close because we are in append mode */
if (fclose (trustfp))
rc = GNUPG_File_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
trustfp = NULL;
return rc;
}

9
common/errors.h
View File

@ -23,7 +23,13 @@
#include "util.h"
/* Error numbers */
#ifdef GPG_ERR_SOURCE_DEFAULT
# define GPG_ERR_INVALID_VALUE GPG_ERR_INV_VALUE
# define GPG_ERR_INVALID_DATA GPG_ERR_INV_DATA
# define GPG_ERR_INVALID_SEXP GPG_ERR_INV_SEXP
#else /*GPG_ERR_SOURCE_DEFAUL*/
/* Error numbers. Note, that they are onkly used for old code not yet
converted to libgpg-error. */
enum {
GNUPG_EOF = -1,
GNUPG_No_Error = 0,
@ -104,6 +110,7 @@ enum {
GNUPG_Unsupported_Operation = 75,
GNUPG_Wrong_Key_Usage = 76,
};
#endif /* !GPG_ERR_SOURCE_DEFAULT */
/* Status codes - fixme: should go into another file */
enum {

8
kbx/ChangeLog
View File

@ -1,3 +1,11 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* keybox-defs.h: Include gpg-error.h .
(KeyboxError): Removed.
* Makefile.am: Removed keybox-error.c stuff.
2002-11-14 Werner Koch <wk@gnupg.org>
* keybox-search.c (blob_cmp_name) <compare all names>: Fixed

9
kbx/Makefile.am
View File

@ -1,5 +1,5 @@
# Keybox Makefile
# Copyright (C) 2001, 2002 Free Software Foundation, Inc.
# Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
@ -24,7 +24,6 @@ INCLUDES = -I../intl -DLOCALEDIR=\"$(localedir)\"
EXTRA_DIST = mkerrors
AM_CPPFLAGS = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS)
BUILT_SOURCES = keybox-errors.c
noinst_LIBRARIES = libkeybox.a
bin_PROGRAMS = kbxutil
@ -32,7 +31,6 @@ bin_PROGRAMS = kbxutil
common_sources = \
keybox.h keybox-defs.h keybox-search-desc.h \
keybox-util.c \
keybox-errors.c \
keybox-init.c \
keybox-blob.c \
keybox-file.c \
@ -44,10 +42,7 @@ common_sources = \
libkeybox_a_SOURCES = $(common_sources)
kbxutil_SOURCES = kbxutil.c $(common_sources)
kbxutil_LDADD = ../jnlib/libjnlib.a $(KSBA_LIBS) $(LIBGCRYPT_LIBS)
keybox-errors.c : keybox.h mkerrors
$(srcdir)/mkerrors < $(srcdir)/keybox.h > keybox-errors.c
kbxutil_LDADD = ../jnlib/libjnlib.a $(KSBA_LIBS) $(LIBGCRYPT_LIBS) -lgpg-error

32
kbx/keybox-blob.c
View File

@ -1,5 +1,5 @@
/* keybox-blob.c - KBX Blob handling
* Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -489,7 +489,7 @@ x509_create_blob_cert (KEYBOXBLOB blob, KsbaCert cert)
image = ksba_cert_get_image (cert, &length);
if (!image)
return KEYBOX_General_Error;
return gpg_error (GPG_ERR_GENERAL);
put_membuf (a, image, length);
add_fixup (blob, 12, a->len - kbstart);
@ -651,7 +651,7 @@ create_blob_finish (KEYBOXBLOB blob)
/* get the memory area */
p = get_membuf (a, &n);
if (!p)
return KEYBOX_Out_Of_Core;
return gpg_error (GPG_ERR_ENOMEM);
assert (n >= 20);
/* fixup the length */
@ -659,7 +659,7 @@ create_blob_finish (KEYBOXBLOB blob)
/* do the fixups */
if (blob->fixup_out_of_core)
return KEYBOX_Out_Of_Core;
return gpg_error (GPG_ERR_ENOMEM);
{
struct fixup_list *fl;
@ -678,7 +678,7 @@ create_blob_finish (KEYBOXBLOB blob)
pp = xtrymalloc (n);
if ( !pp )
return KEYBOX_Out_Of_Core;
return gpg_error (gpg_err_code_from_errno (errno));
memcpy (pp , p, n);
blob->blob = pp;
blob->bloblen = n;
@ -698,8 +698,8 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
*r_blob = NULL;
blob = xtrycalloc (1, sizeof *blob);
if( !blob )
return KEYBOX_Out_Of_Core;
if (!blob)
return gpg_error (gpg_err_code_from_errno (errno));
/* fixme: Do some sanity checks on the keyblock */
@ -723,7 +723,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
if (!blob->keys || !blob->uids || !blob->sigs)
{
rc = KEYBOX_Out_Of_Core;
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -818,7 +818,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
*r_blob = NULL;
blob = xtrycalloc (1, sizeof *blob);
if( !blob )
return KEYBOX_Out_Of_Core;
return gpg_error (gpg_err_code_from_errno (errno));
p = ksba_cert_get_serial (cert);
if (p)
@ -828,7 +828,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
if (n < 2)
{
xfree (p);
return KEYBOX_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
blob->serialbuf = p;
p++; n--; /* skip '(' */
@ -838,7 +838,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
{
xfree (blob->serialbuf);
blob->serialbuf = NULL;
return KEYBOX_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
p++;
blob->serial = p;
@ -853,13 +853,13 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
names = xtrymalloc (max_names * sizeof *names);
if (!names)
{
rc = KEYBOX_Out_Of_Core;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
p = ksba_cert_get_issuer (cert, 0);
if (!p)
{
rc = KEYBOX_Missing_Value;
rc = gpg_error (GPG_ERR_MISSING_VALUE);
goto leave;
}
names[blob->nuids++] = p;
@ -874,7 +874,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
tmp = xtryrealloc (names, max_names * sizeof *names);
if (!tmp)
{
rc = KEYBOX_Out_Of_Core;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
}
@ -891,7 +891,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
if (!blob->keys || !blob->uids || !blob->sigs)
{
rc = KEYBOX_Out_Of_Core;
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -964,7 +964,7 @@ _keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen, off_t off)
*r_blob = NULL;
blob = xtrycalloc (1, sizeof *blob);
if (!blob)
return KEYBOX_Out_Of_Core;
return gpg_error (gpg_err_code_from_errno (errno));
blob->blob = image;
blob->bloblen = imagelen;

7
kbx/keybox-defs.h
View File

@ -24,6 +24,13 @@
#include <sys/types.h> /* off_t */
#include "keybox.h"
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_KEYBOX
#include <gpg-error.h>
#ifndef HAVE_BYTE_TYPEDEF
typedef unsigned char byte; /* fixme */
#endif

8
kbx/keybox-dump.c
View File

@ -1,5 +1,5 @@
/* keybox-dump.c - Debug helpers
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -322,8 +322,9 @@ _keybox_dump_file (const char *filename, FILE *outfp)
fp = fopen (filename, "rb");
if (!fp)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
fprintf (outfp, "can't open `%s': %s\n", filename, strerror(errno));
return KEYBOX_File_Error;
return tmperr;
}
while ( !(rc = _keybox_read_blob (&blob, fp)) )
@ -337,8 +338,7 @@ _keybox_dump_file (const char *filename, FILE *outfp)
if (rc == -1)
rc = 0;
if (rc)
fprintf (outfp, "error reading `%s': %s\n", filename,
rc == KEYBOX_Read_Error? keybox_strerror(rc):strerror (errno));
fprintf (outfp, "error reading `%s': %s\n", filename, gpg_strerror (rc));
if (fp != stdin)
fclose (fp);

22
kbx/keybox-file.c
View File

@ -1,5 +1,5 @@
/* keybox-file.c - file oeprations
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -22,6 +22,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include "keybox-defs.h"
@ -40,7 +41,7 @@ _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
*r_blob = NULL;
off = ftello (fp);
if (off == (off_t)-1)
return KEYBOX_Read_Error;
return gpg_error (gpg_err_code_from_errno (errno));
if ((c1 = getc (fp)) == EOF
|| (c2 = getc (fp)) == EOF
@ -50,33 +51,34 @@ _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
{
if ( c1 == EOF && !ferror (fp) )
return -1; /* eof */
return KEYBOX_Read_Error;
return gpg_error (gpg_err_code_from_errno (errno));
}
imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4;
if (imagelen > 500000) /* sanity check */
return KEYBOX_Blob_Too_Large;
return gpg_error (GPG_ERR_TOO_LARGE);
if (imagelen < 5)
return KEYBOX_Blob_Too_Short;
return gpg_error (GPG_ERR_TOO_SHORT);
if (!type)
{
/* special treatment for empty blobs. */
if (fseek (fp, imagelen-5, SEEK_CUR))
return KEYBOX_Read_Error;
return gpg_error (gpg_err_code_from_errno (errno));
goto again;
}
image = xtrymalloc (imagelen);
if (!image)
return KEYBOX_Out_Of_Core;
return gpg_error (gpg_err_code_from_errno (errno));
image[0] = c1; image[1] = c2; image[2] = c3; image[3] = c4; image[4] = type;
if (fread (image+5, imagelen-5, 1, fp) != 1)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (image);
return KEYBOX_Read_Error;
return tmperr;
}
rc = r_blob? _keybox_new_blob (r_blob, image, imagelen, off) : 0;
@ -95,8 +97,6 @@ _keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
image = _keybox_get_blob_image (blob, &length);
if (fwrite (image, length, 1, fp) != 1)
{
return KEYBOX_Write_Error;
}
return gpg_error (gpg_err_code_from_errno (errno));
return 0;
}

2
kbx/keybox-init.c
View File

@ -120,7 +120,7 @@ int
keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
{
if (!hd)
return KEYBOX_Invalid_Handle;
return gpg_error (GPG_ERR_INV_HANDLE);
hd->ephemeral = yes;
return 0;
}

38
kbx/keybox-search.c
View File

@ -1,5 +1,5 @@
/* keybox-search.c - Search operations
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -23,6 +23,7 @@
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include <errno.h>
#include "../jnlib/stringhelp.h" /* ascii_xxxx() */
#include "keybox-defs.h"
@ -481,7 +482,7 @@ int
keybox_search_reset (KEYBOX_HANDLE hd)
{
if (!hd)
return KEYBOX_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (hd->found.blob)
{
@ -512,7 +513,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
struct sn_array_s *sn_array = NULL;
if (!hd)
return KEYBOX_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
/* clear last found result */
if (hd->found.blob)
@ -548,7 +549,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
{
sn_array = xtrycalloc (ndesc, sizeof *sn_array);
if (!sn_array)
return (hd->error = KEYBOX_Out_Of_Core);
return (hd->error = gpg_error (gpg_err_code_from_errno (errno)));
}
}
@ -557,8 +558,9 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
hd->fp = fopen (hd->kb->fname, "rb");
if (!hd->fp)
{
hd->error = gpg_error (gpg_err_code_from_errno (errno));
xfree (sn_array);
return (hd->error = KEYBOX_File_Open_Error);
return hd->error;
}
}
@ -588,8 +590,9 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
sn_array[n].sn = xtrymalloc (snlen);
if (!sn_array[n].sn)
{
hd->error = gpg_error (gpg_err_code_from_errno (errno));
release_sn_array (sn_array, n);
return (hd->error = KEYBOX_Out_Of_Core);
return hd->error;
}
sn_array[n].snlen = snlen;
sn = sn_array[n].sn;
@ -611,8 +614,9 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
sn_array[n].sn = xtrymalloc (snlen);
if (!sn_array[n].sn)
{
hd->error = gpg_error (gpg_err_code_from_errno (errno));
release_sn_array (sn_array, n);
return (hd->error = KEYBOX_Out_Of_Core);
return hd->error;
}
sn_array[n].snlen = snlen;
memcpy (sn_array[n].sn, sn, snlen);
@ -700,7 +704,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
goto found;
break;
default:
rc = KEYBOX_Invalid_Value;
rc = gpg_error (GPG_ERR_INV_VALUE);
goto found;
}
}
@ -759,37 +763,37 @@ keybox_get_cert (KEYBOX_HANDLE hd, KsbaCert *r_cert)
int rc;
if (!hd)
return KEYBOX_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (!hd->found.blob)
return KEYBOX_Nothing_Found;
return gpg_error (GPG_ERR_NOTHING_FOUND);
if (blob_get_type (hd->found.blob) != BLOBTYPE_X509)
return KEYBOX_Wrong_Blob_Type;
return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
buffer = _keybox_get_blob_image (hd->found.blob, &length);
if (length < 40)
return KEYBOX_Blob_Too_Short;
return gpg_error (GPG_ERR_TOO_SHORT);
cert_off = get32 (buffer+8);
cert_len = get32 (buffer+12);
if (cert_off+cert_len > length)
return KEYBOX_Blob_Too_Short;
return gpg_error (GPG_ERR_TOO_SHORT);
reader = ksba_reader_new ();
if (!reader)
return KEYBOX_Out_Of_Core;
return gpg_error (GPG_ERR_ENOMEM);
rc = ksba_reader_set_mem (reader, buffer+cert_off, cert_len);
if (rc)
{
ksba_reader_release (reader);
/* fixme: need to map the error codes */
return KEYBOX_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
cert = ksba_cert_new ();
if (!cert)
{
ksba_reader_release (reader);
return KEYBOX_Out_Of_Core;
return gpg_error (GPG_ERR_ENOMEM);
}
rc = ksba_cert_read_der (cert, reader);
@ -798,7 +802,7 @@ keybox_get_cert (KEYBOX_HANDLE hd, KsbaCert *r_cert)
ksba_cert_release (cert);
ksba_reader_release (reader);
/* fixme: need to map the error codes */
return KEYBOX_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
*r_cert = cert;

74
kbx/keybox-update.c
View File

@ -1,5 +1,5 @@
/* keybox-update.c - keybox update operations
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -50,15 +50,16 @@ create_tmp_file (const char *template,
{
bakfname = xtrymalloc (strlen (template) + 1);
if (!bakfname)
return KEYBOX_Out_Of_Core;
return gpg_error (gpg_err_code_from_errno (errno));
strcpy (bakfname, template);
strcpy (bakfname+strlen(template)-4, EXTSEP_S "bak");
tmpfname = xtrymalloc (strlen (template) + 1);
if (!tmpfname)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (bakfname);
return KEYBOX_Out_Of_Core;
return tmperr;
}
strcpy (tmpfname,template);
strcpy (tmpfname + strlen (template)-4, EXTSEP_S "tmp");
@ -67,28 +68,30 @@ create_tmp_file (const char *template,
{ /* file does not end with kbx; hmmm */
bakfname = xtrymalloc ( strlen (template) + 5);
if (!bakfname)
return KEYBOX_Out_Of_Core;
return gpg_error (gpg_err_code_from_errno (errno));
strcpy (stpcpy (bakfname, template), EXTSEP_S "bak");
tmpfname = xtrymalloc ( strlen (template) + 5);
if (!tmpfname)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (bakfname);
return KEYBOX_Out_Of_Core;
return tmperr;
}
strcpy (stpcpy (tmpfname, template), EXTSEP_S "tmp");
}
# else /* Posix file names */
bakfname = xtrymalloc (strlen (template) + 2);
if (!bakfname)
return KEYBOX_Out_Of_Core;
return gpg_error (gpg_err_code_from_errno (errno));
strcpy (stpcpy (bakfname,template),"~");
tmpfname = xtrymalloc ( strlen (template) + 5);
if (!tmpfname)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (bakfname);
return KEYBOX_Out_Of_Core;
return tmperr;
}
strcpy (stpcpy (tmpfname,template), EXTSEP_S "tmp");
# endif /* Posix filename */
@ -96,9 +99,10 @@ create_tmp_file (const char *template,
*r_fp = fopen (tmpfname, "wb");
if (!*r_fp)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (tmpfname);
xfree (bakfname);
return KEYBOX_File_Create_Error;
return tmperr;
}
*r_bakfname = bakfname;
@ -139,7 +143,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
#endif
if (rename (fname, bakfname) )
{
return KEYBOX_File_Error;
return gpg_error (gpg_err_code_from_errno (errno));
}
}
@ -149,7 +153,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
#endif
if (rename (tmpfname, fname) )
{
rc = KEYBOX_File_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
if (secret)
{
/* log_info ("WARNING: 2 files with confidential" */
@ -185,7 +189,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
/* Open the source file. Because we do a rename, we have to check the
permissions of the file */
if (access (fname, W_OK))
return KEYBOX_Write_Error;
return gpg_error (gpg_err_code_from_errno (errno));
fp = fopen (fname, "rb");
if (mode == 1 && !fp && errno == ENOENT)
@ -193,7 +197,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
newfp = fopen (fname, "wb");
if (!newfp )
{
return KEYBOX_File_Create_Error;
return gpg_error (gpg_err_code_from_errno (errno));
}
rc = _keybox_write_blob (blob, newfp);
@ -203,7 +207,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
}
if ( fclose (newfp) )
{
return KEYBOX_File_Create_Error;
return gpg_error (gpg_err_code_from_errno (errno));
}
/* if (chmod( fname, S_IRUSR | S_IWUSR )) */
@ -216,7 +220,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
if (!fp)
{
rc = KEYBOX_File_Open_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
@ -236,13 +240,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
{
if (fwrite (buffer, nread, 1, newfp) != 1)
{
rc = KEYBOX_Write_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
}
if (ferror (fp))
{
rc = KEYBOX_Read_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
}
@ -265,14 +269,14 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
if (fwrite (buffer, nread, 1, newfp) != 1)
{
rc = KEYBOX_Write_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
}
if (ferror (fp))
{
rc = KEYBOX_Read_Error;
goto leave;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
/* skip this blob */
@ -296,13 +300,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
{
if (fwrite (buffer, nread, 1, newfp) != 1)
{
rc = KEYBOX_Write_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
}
if (ferror (fp))
{
rc = KEYBOX_Read_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
}
@ -310,13 +314,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
/* close both files */
if (fclose(fp))
{
rc = KEYBOX_File_Close_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
fclose (newfp);
goto leave;
}
if (fclose(newfp))
{
rc = KEYBOX_File_Close_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
@ -341,12 +345,12 @@ keybox_insert_cert (KEYBOX_HANDLE hd, KsbaCert cert,
KEYBOXBLOB blob;
if (!hd)
return KEYBOX_Invalid_Handle;
return gpg_error (GPG_ERR_INV_HANDLE);
if (!hd->kb)
return KEYBOX_Invalid_Handle;
return gpg_error (GPG_ERR_INV_HANDLE);
fname = hd->kb->fname;
if (!fname)
return KEYBOX_Invalid_Handle;
return gpg_error (GPG_ERR_INV_HANDLE);
/* close this one otherwise we will mess up the position for a next
search. Fixme: it would be better to adjust the position after
@ -390,18 +394,18 @@ keybox_delete (KEYBOX_HANDLE hd)
int rc;
if (!hd)
return KEYBOX_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (!hd->found.blob)
return KEYBOX_Nothing_Found;
return gpg_error (GPG_ERR_NOTHING_FOUND);
if (!hd->kb)
return KEYBOX_Invalid_Handle;
return gpg_error (GPG_ERR_INV_HANDLE);
fname = hd->kb->fname;
if (!fname)
return KEYBOX_Invalid_Handle;
return gpg_error (GPG_ERR_INV_HANDLE);
off = _keybox_get_blob_fileoffset (hd->found.blob);
if (off == (off_t)-1)
return KEYBOX_General_Error;
return gpg_error (GPG_ERR_GENERAL);
off += 4;
if (hd->fp)
@ -412,19 +416,19 @@ keybox_delete (KEYBOX_HANDLE hd)
fp = fopen (hd->kb->fname, "r+b");
if (!fp)
return KEYBOX_File_Open_Error;
return gpg_error (gpg_err_code_from_errno (errno));
if (fseeko (fp, off, SEEK_SET))
rc = KEYBOX_Write_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
else if (putc (0, fp) == EOF)
rc = KEYBOX_Write_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
else
rc = 0;
if (fclose (fp))
{
if (!rc)
rc = KEYBOX_File_Close_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
}
return rc;

26
kbx/keybox.h
View File

@ -1,5 +1,5 @@
/* keybox.h - Keybox operations
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -43,27 +43,6 @@ extern "C" {
#endif
typedef enum {
KEYBOX_No_Error = 0,
KEYBOX_General_Error = 1,
KEYBOX_Out_Of_Core = 2,
KEYBOX_Invalid_Value = 3,
KEYBOX_Timeout = 4,
KEYBOX_Read_Error = 5,
KEYBOX_Write_Error = 6,
KEYBOX_File_Error = 7,
KEYBOX_Blob_Too_Short = 8,
KEYBOX_Blob_Too_Large = 9,
KEYBOX_Invalid_Handle = 10,
KEYBOX_File_Create_Error = 11,
KEYBOX_File_Open_Error = 12,
KEYBOX_File_Close_Error = 13,
KEYBOX_Nothing_Found = 14,
KEYBOX_Wrong_Blob_Type = 15,
KEYBOX_Missing_Value = 16,
} KeyboxError;
typedef struct keybox_handle *KEYBOX_HANDLE;
@ -115,9 +94,6 @@ void keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
void *(*new_realloc_func)(void *p, size_t n),
void (*new_free_func)(void*) );
/*-- keybox-errors.c (built) --*/
const char *keybox_strerror (KeyboxError err);
#ifdef __cplusplus
}

22
scd/ChangeLog
View File

@ -1,3 +1,25 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* scdaemon.h: Include gpg-error.h and errno.h
* card.c (map_sc_err): Use unknown for the error source.
* Makefile.am: Link with libgpg-error
2003-05-14 Werner Koch <wk@gnupg.org>
* atr.c, atr.h: New.
* sc-investigate.c: Dump the ATR in a human readable format.
2003-05-08 Werner Koch <wk@gnupg.org>
* scdaemon.h (DBG_CARD_IO_VALUE): New.
* sc-investigate.c: New.
* scdaemon.c (main): Removed --print-atr option.
* iso7816.c, iso7816.h, app-openpgp.c: New.
2003-04-29 Werner Koch <wk@gnupg.org>
* scdaemon.c: New options --print-atr and --reader-port

38
scd/Makefile.am
View File

@ -1,4 +1,4 @@
# Copyright (C) 2002 Free Software Foundation, Inc.
# Copyright (C) 2002, 2003 Free Software Foundation, Inc.
#
# This file is part of GnuPG.
#
@ -21,7 +21,7 @@
localedir = $(datadir)/locale
INCLUDES = -I../intl -DLOCALEDIR=\"$(localedir)\"
bin_PROGRAMS = scdaemon
bin_PROGRAMS = scdaemon sc-investigate sc-genkey
AM_CPPFLAGS = -I$(top_srcdir)/common $(OPENSC_CFLAGS) $(LIBGCRYPT_CFLAGS) \
$(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
@ -31,7 +31,37 @@ scdaemon_SOURCES = \
command.c card.c \
card-common.h \
card-p15.c card-dinsig.c \
apdu.c apdu.h
apdu.c apdu.h \
iso7816.c iso7816.h \
app-openpgp.c
scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(OPENSC_LIBS) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -ldl
$(OPENSC_LIBS) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error -ldl
sc_investigate_SOURCES = \
sc-investigate.c scdaemon.h \
apdu.c apdu.h \
iso7816.c iso7816.h \
app-openpgp.c \
atr.c atr.h
sc_investigate_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) -lgpg-error -ldl
sc_genkey_SOURCES = \
sc-genkey.c scdaemon.h \
apdu.c apdu.h \
iso7816.c iso7816.h \
app-openpgp.c \
atr.c atr.h
sc_genkey_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) -lgpg-error -ldl

253
scd/apdu.c
View File

@ -24,6 +24,7 @@
#include <stdlib.h>
#include <string.h>
#include <dlfcn.h>
#include <assert.h>
#include "scdaemon.h"
#include "apdu.h"
@ -243,6 +244,31 @@ open_ct_reader (int port)
}
/* Actuall send the APDU of length APDULEN to SLOT and return a
maximum of *BUFLEN data in BUFFER, the actual retruned size will be
set to BUFLEN. Returns: CT API error code. */
static int
ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen)
{
int rc;
unsigned char dad[1], sad[1];
unsigned short ctbuflen;
dad[0] = 0; /* Destination address: Card. */
sad[0] = 2; /* Source address: Host. */
ctbuflen = *buflen;
if (DBG_CARD_IO)
log_printhex (" CT_data:", apdu, apdulen);
rc = CT_data (slot, dad, sad, apdulen, apdu, &ctbuflen, buffer);
*buflen = ctbuflen;
/* FIXME: map the errorcodes to GNUPG ones, so that they can be
shared between CTAPI and PCSC. */
return rc;
}
#endif /*HAVE_CTAPI*/
@ -292,8 +318,235 @@ apdu_open_reader (int port)
}
unsigned char *
apdu_get_atr (int slot, size_t *atrlen)
{
char *buf;
if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
return NULL;
buf = xtrymalloc (reader_table[slot].atrlen);
if (!buf)
return NULL;
memcpy (buf, reader_table[slot].atr, reader_table[slot].atrlen);
*atrlen = reader_table[slot].atrlen;
return buf;
}
static const char *
error_string (int slot, int rc)
{
#ifdef HAVE_CTAPI
return ct_error_string (rc);
#elif defined(HAVE_PCSC)
return "?";
#else
return "?";
#endif
}
/* Dispatcher for the actual send_apdu fucntion. */
static int
send_apdu (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen)
{
#ifdef HAVE_CTAPI
return ct_send_apdu (slot, apdu, apdulen, buffer, buflen);
#elif defined(HAVE_PCSC)
return -1;
#else
return -1;
#endif
}
/* Send an APDU to the card in SLOT. The APDU is created from all
given parameters: CLASS, INS, P0, P1, LC, DATA, LE. A value of -1
for LC won't sent this field and the data field; in this case DATA
must also be passed as NULL. The return value is the status word
or -1 for an invalid SLOT or other non card related error. If
RETBUF is not NULL, it will receive an allocated buffer with the
returned data. The length of that data will be put into
*RETBUFLEN. The caller is reposnible for releasing the buffer even
in case of errors. */
int
apdu_send_le(int slot, int class, int ins, int p0, int p1,
int lc, const char *data, int le,
unsigned char **retbuf, size_t *retbuflen)
{
unsigned char result[256+10]; /* 10 extra in case of bugs in the driver. */
size_t resultlen = 256;
unsigned char apdu[5+256+1];
size_t apdulen;
int rc, sw;
if (DBG_CARD_IO)
log_debug ("send apdu: c=%02X i=%02X p0=%02X p1=%02X lc=%d le=%d\n",
class, ins, p0, p1, lc, le);
if (lc != -1 && (lc > 255 || lc < 0))
return SW_WRONG_LENGTH;
if (le != -1 && (le > 256 || le < 1))
return SW_WRONG_LENGTH;
if ((!data && lc != -1) || (data && lc == -1))
return -1;
apdulen = 0;
apdu[apdulen++] = class;
apdu[apdulen++] = ins;
apdu[apdulen++] = p0;
apdu[apdulen++] = p1;
if (lc != -1)
{
apdu[apdulen++] = lc;
memcpy (apdu+apdulen, data, lc);
apdulen += lc;
}
if (le != -1)
apdu[apdulen++] = le; /* Truncation is okay becuase 0 means 256. */
assert (sizeof (apdu) >= apdulen);
/* As safeguard don't pass any garbage from the stack to the driver. */
memset (apdu+apdulen, 0, sizeof (apdu) - apdulen);
rc = send_apdu (slot, apdu, apdulen, result, &resultlen);
if (rc || resultlen < 2)
{
log_error ("apdu_send_simple(%d) failed: %s\n",
slot, error_string (slot, rc));
return -1;
}
sw = (result[resultlen-2] << 8) | result[resultlen-1];
/* store away the returned data but strip the statusword. */
resultlen -= 2;
if (DBG_CARD_IO)
{
log_debug (" response: sw=%04X datalen=%d\n", sw, resultlen);
if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA))
log_printhex (" dump: ", result, resultlen);
}
if (sw == SW_SUCCESS)
{
if (retbuf)
{
*retbuf = xtrymalloc (resultlen? resultlen : 1);
if (!*retbuf)
return -1; /* fixme: this is actually out of core. */
*retbuflen = resultlen;
memcpy (*retbuf, result, resultlen);
}
}
else if ((sw & 0xff00) == SW_MORE_DATA)
{
unsigned char *p = NULL, *tmp;
size_t bufsize = 4096;
/* It is likely that we need to return much more data, so we
start off with a large buffer. */
if (retbuf)
{
*retbuf = p = xtrymalloc (bufsize);
if (!*retbuf)
return -1; /* fixme: this is actually out of core. */
assert (resultlen < bufsize);
memcpy (p, result, resultlen);
p += resultlen;
}
do
{
int len = (sw & 0x00ff);
log_debug ("apdu_send_simple(%d): %d more bytes available\n",
slot, len);
apdulen = 0;
apdu[apdulen++] = class;
apdu[apdulen++] = 0xC0;
apdu[apdulen++] = 0;
apdu[apdulen++] = 0;
apdu[apdulen++] = 64; /* that is 256 bytes for Le */
memset (apdu+apdulen, 0, sizeof (apdu) - apdulen);
rc = send_apdu (slot, apdu, apdulen, result, &resultlen);
if (rc || resultlen < 2)
{
log_error ("apdu_send_simple(%d) for get response failed: %s\n",
slot, error_string (slot, rc));
return -1;
}
sw = (result[resultlen-2] << 8) | result[resultlen-1];
resultlen -= 2;
if (DBG_CARD_IO)
{
log_debug (" more: sw=%04X datalen=%d\n", sw, resultlen);
if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA))
log_printhex (" dump: ", result, resultlen);
}
if ((sw & 0xff00) == SW_MORE_DATA || sw == SW_SUCCESS)
{
if (retbuf)
{
if (p - *retbuf + resultlen > bufsize)
{
bufsize += resultlen > 4096? resultlen: 4096;
tmp = xtryrealloc (*retbuf, bufsize);
if (!tmp)
return -1; /* fixme: actually this is out of core */
p = tmp + (p - *retbuf);
*retbuf = tmp;
}
memcpy (p, result, resultlen);
p += resultlen;
}
}
else
log_info ("apdu_send_simple(%d) "
"got unexpected status %04X from get response\n",
slot, sw);
}
while ((sw & 0xff00) == SW_MORE_DATA);
if (retbuf)
{
*retbuflen = p - *retbuf;
tmp = xtryrealloc (*retbuf, *retbuflen);
if (tmp)
*retbuf = tmp;
}
}
if (DBG_CARD_IO && retbuf && sw == SW_SUCCESS)
log_printhex (" dump: ", *retbuf, *retbuflen);
return sw;
}
/* Send an APDU to the card in SLOT. The APDU is created from all
given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for
LC won't sent this field and the data field; in this case DATA must
also be passed as NULL. The return value is the status word or -1
for an invalid SLOT or other non card related error. If RETBUF is
not NULL, it will receive an allocated buffer with the returned
data. The length of that data will be put into *RETBUFLEN. The
caller is reponsible for releasing the buffer even in case of
errors. */
int
apdu_send(int slot, int class, int ins, int p0, int p1,
int lc, const char *data, unsigned char **retbuf, size_t *retbuflen)
{
return apdu_send_le (slot, class, ins, p0, p1, lc, data, 256,
retbuf, retbuflen);
}
/* Send an APDU to the card in SLOT. The APDU is created from all
given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for
LC won't sent this field and the data field; in this case DATA must
also be passed as NULL. The return value is the status word or -1
for an invalid SLOT or other non card related error. No data will be
returned. */
int
apdu_send_simple (int slot, int class, int ins, int p0, int p1,
int lc, const char *data)
{
return apdu_send (slot, class, ins, p0, p1, lc, data, NULL, NULL);
}

31
scd/apdu.h
View File

@ -1,4 +1,4 @@
/* apdu.c - ISO 7816 APDU functions and low level I/O
/* apdu.h - ISO 7816 APDU functions and low level I/O
* Copyright (C) 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@ -21,9 +21,38 @@
#ifndef APDU_H
#define APDU_H
/* ISO 7816 values for the statusword are defined here because they
should not be visible to the users of the actual iso command
API. */
enum {
SW_MORE_DATA = 0x6100, /* Note: that the low byte must be
masked of.*/
SW_EEPROM_FAILURE = 0x6581,
SW_WRONG_LENGTH = 0x6700,
SW_CHV_WRONG = 0x6982,
SW_CHV_BLOCKED = 0x6983,
SW_USE_CONDITIONS = 0x6985,
SW_BAD_PARAMETER = 0x6a80, /* (in the data field) */
SW_REF_NOT_FOUND = 0x6a88,
SW_BAD_P0_P1 = 0x6b00,
SW_INS_NOT_SUP = 0x6d00,
SW_CLA_NOT_SUP = 0x6e00,
SW_SUCCESS = 0x9000
};
int apdu_open_reader (int port);
unsigned char *apdu_get_atr (int slot, size_t *atrlen);
int apdu_send_simple (int slot, int class, int ins, int p0, int p1,
int lc, const char *data);
int apdu_send (int slot, int class, int ins, int p0, int p1,
int lc, const char *data,
unsigned char **retbuf, size_t *retbuflen);
int apdu_send_le (int slot, int class, int ins, int p0, int p1,
int lc, const char *data, int le,
unsigned char **retbuf, size_t *retbuflen);
#endif /*APDU_H*/

2
scd/card-common.h
View File

@ -59,7 +59,7 @@ struct card_ctx_s {
};
/*-- card.c --*/
int map_sc_err (int rc);
gpg_error_t map_sc_err (int rc);
int card_help_get_keygrip (KsbaCert cert, unsigned char *array);
/*-- card-15.c --*/

20
scd/card-dinsig.c
View File

@ -116,8 +116,9 @@ dinsig_enum_keypairs (CARD card, int idx,
cert = ksba_cert_new ();
if (!cert)
{
gpg_error_t tmperr = out_of_core ();
xfree (buf);
return GNUPG_Out_Of_Core;
return tmperr;
}
krc = ksba_cert_init_from_mem (cert, buf, buflen);
@ -127,13 +128,13 @@ dinsig_enum_keypairs (CARD card, int idx,
log_error ("failed to parse the certificate at idx %d: %s\n",
idx, ksba_strerror (krc));
ksba_cert_release (cert);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
if (card_help_get_keygrip (cert, keygrip))
{
log_error ("failed to calculate the keygrip at index %d\n", idx);
ksba_cert_release (cert);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
ksba_cert_release (cert);
@ -142,7 +143,7 @@ dinsig_enum_keypairs (CARD card, int idx,
{
*keyid = xtrymalloc (17);
if (!*keyid)
return GNUPG_Out_Of_Core;
return out_of_core ();
if (!idx)
strcpy (*keyid, "DINSIG-DF01.C000");
else
@ -170,7 +171,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
else if (!strcmp (certidstr, "DINSIG-DF01.C200"))
sc_format_path ("3F00DF01C200", &path);
else
return GNUPG_Invalid_Id;
return gpg_error (GPG_ERR_INVALID_ID);
rc = sc_select_file (card->scard, &path, &file);
if (rc)
@ -183,19 +184,20 @@ dinsig_read_cert (CARD card, const char *certidstr,
{
log_error ("wrong type or structure of certificate EF\n");
sc_file_free (file);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
if (file->size < 20) /* check against a somewhat arbitrary length */
{
log_error ("certificate EF too short\n");
sc_file_free (file);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
buf = xtrymalloc (file->size);
if (!buf)
{
gpg_error_t tmperr = out_of_core ();
sc_file_free (file);
return GNUPG_Out_Of_Core;
return tmperr;
}
rc = sc_read_binary (card->scard, 0, buf, file->size, 0);
@ -204,7 +206,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
log_error ("short read on certificate EF\n");
sc_file_free (file);
xfree (buf);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
sc_file_free (file);
if (rc < 0)

52
scd/card-p15.c
View File

@ -53,7 +53,7 @@ init_private_data (CARD card)
priv = xtrycalloc (1, sizeof *priv);
if (!priv)
return GNUPG_Out_Of_Core;
return out_of_core ();
/* OpenSC (0.7.0) is a bit strange in that the get_objects functions
tries to be a bit too clever and implicitly does an enumeration
@ -70,7 +70,7 @@ init_private_data (CARD card)
{
log_error ("private keys enumeration failed: %s\n", sc_strerror (rc));
xfree (priv);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
priv->n_prkey_rsa_objs = rc;
@ -82,7 +82,7 @@ init_private_data (CARD card)
{
log_error ("private keys enumeration failed: %s\n", sc_strerror (rc));
xfree (priv);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
priv->n_cert_objs = rc;
@ -136,7 +136,7 @@ p15_enum_keypairs (CARD card, int idx,
log_info ("certificate for private key %d not found: %s\n",
idx, sc_strerror (rc));
/* note, that we return the ID anyway */
rc = GNUPG_Missing_Certificate;
rc = gpg_error (GPG_ERR_MISSING_CERTIFICATE);
goto return_keyid;
}
certinfo = tmpobj->data;
@ -145,14 +145,15 @@ p15_enum_keypairs (CARD card, int idx,
{
log_info ("failed to read certificate for private key %d: %s\n",
idx, sc_strerror (rc));
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
cert = ksba_cert_new ();
if (!cert)
{
gpg_error_t tmperr = out_of_core ();
sc_pkcs15_free_certificate (certder);
return GNUPG_Out_Of_Core;
return tmperr;
}
krc = ksba_cert_init_from_mem (cert, certder->data, certder->data_len);
sc_pkcs15_free_certificate (certder);
@ -161,13 +162,13 @@ p15_enum_keypairs (CARD card, int idx,
log_error ("failed to parse the certificate for private key %d: %s\n",
idx, ksba_strerror (krc));
ksba_cert_release (cert);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
if (card_help_get_keygrip (cert, keygrip))
{
log_error ("failed to calculate the keygrip of private key %d\n", idx);
ksba_cert_release (cert);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
ksba_cert_release (cert);
@ -180,7 +181,7 @@ p15_enum_keypairs (CARD card, int idx,
*keyid = p = xtrymalloc (9+pinfo->id.len*2+1);
if (!*keyid)
return GNUPG_Out_Of_Core;
return out_of_core ();
p = stpcpy (p, "P15-5015.");
for (i=0; i < pinfo->id.len; i++, p += 2)
sprintf (p, "%02X", pinfo->id.value[i]);
@ -218,7 +219,7 @@ p15_enum_certs (CARD card, int idx, char **certid, int *type)
*certid = p = xtrymalloc (9+cinfo->id.len*2+1);
if (!*certid)
return GNUPG_Out_Of_Core;
return out_of_core ();
p = stpcpy (p, "P15-5015.");
for (i=0; i < cinfo->id.len; i++, p += 2)
sprintf (p, "%02X", cinfo->id.value[i]);
@ -251,14 +252,14 @@ idstr_to_id (const char *idstr, struct sc_pkcs15_id *id)
/* For now we only support the standard DF */
if (strncmp (idstr, "P15-5015.", 9) )
return GNUPG_Invalid_Id;
return gpg_error (GPG_ERR_INVALID_ID);
for (s=idstr+9, n=0; hexdigitp (s); s++, n++)
;
if (*s || (n&1))
return GNUPG_Invalid_Id; /* invalid or odd number of digits */
return gpg_error (GPG_ERR_INVALID_ID); /*invalid or odd number of digits*/
n /= 2;
if (!n || n > SC_PKCS15_MAX_ID_SIZE)
return GNUPG_Invalid_Id; /* empty or too large */
return gpg_error (GPG_ERR_INVALID_ID); /* empty or too large */
for (s=idstr+9, n=0; *s; s += 2, n++)
id->value[n] = xtoi_2 (s);
id->len = n;
@ -278,9 +279,9 @@ p15_read_cert (CARD card, const char *certidstr,
int rc;
if (!card || !certidstr || !cert || !ncert)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
if (!card->p15card)
return GNUPG_No_PKCS15_App;
return gpg_error (GPG_ERR_NO_PKCS15_APP);
rc = idstr_to_id (certidstr, &certid);
if (rc)
@ -299,14 +300,15 @@ p15_read_cert (CARD card, const char *certidstr,
{
log_info ("failed to read certificate '%s': %s\n",
certidstr, sc_strerror (rc));
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
*cert = xtrymalloc (certder->data_len);
if (!*cert)
{
gpg_error_t tmperr = out_of_core ();
sc_pkcs15_free_certificate (certder);
return GNUPG_Out_Of_Core;
return tmperr;
}
memcpy (*cert, certder->data, certder->data_len);
*ncert = certder->data_len;
@ -337,7 +339,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
if (rc < 0)
{
log_error ("private key not found: %s\n", sc_strerror(rc));
return GNUPG_No_Secret_Key;
return gpg_error (GPG_ERR_NO_SECRET_KEY);
}
rc = sc_pkcs15_find_pin_by_auth_id (card->p15card,
@ -345,7 +347,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
if (rc)
{
log_error ("failed to find PIN by auth ID: %s\n", sc_strerror (rc));
return GNUPG_Bad_PIN_Method;
return gpg_error (GPG_ERR_BAD_PIN_METHOD);
}
pin = pinobj->data;
@ -365,7 +367,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
if (rc)
{
log_info ("PIN verification failed: %s\n", sc_strerror (rc));
return GNUPG_Bad_PIN;
return gpg_error (GPG_ERR_BAD_PIN);
}
/* fixme: check wheter we need to release KEYOBJ in case of an error */
@ -389,7 +391,7 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
size_t outbuflen;
if (hashalgo != GCRY_MD_SHA1)
return GNUPG_Unsupported_Algorithm;
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
rc = p15_prepare_key (card, keyidstr, pincb, pincb_arg, &keyobj);
if (rc)
@ -400,7 +402,7 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
outbuflen = 1024;
outbuf = xtrymalloc (outbuflen);
if (!outbuf)
return GNUPG_Out_Of_Core;
return out_of_core ();
rc = sc_pkcs15_compute_signature (card->p15card, keyobj,
cryptflags,
@ -409,7 +411,7 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
if (rc < 0)
{
log_error ("failed to create signature: %s\n", sc_strerror (rc));
rc = GNUPG_Card_Error;
rc = gpg_error (GPG_ERR_CARD_ERROR);
}
else
{
@ -462,7 +464,7 @@ p15_decipher (CARD card, const char *keyidstr,
outbuflen = indatalen < 256? 256 : indatalen;
outbuf = xtrymalloc (outbuflen);
if (!outbuf)
return GNUPG_Out_Of_Core;
return out_of_core ();
rc = sc_pkcs15_decipher (card->p15card, keyobj,
0,
@ -471,7 +473,7 @@ p15_decipher (CARD card, const char *keyidstr,
if (rc < 0)
{
log_error ("failed to decipher the data: %s\n", sc_strerror (rc));
rc = GNUPG_Card_Error;
rc = gpg_error (GPG_ERR_CARD_ERROR);
}
else
{

98
scd/card.c
View File

@ -34,23 +34,25 @@
#include "card-common.h"
/* Map the SC error codes to the GNUPG ones */
int
gpg_error_t
map_sc_err (int rc)
{
gpg_err_code_t e;
switch (rc)
{
case 0: rc = 0; break;
case 0: e = 0; break;
#ifdef HAVE_OPENSC
case SC_ERROR_NOT_SUPPORTED: rc = GNUPG_Not_Supported; break;
case SC_ERROR_PKCS15_APP_NOT_FOUND: rc = GNUPG_No_PKCS15_App; break;
case SC_ERROR_OUT_OF_MEMORY: rc = GNUPG_Out_Of_Core; break;
case SC_ERROR_CARD_NOT_PRESENT: rc = GNUPG_Card_Not_Present; break;
case SC_ERROR_CARD_REMOVED: rc = GNUPG_Card_Removed; break;
case SC_ERROR_INVALID_CARD: rc = GNUPG_Invalid_Card; break;
case SC_ERROR_NOT_SUPPORTED: e = GPG_ERR_NOT_SUPPORTED; break;
case SC_ERROR_PKCS15_APP_NOT_FOUND: e = GPG_ERR_NO_PKCS15_APP; break;
case SC_ERROR_OUT_OF_MEMORY: e = GPG_ERR_ENOMEM; break;
case SC_ERROR_CARD_NOT_PRESENT: e = GPG_ERR_CARD_NOT_PRESENT; break;
case SC_ERROR_CARD_REMOVED: e = GPG_ERR_CARD_REMOVED; break;
case SC_ERROR_INVALID_CARD: e = GPG_ERR_INVALID_CARD; break;
#endif
default: rc = GNUPG_Card_Error; break;
default: e = GPG_ERR_CARD_ERROR; break;
}
return rc;
return gpg_make_error (GPG_ERR_SOURCE_UNKNOWN, e);
}
/* Get the keygrip from CERT, return 0 on success */
@ -89,7 +91,7 @@ card_help_get_keygrip (KsbaCert cert, unsigned char *array)
information of the card. Detects whgether a PKCS_15 application is
stored.
Common errors: GNUPG_Card_Not_Present */
Common errors: GPG_ERR_CARD_NOT_PRESENT */
int
card_open (CARD *rcard)
{
@ -99,7 +101,7 @@ card_open (CARD *rcard)
card = xtrycalloc (1, sizeof *card);
if (!card)
return GNUPG_Out_Of_Core;
return out_of_core ();
card->reader = 0;
rc = sc_establish_context (&card->ctx, "scdaemon");
@ -112,7 +114,7 @@ card_open (CARD *rcard)
if (card->reader >= card->ctx->reader_count)
{
log_error ("no card reader available\n");
rc = GNUPG_Card_Error;
rc = gpg_error (GPG_ERR_CARD_ERROR);
goto leave;
}
card->ctx->error_file = log_get_stream ();
@ -121,7 +123,7 @@ card_open (CARD *rcard)
if (sc_detect_card_presence (card->ctx->reader[card->reader], 0) != 1)
{
rc = GNUPG_Card_Not_Present;
rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
goto leave;
}
@ -155,7 +157,7 @@ card_open (CARD *rcard)
return rc;
#else
return GNUPG_Not_Supported;
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif
}
@ -240,7 +242,7 @@ find_iccsn (const unsigned char *buffer, size_t length, char **serial)
s = find_simple_tlv (buffer, length, 0x5A, &n);
if (!s)
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
length -= s - buffer;
if (n > length)
{
@ -255,14 +257,16 @@ find_iccsn (const unsigned char *buffer, size_t length, char **serial)
n--;
}
else
return GNUPG_Card_Error; /* Bad encoding; does not fit into buffer. */
return gpg_error (GPG_ERR_CARD_ERROR); /* Bad encoding; does
not fit into
buffer. */
}
if (!n)
return GNUPG_Card_Error; /* Well, that is too short. */
return gpg_error (GPG_ERR_CARD_ERROR); /* Well, that is too short. */
*serial = p = xtrymalloc (2*n+1);
if (!*serial)
return GNUPG_Out_Of_Core;
return out_of_core ();
for (; n; n--, p += 2, s++)
sprintf (p, "%02X", *s);
*p = 0;
@ -290,7 +294,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
#endif
if (!card || !serial || !stamp)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
*serial = NULL;
*stamp = 0; /* not available */
@ -328,21 +332,21 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
if (rc)
{
log_error ("sc_select_file failed: %s\n", sc_strerror (rc));
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
if (file->type != SC_FILE_TYPE_WORKING_EF
|| file->ef_structure != SC_FILE_EF_TRANSPARENT)
{
log_error ("wrong type or structure of GDO file\n");
sc_file_free (file);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
if (!file->size || file->size >= DIM(buf) )
{ /* FIXME: Use a real parser */
log_error ("unsupported size of GDO file (%d)\n", file->size);
sc_file_free (file);
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
buflen = file->size;
@ -351,16 +355,16 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
if (rc < 0)
{
log_error ("error reading GDO file: %s\n", sc_strerror (rc));
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
if (rc != buflen)
{
log_error ("short read on GDO file\n");
return GNUPG_Card_Error;
return gpg_error (GPG_ERR_CARD_ERROR);
}
rc = find_iccsn (buf, buflen, serial);
if (rc == GNUPG_Card_Error)
if (gpg_err_code (rc) == GPG_ERR_CARD_ERROR)
log_error ("invalid structure of GDO file\n");
if (!rc && card->p15card && !strcmp (*serial, "D27600000000000000000000"))
{ /* This is a German card with a silly serial number. Try to get
@ -376,7 +380,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
*serial = NULL;
p = xtrymalloc (strlen (efser) + 7);
if (!p)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
else
{
strcpy (p, "FF0100");
@ -392,7 +396,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
{
xfree (*serial);
*serial = NULL;
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
}
else
{
@ -404,7 +408,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
}
return rc;
#else
return GNUPG_Not_Supported;
return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif
}
@ -415,7 +419,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
the KEYGRIP of the keypair. If KEYID is not NULL, it returns the
ID field of the key in allocated memory; this is a string without
spaces. The function returns -1 when all keys have been
enumerated. Note that the error GNUPG_Missing_Certificate may be
enumerated. Note that the error GPG_ERR_MISSING_CERTIFICATE may be
returned if there is just the private key but no public key (ie.e a
certificate) available. Applications might want to continue
enumerating after this error.*/
@ -430,13 +434,13 @@ card_enum_keypairs (CARD card, int idx,
*keyid = NULL;
if (!card || !keygrip)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (idx < 0)
return GNUPG_Invalid_Index;
return gpg_error (GPG_ERR_INVALID_INDEX);
if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized;
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.enum_keypairs)
return GNUPG_Unsupported_Operation;
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.enum_keypairs (card, idx, keygrip, keyid);
if (opt.verbose)
log_info ("card operation enum_keypairs result: %s\n",
@ -462,13 +466,13 @@ card_enum_certs (CARD card, int idx, char **certid, int *certtype)
*certid = NULL;
if (!card)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (idx < 0)
return GNUPG_Invalid_Index;
return gpg_error (GPG_ERR_INVALID_INDEX);
if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized;
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.enum_certs)
return GNUPG_Unsupported_Operation;
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.enum_certs (card, idx, certid, certtype);
if (opt.verbose)
log_info ("card operation enum_certs result: %s\n",
@ -489,11 +493,11 @@ card_read_cert (CARD card, const char *certidstr,
int rc;
if (!card || !certidstr || !cert || !ncert)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized;
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.read_cert)
return GNUPG_Unsupported_Operation;
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.read_cert (card, certidstr, cert, ncert);
if (opt.verbose)
log_info ("card operation read_cert result: %s\n", gnupg_strerror (rc));
@ -514,11 +518,11 @@ card_sign (CARD card, const char *keyidstr, int hashalgo,
int rc;
if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized;
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.sign)
return GNUPG_Unsupported_Operation;
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.sign (card, keyidstr, hashalgo,
pincb, pincb_arg,
indata, indatalen,
@ -542,11 +546,11 @@ card_decipher (CARD card, const char *keyidstr,
int rc;
if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INV_VALUE);
if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized;
return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.decipher)
return GNUPG_Unsupported_Operation;
return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.decipher (card, keyidstr,
pincb, pincb_arg,
indata, indatalen,

14
scd/command.c
View File

@ -233,7 +233,7 @@ cmd_learn (ASSUAN_CONTEXT ctx, char *line)
buf = xtrymalloc (40 + 1 + strlen (certid) + 1);
if (!buf)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
else
{
sprintf (buf, "%d %s", certtype, certid);
@ -255,7 +255,7 @@ cmd_learn (ASSUAN_CONTEXT ctx, char *line)
int no_cert = 0;
rc = card_enum_keypairs (ctrl->card_ctx, idx, keygrip, &keyid);
if (rc == GNUPG_Missing_Certificate && keyid)
if (gpg_err_code (rc) == GPG_ERR_MISSING_CERT && keyid)
{
/* this does happen with an incomplete personalized
card; i.e. during the time we have stored the key on the
@ -271,7 +271,7 @@ cmd_learn (ASSUAN_CONTEXT ctx, char *line)
buf = p = xtrymalloc (40 + 1 + strlen (keyid) + 1);
if (!buf)
rc = GNUPG_Out_Of_Core;
rc = out_of_core ();
else
{
int i;
@ -358,8 +358,8 @@ cmd_readkey (ASSUAN_CONTEXT ctx, char *line)
kc = ksba_cert_new ();
if (!kc)
{
rc = out_of_core ();
xfree (cert);
rc = GNUPG_Out_Of_Core;
goto leave;
}
rc = ksba_cert_init_from_mem (kc, cert, ncert);
@ -373,7 +373,7 @@ cmd_readkey (ASSUAN_CONTEXT ctx, char *line)
p = ksba_cert_get_public_key (kc);
if (!p)
{
rc = GNUPG_No_Public_Key;
rc = gpg_error (GPG_ERR_NO_PUBKEY);
goto leave;
}
@ -439,7 +439,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
rc = asprintf (&command, "NEEDPIN %s", info);
if (rc < 0)
return GNUPG_Out_Of_Core;
return out_of_core ();
/* FIXME: Write an inquire function which returns the result in
secure memory */
@ -452,7 +452,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
{
/* We require that the returned value is an UTF-8 string */
xfree (value);
return GNUPG_Invalid_Response;
return gpg_error (GPG_ERR_INVALID_RESPONSE);
}
*retstr = value;
return 0;

12
scd/scdaemon.c
View File

@ -69,7 +69,6 @@ enum cmd_and_opt_values
oDaemon,
oBatch,
oReaderPort,
oPrintATR,
aTest };
@ -93,7 +92,6 @@ static ARGPARSE_OPTS opts[] = {
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
{ oReaderPort, "reader-port", 1, N_("|N|connect to reader at port N")},
{ oPrintATR, "print-atr", 0, N_("print ATR and exit")},
{0}
};
@ -233,9 +231,6 @@ main (int argc, char **argv )
char *logfile = NULL;
int debug_wait = 0;
int reader_port = 32768; /* First USB reader. */
int print_atr = 0;
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
@ -371,7 +366,6 @@ main (int argc, char **argv )
case oDaemon: is_daemon = 1; break;
case oReaderPort: reader_port = pargs.r.ret_int; break;
case oPrintATR: print_atr = 1; break;
default : pargs.err = configfp? 1:2; break;
}
@ -410,12 +404,6 @@ main (int argc, char **argv )
}
if (print_atr)
{
apdu_open_reader (reader_port);
scd_exit (0);
}
if (debug_wait && pipe_server)
{
log_debug ("waiting for debugger - my pid is %u .....\n",

20
scd/scdaemon.h
View File

@ -1,5 +1,5 @@
/* scdaemon.h - Global definitions for the SCdaemon
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -21,11 +21,27 @@
#ifndef SCDAEMON_H
#define SCDAEMON_H
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_SCD
#include <gpg-error.h>
#include <errno.h>
#include <time.h>
#include <gcrypt.h>
#include "../common/util.h"
#include "../common/errors.h"
/* Convenience funcion to be used instead of returning the old
GNUPG_Out_Of_Core. */
static __inline__ gpg_error_t
out_of_core (void)
{
return gpg_error (gpg_err_code_from_errno (errno));
}
#define MAX_DIGEST_LEN 24
/* A large struct name "opt" to keep global flags */
@ -48,6 +64,7 @@ struct {
#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
#define DBG_HASHING_VALUE 512 /* debug hashing operations */
#define DBG_ASSUAN_VALUE 1024
#define DBG_CARD_IO_VALUE 2048
#define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE)
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
@ -55,6 +72,7 @@ struct {
#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
#define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
struct server_local_s;
struct card_ctx_s;

7
sm/ChangeLog
View File

@ -1,3 +1,10 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* gpgsm.h: Include gpg-error.h .
* Makefile.am: Link with libgpg-error.
2003-04-29 Werner Koch <wk@gnupg.org>
* Makefile.am: Use libassuan. Don't override LDFLAGS anymore.

4
sm/Makefile.am
View File

@ -51,6 +51,4 @@ gpgsm_SOURCES = \
gpgsm_LDADD = ../jnlib/libjnlib.a ../kbx/libkeybox.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(KSBA_LIBS)
$(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(KSBA_LIBS) -lgpg-error

14
sm/base64.c
View File

@ -1,5 +1,5 @@
/* base64.c
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -482,7 +482,7 @@ base64_finish_write (struct writer_cb_parm_s *parm)
fputs (parm->pem_name, fp);
fputs ("-----\n", fp);
}
return ferror (fp)? GNUPG_Write_Error : 0;
return ferror (fp)? gpg_error (gpg_err_code_from_errno (errno)) : 0;
}
@ -504,13 +504,13 @@ gpgsm_create_reader (Base64Context *ctx,
*r_reader = NULL;
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
return seterr (Out_Of_Core);
return OUT_OF_CORE (errno);
r = ksba_reader_new ();
if (!r)
{
xfree (*ctx); *ctx = NULL;
return seterr (Out_Of_Core);
return gpg_error (GPG_ERR_ENOMEM);
}
(*ctx)->u.rparm.fp = fp;
@ -569,13 +569,13 @@ gpgsm_create_writer (Base64Context *ctx,
*r_writer = NULL;
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
return seterr (Out_Of_Core);
return OUT_OF_CORE (errno);
w = ksba_writer_new ();
if (!w)
{
xfree (*ctx); *ctx = NULL;
return seterr (Out_Of_Core);
return gpg_error (GPG_ERR_ENOMEM);
}
if (ctrl->create_pem || ctrl->create_base64)
@ -607,7 +607,7 @@ gpgsm_finish_writer (Base64Context ctx)
struct writer_cb_parm_s *parm;
if (!ctx)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
parm = &ctx->u.wparm;
if (parm->did_finish)
return 0; /* already done */

62
sm/call-agent.c
View File

@ -1,5 +1,5 @@
/* call-agent.c - divert operations to the agent
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -30,9 +30,9 @@
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
#include <assuan.h>
#include "gpgsm.h"
#include "../assuan/assuan.h"
#include "i18n.h"
#include "keydb.h" /* fixme: Move this to import.c */
@ -159,8 +159,9 @@ start_agent (void)
if (fflush (NULL))
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno));
return seterr (Write_Error);
return tmperr;
}
if (!opt.agent_program || !*opt.agent_program)
@ -224,7 +225,7 @@ start_agent (void)
if (rc)
{
log_error ("can't connect to the agent: %s\n", assuan_strerror (rc));
return seterr (No_Agent);
return gpg_error (GPG_ERR_NO_AGENT);
}
agent_ctx = ctx;
@ -241,7 +242,7 @@ start_agent (void)
char *optstr;
if (asprintf (&optstr, "OPTION display=%s",
opt.display ? opt.display : dft_display) < 0)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
@ -259,7 +260,7 @@ start_agent (void)
char *optstr;
if (asprintf (&optstr, "OPTION ttyname=%s",
opt.ttyname ? opt.ttyname : dft_ttyname) < 0)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
@ -272,7 +273,7 @@ start_agent (void)
char *optstr;
if (asprintf (&optstr, "OPTION ttytype=%s",
opt.ttyname ? opt.ttytype : dft_ttytype) < 0)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
@ -285,7 +286,7 @@ start_agent (void)
{
old_lc = strdup (old_lc);
if (!old_lc)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
}
dft_lc = setlocale (LC_CTYPE, "");
#endif
@ -294,7 +295,7 @@ start_agent (void)
char *optstr;
if (asprintf (&optstr, "OPTION lc-ctype=%s",
opt.lc_ctype ? opt.lc_ctype : dft_lc) < 0)
rc = GNUPG_Out_Of_Core;
rc = OUT_OF_CORE (errno);
else
{
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
@ -319,7 +320,7 @@ start_agent (void)
{
old_lc = strdup (old_lc);
if (!old_lc)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
}
dft_lc = setlocale (LC_MESSAGES, "");
#endif
@ -328,7 +329,7 @@ start_agent (void)
char *optstr;
if (asprintf (&optstr, "OPTION lc-messages=%s",
opt.lc_messages ? opt.lc_messages : dft_lc) < 0)
rc = GNUPG_Out_Of_Core;
rc = OUT_OF_CORE (errno);
else
{
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
@ -381,7 +382,7 @@ gpgsm_agent_pksign (const char *keygrip,
return rc;
if (digestlen*2 + 50 > DIM(line))
return seterr (General_Error);
return gpg_error (GPG_ERR_GENERAL);
rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
if (rc)
@ -414,10 +415,10 @@ gpgsm_agent_pksign (const char *keygrip,
if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
{
xfree (*r_buf); *r_buf = NULL;
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
}
return *r_buf? 0 : GNUPG_Out_Of_Core;
return *r_buf? 0 : OUT_OF_CORE (errno);
}
@ -454,12 +455,12 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
size_t ciphertextlen;
if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
*r_buf = NULL;
ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
if (!ciphertextlen)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
rc = start_agent ();
if (rc)
@ -492,16 +493,17 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
put_membuf (&data, "", 1); /* make sure it is 0 terminated */
buf = get_membuf (&data, &len);
if (!buf)
return seterr (Out_Of_Core);
return gpg_error (GPG_ERR_ENOMEM);
/* FIXME: We would better a return a full S-exp and not just a part */
assert (len);
len--; /* remove the terminating 0 */
n = strtoul (buf, &endp, 10);
if (!n || *endp != ':')
return seterr (Invalid_Sexp);
return gpg_error (GPG_ERR_INVALID_SEXP);
endp++;
if (endp-buf+n > len)
return seterr (Invalid_Sexp); /* oops len does not match internal len*/
return gpg_error (GPG_ERR_INVALID_SEXP); /* oops len does not
match internal len*/
memmove (buf, endp, n);
*r_buflen = n;
*r_buf = buf;
@ -550,7 +552,7 @@ gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
gk_parm.sexp = keyparms;
gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
if (!gk_parm.sexplen)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
rc = assuan_transact (agent_ctx, "GENKEY",
membuf_data_cb, &data,
inq_genkey_parms, &gk_parm, NULL, NULL);
@ -561,11 +563,11 @@ gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
}
buf = get_membuf (&data, &len);
if (!buf)
return GNUPG_Out_Of_Core;
return gpg_error (GPG_ERR_ENOMEM);
if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
{
xfree (buf);
return GNUPG_Invalid_Sexp;
return gpg_error (GPG_ERR_INVALID_SEXP);
}
*r_pubkey = buf;
return 0;
@ -589,7 +591,7 @@ gpgsm_agent_istrusted (KsbaCert cert)
if (!fpr)
{
log_error ("error getting the fingerprint\n");
return seterr (General_Error);
return gpg_error (GPG_ERR_GENERAL);
}
snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
@ -616,14 +618,14 @@ gpgsm_agent_marktrusted (KsbaCert cert)
if (!fpr)
{
log_error ("error getting the fingerprint\n");
return seterr (General_Error);
return gpg_error (GPG_ERR_GENERAL);
}
dn = ksba_cert_get_issuer (cert, 0);
if (!dn)
{
xfree (fpr);
return seterr (General_Error);
return gpg_error (GPG_ERR_GENERAL);
}
snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
line[DIM(line)-1] = 0;
@ -649,7 +651,7 @@ gpgsm_agent_havekey (const char *hexkeygrip)
return rc;
if (!hexkeygrip || strlen (hexkeygrip) != 40)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
line[DIM(line)-1] = 0;
@ -680,7 +682,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
buf = get_membuf (parm->data, &len);
if (!buf)
{
parm->error = GNUPG_Out_Of_Core;
parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0;
}
@ -689,7 +691,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
cert = ksba_cert_new ();
if (!cert)
{
parm->error = GNUPG_Out_Of_Core;
parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0;
}
rc = ksba_cert_init_from_mem (cert, buf, len);
@ -702,7 +704,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
}
rc = gpgsm_basic_cert_check (cert);
if (rc == GNUPG_Missing_Certificate)
if (gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
{ /* For later use we store it in the ephemeral database. */
log_info ("issuer certificate missing - storing as ephemeral\n");
keydb_store_cert (cert, 1, NULL);
@ -766,7 +768,7 @@ gpgsm_agent_passwd (const char *hexkeygrip)
return rc;
if (!hexkeygrip || strlen (hexkeygrip) != 40)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
line[DIM(line)-1] = 0;

25
sm/call-dirmngr.c
View File

@ -1,5 +1,5 @@
/* call-dirmngr.c - communication with the dromngr
* Copyright (C) 2002 Free Software Foundation, Inc.
* Copyright (C) 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -29,9 +29,9 @@
#include <ctype.h>
#include <gcrypt.h>
#include <assuan.h>
#include "gpgsm.h"
#include "../assuan/assuan.h"
#include "i18n.h"
struct membuf {
@ -154,8 +154,9 @@ start_dirmngr (void)
if (fflush (NULL))
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno));
return seterr (Write_Error);
return tmperr;
}
if (!opt.dirmngr_program || !*opt.dirmngr_program)
@ -219,7 +220,7 @@ start_dirmngr (void)
if (rc)
{
log_error ("can't connect to the dirmngr: %s\n", assuan_strerror (rc));
return seterr (No_Dirmngr);
return gpg_error (GPG_ERR_NO_DIRMNGR);
}
dirmngr_ctx = ctx;
@ -284,9 +285,9 @@ inq_certificate (void *opaque, const char *line)
/* Call the directory manager to check whether the certificate is valid
Returns 0 for valid or usually one of the errors:
GNUPG_Certificate_Revoked
GNUPG_No_CRL_Known
GNUPG_CRL_Too_Old
GPG_ERR_CERTIFICATE_REVOKED
GPG_ERR NO_CRL_KNOWN
GPG_ERR_CRL_TOO_OLD
*/
int
gpgsm_dirmngr_isvalid (KsbaCert cert)
@ -304,7 +305,7 @@ gpgsm_dirmngr_isvalid (KsbaCert cert)
if (!certid)
{
log_error ("error getting the certificate ID\n");
return seterr (General_Error);
return gpg_error (GPG_ERR_GENERAL);
}
if (opt.verbose > 1)
@ -352,14 +353,14 @@ lookup_cb (void *opaque, const void *buffer, size_t length)
buf = get_membuf (&parm->data, &len);
if (!buf)
{
parm->error = GNUPG_Out_Of_Core;
parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0;
}
cert = ksba_cert_new ();
if (!cert)
{
parm->error = GNUPG_Out_Of_Core;
parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0;
}
rc = ksba_cert_init_from_mem (cert, buf, len);
@ -475,7 +476,7 @@ gpgsm_dirmngr_lookup (CTRL ctrl, STRLIST names,
pattern = pattern_from_strlist (names);
if (!pattern)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
snprintf (line, DIM(line)-1, "LOOKUP %s", pattern);
line[DIM(line)-1] = 0;
xfree (pattern);
@ -598,7 +599,7 @@ gpgsm_dirmngr_run_command (CTRL ctrl, const char *command,
len += 1 + 3*strlen (argv[i]); /* enough space for percent escaping */
line = xtrymalloc (len);
if (!line)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
p = stpcpy (line, command);
for (i=0; i < argc; i++)

89
sm/certchain.c
View File

@ -1,5 +1,5 @@
/* certchain.c - certificate chain validation
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -58,7 +58,7 @@ unknown_criticals (KsbaCert cert)
{
log_error (_("critical certificate extension %s is not supported\n"),
oid);
rc = GNUPG_Unsupported_Certificate;
rc = gpg_error (GPG_ERR_UNSUPPORTED_CERT);
}
}
if (err && err != -1)
@ -79,7 +79,7 @@ allowed_ca (KsbaCert cert, int *chainlen)
if (!flag)
{
log_error (_("issuer certificate is not marked as a CA\n"));
return GNUPG_Bad_CA_Certificate;
return gpg_error (GPG_ERR_BAD_CA_CERT);
}
return 0;
}
@ -116,7 +116,7 @@ check_cert_policy (KsbaCert cert)
if (any_critical)
{
log_error ("critical marked policy without configured policies\n");
return GNUPG_No_Policy_Match;
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
}
return 0;
}
@ -127,7 +127,7 @@ check_cert_policy (KsbaCert cert)
log_error ("failed to open `%s': %s\n",
opt.policy_file, strerror (errno));
xfree (policies);
return GNUPG_No_Policy_Match;
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
}
for (;;)
@ -141,6 +141,8 @@ check_cert_policy (KsbaCert cert)
{
if (!fgets (line, DIM(line)-1, fp) )
{
gpg_error_t tmperr;
xfree (policies);
if (feof (fp))
{
@ -152,10 +154,11 @@ check_cert_policy (KsbaCert cert)
return 0;
}
log_error (_("certificate policy not allowed\n"));
return GNUPG_No_Policy_Match;
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
}
tmperr = gpg_error (gpg_err_code_from_errno (errno));
fclose (fp);
return GNUPG_Read_Error;
return tmperr;
}
if (!*line || line[strlen(line)-1] != '\n')
@ -165,7 +168,8 @@ check_cert_policy (KsbaCert cert)
;
fclose (fp);
xfree (policies);
return *line? GNUPG_Line_Too_Long: GNUPG_Incomplete_Line;
return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
: GPG_ERR_INCOMPLETE_LINE);
}
/* Allow for empty lines and spaces */
@ -182,7 +186,7 @@ check_cert_policy (KsbaCert cert)
{
fclose (fp);
xfree (policies);
return GNUPG_Configuration_Error;
return gpg_error (GPG_ERR_CONFIGURATION_ERROR);
}
*p = 0; /* strip the rest of the line */
/* See whether we find ALLOWED (which is an OID) in POLICIES */
@ -288,7 +292,7 @@ find_up (KEYDB_HANDLE kh, KsbaCert cert, const char *issuer)
pattern = xtrymalloc (strlen (s)+2);
if (!pattern)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
strcpy (stpcpy (pattern, "/"), s);
add_to_strlist (&names, pattern);
xfree (pattern);
@ -332,7 +336,7 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
@ -341,13 +345,13 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
if (!issuer)
{
log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate;
rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
if (!subject)
{
log_error ("no subject found in certificate\n");
rc = GNUPG_Bad_Certificate;
rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
@ -364,7 +368,7 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
print an error here */
if (rc != -1 && opt.verbose > 1)
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate;
rc = gpg_error (GPG_ERR_MISSING_CERT);
goto leave;
}
@ -372,7 +376,7 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
if (rc)
{
log_error ("failed to get cert: rc=%d\n", rc);
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
}
leave:
@ -431,7 +435,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
@ -451,7 +455,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (!issuer)
{
log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate;
rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
@ -463,7 +467,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (not_before == (time_t)(-1) || not_after == (time_t)(-1))
{
log_error ("certificate with invalid validity\n");
rc = GNUPG_Bad_Certificate;
rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
@ -480,7 +484,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
log_error ("certificate too young; valid from ");
gpgsm_dump_time (not_before);
log_printf ("\n");
rc = GNUPG_Certificate_Too_Young;
rc = gpg_error (GPG_ERR_CERT_TOO_YOUNG);
goto leave;
}
if (not_after && current_time > not_after)
@ -499,7 +503,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (!opt.no_policy_check)
{
rc = check_cert_policy (subject_cert);
if (rc == GNUPG_No_Policy_Match)
if (gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH)
{
any_no_policy_match = 1;
rc = 1;
@ -515,15 +519,15 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
{
switch (rc)
{
case GNUPG_Certificate_Revoked:
case GPG_ERR_CERT_REVOKED:
log_error (_("the certificate has been revoked\n"));
any_revoked = 1;
break;
case GNUPG_No_CRL_Known:
case GPG_ERR_NO_CRL_KNOWN:
log_error (_("no CRL found for certificate\n"));
any_no_crl = 1;
break;
case GNUPG_CRL_Too_Old:
case GPG_ERR_CRL_TOO_OLD:
log_error (_("the available CRL is too old\n"));
log_info (_("please make sure that the "
"\"dirmngr\" is properly installed\n"));
@ -531,7 +535,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
break;
default:
log_error (_("checking the CRL failed: %s\n"),
gnupg_strerror (rc));
gpg_strerror (rc));
goto leave;
}
rc = 0;
@ -543,7 +547,8 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
{
log_error ("selfsigned certificate has a BAD signatures\n");
rc = depth? GNUPG_Bad_Certificate_Chain : GNUPG_Bad_Certificate;
rc = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN
: GPG_ERR_BAD_CERT);
goto leave;
}
rc = allowed_ca (subject_cert, NULL);
@ -553,7 +558,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
rc = gpgsm_agent_istrusted (subject_cert);
if (!rc)
;
else if (rc == GNUPG_Not_Trusted)
else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
{
int rc2;
@ -590,7 +595,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (depth > maxdepth)
{
log_error (_("certificate chain too long\n"));
rc = GNUPG_Bad_Certificate_Chain;
rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave;
}
@ -607,7 +612,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate;
rc = gpg_error (GPG_ERR_MISSING_CERT);
goto leave;
}
@ -616,7 +621,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (rc)
{
log_error ("failed to get cert: rc=%d\n", rc);
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
@ -629,7 +634,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (gpgsm_check_cert_sig (issuer_cert, subject_cert) )
{
log_error ("certificate has a BAD signatures\n");
rc = GNUPG_Bad_Certificate_Chain;
rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave;
}
@ -642,7 +647,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
{
log_error (_("certificate chain longer than allowed by CA (%d)\n"),
chainlen);
rc = GNUPG_Bad_Certificate_Chain;
rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave;
}
}
@ -672,15 +677,15 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
{ /* If we encountered an error somewhere during the checks, set
the error code to the most critical one */
if (any_revoked)
rc = GNUPG_Certificate_Revoked;
rc = gpg_error (GPG_ERR_CERT_REVOKED);
else if (any_no_crl)
rc = GNUPG_No_CRL_Known;
rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else if (any_crl_too_old)
rc = GNUPG_CRL_Too_Old;
rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
else if (any_no_policy_match)
rc = GNUPG_No_Policy_Match;
rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
else if (any_expired)
rc = GNUPG_Certificate_Expired;
rc = gpg_error (GPG_ERR_CERT_EXPIRED);
}
leave:
@ -717,7 +722,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
@ -726,7 +731,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (!issuer)
{
log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate;
rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
@ -735,7 +740,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (gpgsm_check_cert_sig (cert, cert) )
{
log_error ("selfsigned certificate has a BAD signatures\n");
rc = GNUPG_Bad_Certificate;
rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
}
@ -754,7 +759,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate;
rc = gpg_error (GPG_ERR_MISSING_CERT);
goto leave;
}
@ -763,14 +768,14 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (rc)
{
log_error ("failed to get cert: rc=%d\n", rc);
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
if (gpgsm_check_cert_sig (issuer_cert, cert) )
{
log_error ("certificate has a BAD signatures\n");
rc = GNUPG_Bad_Certificate;
rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave;
}
if (opt.verbose)

22
sm/certcheck.c
View File

@ -1,5 +1,5 @@
/* certcheck.c - check one certificate
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -50,7 +50,7 @@ do_encode_md (GCRY_MD_HD md, int algo, unsigned int nbits,
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
{
log_error ("No object identifier for algo %d\n", algo);
return GNUPG_Internal_Error;
return gpg_error (GPG_ERR_INTERNAL);
}
len = gcry_md_get_algo_dlen (algo);
@ -59,7 +59,7 @@ do_encode_md (GCRY_MD_HD md, int algo, unsigned int nbits,
{
log_error ("can't encode a %d bit MD into a %d bits frame\n",
(int)(len*8), (int)nbits);
return GNUPG_Internal_Error;
return gpg_error (GPG_ERR_INTERNAL);
}
/* We encode the MD in this way:
@ -70,7 +70,7 @@ do_encode_md (GCRY_MD_HD md, int algo, unsigned int nbits,
*/
frame = xtrymalloc (nframe);
if (!frame)
return GNUPG_Out_Of_Core;
return OUT_OF_CORE (errno);
n = 0;
frame[n++] = 0;
frame[n++] = 1; /* block type */
@ -115,13 +115,13 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
if (!algo)
{
log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
return GNUPG_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
md = gcry_md_open (algo, 0);
if (!md)
{
log_error ("md_open failed: %s\n", gcry_strerror (-1));
return GNUPG_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
if (DBG_HASHING)
gcry_md_start_debug (md, "hash.cert");
@ -142,7 +142,7 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
log_error ("libksba did not return a proper S-Exp\n");
gcry_md_close (md);
ksba_free (p);
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
}
if (DBG_X509)
{
@ -170,7 +170,7 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
gcry_md_close (md);
ksba_free (p);
gcry_sexp_release (s_sig);
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
}
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
ksba_free (p);
@ -223,7 +223,7 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
if (!n)
{
log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
}
rc = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
if (rc)
@ -239,7 +239,7 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
log_error ("libksba did not return a proper S-Exp\n");
ksba_free (p);
gcry_sexp_release (s_sig);
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
}
if (DBG_X509)
log_printhex ("public key: ", p, n);
@ -287,7 +287,7 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
grip = gpgsm_get_keygrip_hexstring (cert);
if (!grip)
return seterr (Bad_Certificate);
return gpg_error (GPG_ERR_BAD_CERT);
rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), mdalgo,

32
sm/certlist.c
View File

@ -1,5 +1,5 @@
/* certlist.c - build list of certificates
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -65,7 +65,7 @@ cert_usage_p (KsbaCert cert, int mode)
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
return 0;
log_info ( _("certificate should have not been used certification\n"));
return GNUPG_Wrong_Key_Usage;
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
if ((use & ((mode&1)?
@ -77,7 +77,7 @@ cert_usage_p (KsbaCert cert, int mode)
mode==2? _("certificate should have not been used for signing\n"):
mode==1? _("certificate is not usable for encryption\n"):
_("certificate is not usable for signing\n"));
return GNUPG_Wrong_Key_Usage;
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
@ -150,7 +150,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{
kh = keydb_new (0);
if (!kh)
rc = GNUPG_Out_Of_Core;
rc = gpg_error (GPG_ERR_ENOMEM);
else
{
int wrong_usage = 0;
@ -165,7 +165,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{
rc = secret? gpgsm_cert_use_sign_p (cert)
: gpgsm_cert_use_encrypt_p (cert);
if (rc == GNUPG_Wrong_Key_Usage)
if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE)
{
/* There might be another certificate with the
correct usage, so we try again */
@ -209,14 +209,16 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
if (!keydb_get_cert (kh, &cert2))
{
int tmp = (same_subject_issuer (subject, issuer, cert2)
&& ((secret? gpgsm_cert_use_sign_p (cert2):
gpgsm_cert_use_encrypt_p (cert2))
== GNUPG_Wrong_Key_Usage));
&& ((gpg_err_code (
secret? gpgsm_cert_use_sign_p (cert2)
: gpgsm_cert_use_encrypt_p (cert2)
)
) == GPG_ERR_WRONG_KEY_USAGE));
ksba_cert_release (cert2);
if (tmp)
goto next_ambigious;
}
rc = GNUPG_Ambiguous_Name;
rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
}
}
xfree (subject);
@ -226,7 +228,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{
char *p;
rc = GNUPG_No_Secret_Key;
rc = gpg_error (GPG_ERR_NO_SECKEY);
p = gpgsm_get_keygrip_hexstring (cert);
if (p)
{
@ -241,7 +243,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{
CERTLIST cl = xtrycalloc (1, sizeof *cl);
if (!cl)
rc = GNUPG_Out_Of_Core;
rc = OUT_OF_CORE (errno);
else
{
cl->cert = cert; cert = NULL;
@ -254,7 +256,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
keydb_release (kh);
ksba_cert_release (cert);
return rc == -1? GNUPG_No_Public_Key: rc;
return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
}
void
@ -285,7 +287,7 @@ gpgsm_find_cert (const char *name, KsbaCert *r_cert)
{
kh = keydb_new (0);
if (!kh)
rc = GNUPG_Out_Of_Core;
rc = gpg_error (GPG_ERR_ENOMEM);
else
{
rc = keydb_search (kh, &desc, 1);
@ -299,7 +301,7 @@ gpgsm_find_cert (const char *name, KsbaCert *r_cert)
else
{
if (!rc)
rc = GNUPG_Ambiguous_Name;
rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
ksba_cert_release (*r_cert);
*r_cert = NULL;
}
@ -308,6 +310,6 @@ gpgsm_find_cert (const char *name, KsbaCert *r_cert)
}
keydb_release (kh);
return rc == -1? GNUPG_No_Public_Key: rc;
return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
}

32
sm/certreqgen.c
View File

@ -1,5 +1,5 @@
/* certreqgen.c - Generate a key and a certification request
* Copyright (C) 2002 Free Software Foundation, Inc.
* Copyright (C) 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -366,12 +366,12 @@ read_parameters (FILE *fp, KsbaWriter writer)
if (err)
{
log_error ("line %d: %s\n", outctrl.lnr, err);
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
}
else if (ferror(fp))
{
log_error ("line %d: read error: %s\n", outctrl.lnr, strerror(errno) );
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
}
else if (para)
{
@ -382,7 +382,7 @@ read_parameters (FILE *fp, KsbaWriter writer)
}
if (!rc && !any)
rc = GNUPG_No_Data;
rc = gpg_error (GPG_ERR_NO_DATA);
leave:
release_parameter_list (para);
@ -436,7 +436,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{
r = get_parameter (para, pKEYTYPE);
log_error ("line %d: invalid algorithm\n", r->lnr);
return GNUPG_Invalid_Parameter;
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* check the keylength */
@ -449,12 +449,12 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
r = get_parameter (para, pKEYTYPE);
log_error ("line %d: invalid key length %u (valid are 512 to 4096)\n",
r->lnr, nbits);
return GNUPG_Invalid_Parameter;
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* check the usage */
if (parse_parameter_usage (para, pKEYUSAGE))
return GNUPG_Invalid_Parameter;
return gpg_error (GPG_ERR_INV_PARAMETER);
/* check that there is a subject name and that this DN fits our
requirements */
@ -462,7 +462,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{
r = get_parameter (para, pKEYTYPE);
log_error ("line %d: no subject name given\n", r->lnr);
return GNUPG_Invalid_Parameter;
return gpg_error (GPG_ERR_INV_PARAMETER);
}
/* fixme check s */
@ -477,7 +477,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{
r = get_parameter (para, pKEYTYPE);
log_error ("line %d: not a valid email address\n", r->lnr);
return GNUPG_Invalid_Parameter;
return gpg_error (GPG_ERR_INV_PARAMETER);
}
}
@ -515,7 +515,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
cr = ksba_certreq_new ();
if (!cr)
return seterr (Out_Of_Core);
return gpg_error (GPG_ERR_ENOMEM);
md = gcry_md_open (GCRY_MD_SHA1, 0);
if (!md)
@ -542,11 +542,12 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
s = get_parameter_value (para, pNAMEEMAIL);
if (s)
{
char *buf = xtrymalloc (strlen (s) + 3);
char *buf;
buf = xtrymalloc (strlen (s) + 3);
if (!buf)
{
rc = GNUPG_Out_Of_Core;
rc = OUT_OF_CORE (errno);
goto leave;
}
*buf = '<';
@ -594,7 +595,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
if (!n)
{
log_error ("libksba did not return a proper S-Exp\n");
err = GNUPG_Bug;
err = gpg_error (GPG_ERR_BUG);
goto leave;
}
rc = gcry_sexp_sscan (&s_pkey, NULL, public, n);
@ -606,7 +607,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
}
if ( !gcry_pk_get_keygrip (s_pkey, grip) )
{
rc = seterr (General_Error);
rc = gpg_error (GPG_ERR_GENERAL);
log_error ("can't figure out the keygrip\n");
gcry_sexp_release (s_pkey);
goto leave;
@ -661,8 +662,9 @@ gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
in_fp = fdopen (dup (in_fd), "rb");
if (!in_fp)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno));
return seterr (IO_Error);
return tmperr;
}
ctrl->pem_name = "NEW CERTIFICATE REQUEST";

24
sm/decrypt.c
View File

@ -1,5 +1,5 @@
/* decrypt.c - Decrypt a message
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -82,7 +82,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
{
if (n + 7 > seskeylen )
{
rc = seterr (Invalid_Session_Key);
rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
goto leave;
}
@ -96,7 +96,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
if (seskey[n] != 2 ) /* wrong block type version */
{
rc = seterr (Invalid_Session_Key);
rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
goto leave;
}
@ -105,7 +105,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
n++; /* and the zero byte */
if (n >= seskeylen )
{
rc = seterr (Invalid_Session_Key);
rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
goto leave;
}
}
@ -261,7 +261,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
@ -269,8 +269,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
in_fp = fdopen ( dup (in_fd), "rb");
if (!in_fp)
{
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave;
}
@ -291,7 +291,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
cms = ksba_cms_new ();
if (!cms)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -327,7 +327,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
mode = gcry_cipher_mode_from_oid (algoid);
if (!algo || !mode)
{
rc = GNUPG_Unsupported_Algorithm;
rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
log_error ("unsupported algorithm `%s'\n", algoid? algoid:"?");
if (algoid && !strcmp (algoid, "1.2.840.113549.3.2"))
log_info (_("(this is the RC2 algorithm)\n"));
@ -342,7 +342,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
dfparm.mode = mode;
dfparm.blklen = gcry_cipher_get_algo_blklen (algo);
if (dfparm.blklen > sizeof (dfparm.helpblock))
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
rc = ksba_cms_get_content_enc_iv (cms,
dfparm.iv,
@ -437,7 +437,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
}
if (!any_key)
{
rc = GNUPG_No_Secret_Key;
rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave;
}
}
@ -450,7 +450,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (!npadding || npadding > dfparm.blklen)
{
log_error ("invalid padding with value %d\n", npadding);
rc = seterr (Invalid_Data);
rc = gpg_error (GPG_ERR_INVALID_DATA);
goto leave;
}
rc = ksba_writer_write (writer,
@ -466,7 +466,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (dfparm.lastblock[i] != npadding)
{
log_error ("inconsistent padding\n");
rc = seterr (Invalid_Data);
rc = gpg_error (GPG_ERR_INVALID_DATA);
goto leave;
}
}

6
sm/delete.c
View File

@ -92,13 +92,13 @@ delete_one (CTRL ctrl, const char *username)
goto next_ambigious;
}
}
rc = GNUPG_Ambiguous_Name;
rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
}
}
if (rc)
{
if (rc == -1)
rc = GNUPG_No_Public_Key;
rc = gpg_error (GPG_ERR_NO_PUBKEY);
log_error (_("certificate `%s' not found: %s\n"),
username, gnupg_strerror (rc));
gpgsm_status2 (ctrl, STATUS_DELETE_PROBLEM, "3", NULL);
@ -147,7 +147,7 @@ gpgsm_delete (CTRL ctrl, STRLIST names)
if (!names)
{
log_error ("nothing to delete\n");
return GNUPG_No_Data;
return gpg_error (GPG_ERR_NO_DATA);
}
for (; names; names=names->next )

35
sm/encrypt.c
View File

@ -1,5 +1,5 @@
/* encrypt.c - Encrypt a message
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -72,28 +72,28 @@ init_dek (DEK dek)
if (!dek->algo || !mode)
{
log_error ("unsupported algorithm `%s'\n", dek->algoid);
return GNUPG_Unsupported_Algorithm;
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
}
dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
if (!dek->keylen || dek->keylen > sizeof (dek->key))
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
dek->ivlen = gcry_cipher_get_algo_blklen (dek->algo);
if (!dek->ivlen || dek->ivlen > sizeof (dek->iv))
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
if (dek->keylen < 100/8)
{ /* make sure we don't use weak keys */
log_error ("key length of `%s' too small\n", dek->algoid);
return GNUPG_Unsupported_Algorithm;
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
}
dek->chd = gcry_cipher_open (dek->algo, mode, GCRY_CIPHER_SECURE);
if (!dek->chd)
{
log_error ("failed to create cipher context: %s\n", gcry_strerror (-1));
return GNUPG_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
for (i=0; i < 8; i++)
@ -218,13 +218,13 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
if (!buf)
{
log_error ("no public key for recipient\n");
return GNUPG_No_Public_Key;
return gpg_error (GPG_ERR_NO_PUBKEY);
}
len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
if (!len)
{
log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug;
return gpg_error (GPG_ERR_BUG);
}
rc = gcry_sexp_sscan (&s_pkey, NULL, buf, len);
xfree (buf); buf = NULL;
@ -241,7 +241,7 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
if (!data)
{
gcry_mpi_release (data);
return GNUPG_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
if (gcry_sexp_build (&s_data, NULL, "%m", data))
BUG ();
@ -259,8 +259,9 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
buf = xtrymalloc (len);
if (!buf)
{
gpg_error_t tmperr = OUT_OF_CORE (errno);
gcry_sexp_release (s_ciph);
return GNUPG_Out_Of_Core;
return tmperr;
}
len = gcry_sexp_sprint (s_ciph, GCRYSEXP_FMT_CANON, buf, len);
assert (len);
@ -367,7 +368,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
{
log_error(_("no valid recipients given\n"));
gpgsm_status (ctrl, STATUS_NO_RECP, "0");
rc = GNUPG_No_Public_Key;
rc = gpg_error (GPG_ERR_NO_PUBKEY);
goto leave;
}
@ -375,15 +376,15 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
data_fp = fdopen ( dup (data_fd), "rb");
if (!data_fp)
{
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave;
}
@ -410,7 +411,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
cms = ksba_cms_new ();
if (!cms)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -439,7 +440,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
/* create a session key */
dek = xtrycalloc (1, sizeof *dek); /* hmmm: should we put it into secmem?*/
if (!dek)
rc = GNUPG_Out_Of_Core;
rc = OUT_OF_CORE (errno);
else
{
dek->algoid = opt.def_cipher_algoid;
@ -467,7 +468,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
encparm.buffer = xtrymalloc (encparm.bufsize);
if (!encparm.buffer)
{
rc = seterr (Out_Of_Core);
rc = OUT_OF_CORE (errno);
goto leave;
}
@ -523,7 +524,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
if (encparm.readerror)
{
log_error ("error reading input: %s\n", strerror (encparm.readerror));
rc = seterr (Read_Error);
rc = gpg_error (gpg_err_code_from_errno (encparm.readerror));
goto leave;
}

5
sm/export.c
View File

@ -1,5 +1,5 @@
/* export.c
* Copyright (C) 2002 Free Software Foundation, Inc.
* Copyright (C) 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -70,7 +70,8 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
desc = xtrycalloc (ndesc, sizeof *desc);
if (!ndesc)
{
log_error ("%s\n", gnupg_strerror (GNUPG_Out_Of_Core));
log_error ("allocating memory for export failed: %s\n",
gpg_strerror (OUT_OF_CORE (errno)));
goto leave;
}

2
sm/fingerprint.c
View File

@ -171,7 +171,7 @@ gpgsm_get_keygrip (KsbaCert cert, char *array)
gcry_sexp_release (s_pkey);
if (!array)
{
rc = seterr (General_Error);
rc = gpg_error (GPG_ERR_GENERAL);
log_error ("can't calculate keygrip\n");
return NULL;
}

45
sm/gpgsm.c
View File

@ -1,5 +1,5 @@
/* gpgsm.c - GnuPG for S/MIME
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -28,8 +28,9 @@
#include <fcntl.h>
#include <gcrypt.h>
#include <assuan.h> /* malloc hooks */
#include "gpgsm.h"
#include "../assuan/assuan.h" /* malloc hooks */
#include "../kbx/keybox.h" /* malloc hooks */
#include "i18n.h"
#include "keydb.h"
@ -1096,16 +1097,16 @@ main ( int argc, char **argv)
log_error (_("can't sign using `%s': %s\n"),
sl->d, gnupg_strerror (rc));
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
rc == -1? "1":
rc == GNUPG_No_Public_Key? "1":
rc == GNUPG_Ambiguous_Name? "2":
rc == GNUPG_Wrong_Key_Usage? "3":
rc == GNUPG_Certificate_Revoked? "4":
rc == GNUPG_Certificate_Expired? "5":
rc == GNUPG_No_CRL_Known? "6":
rc == GNUPG_CRL_Too_Old? "7":
rc == GNUPG_No_Policy_Match? "8":
rc == GNUPG_No_Secret_Key? "9":
gpg_err_code (rc) == -1? "1":
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
gpg_err_code (rc) == GPG_ERR_NO_SECKEY? "9":
"0",
sl->d, NULL);
}
@ -1118,15 +1119,15 @@ main ( int argc, char **argv)
log_error (_("can't encrypt to `%s': %s\n"),
sl->d, gnupg_strerror (rc));
gpgsm_status2 (&ctrl, STATUS_INV_RECP,
rc == -1? "1":
rc == GNUPG_No_Public_Key? "1":
rc == GNUPG_Ambiguous_Name? "2":
rc == GNUPG_Wrong_Key_Usage? "3":
rc == GNUPG_Certificate_Revoked? "4":
rc == GNUPG_Certificate_Expired? "5":
rc == GNUPG_No_CRL_Known? "6":
rc == GNUPG_CRL_Too_Old? "7":
rc == GNUPG_No_Policy_Match? "8":
gpg_err_code (rc) == -1? "1":
gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
"0",
sl->d, NULL);
}
@ -1306,7 +1307,7 @@ main ( int argc, char **argv)
if (rc)
;
else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
rc = GNUPG_Bug;
rc = gpg_error (GPG_ERR_BUG);
else
rc = gpgsm_agent_passwd (grip);
if (rc)

10
sm/gpgsm.h
View File

@ -1,5 +1,5 @@
/* gpgsm.h - Global definitions for GpgSM
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -21,10 +21,18 @@
#ifndef GPGSM_H
#define GPGSM_H
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGSM
#include <gpg-error.h>
#include <ksba.h>
#include "../common/util.h"
#include "../common/errors.h"
#define OUT_OF_CORE(a) (gpg_error (gpg_err_code_from_errno ((a))))
#define MAX_DIGEST_LEN 24
/* A large struct name "opt" to keep global flags */

14
sm/import.c
View File

@ -1,5 +1,5 @@
/* import.c - Import certificates
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -181,8 +181,8 @@ check_and_store (CTRL ctrl, struct stats_s *stats, KsbaCert cert, int depth)
log_error (_("basic certificate checks failed - not imported\n"));
stats->not_imported++;
print_import_problem (ctrl, cert,
rc == GNUPG_Missing_Certificate? 2 :
rc == GNUPG_Bad_Certificate? 1 : 0);
gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
}
}
@ -203,8 +203,8 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
fp = fdopen ( dup (in_fd), "rb");
if (!fp)
{
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave;
}
@ -224,7 +224,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
cms = ksba_cms_new ();
if (!cms)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -268,7 +268,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
cert = ksba_cert_new ();
if (!cert)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -284,7 +284,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
else
{
log_error ("can't extract certificates from input\n");
rc = GNUPG_No_Data;
rc = gpg_error (GPG_ERR_NO_DATA);
}
leave:

50
sm/keydb.c
View File

@ -1,5 +1,5 @@
/* keydb.c - key database dispatcher
* Copyright (C) 2001 Free Software Foundation, Inc.
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -103,7 +103,7 @@ keydb_add_resource (const char *url, int force, int secret)
else if (strchr (resname, ':'))
{
log_error ("invalid key resource URL `%s'\n", url );
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
#endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
@ -150,14 +150,14 @@ keydb_add_resource (const char *url, int force, int secret)
{
case KEYDB_RESOURCE_TYPE_NONE:
log_error ("unknown type of key resource `%s'\n", url );
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
case KEYDB_RESOURCE_TYPE_KEYBOX:
fp = fopen (filename, "rb");
if (!fp && !force)
{
rc = GNUPG_File_Open_Error;
rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave;
}
@ -175,7 +175,7 @@ keydb_add_resource (const char *url, int force, int secret)
terminated, so that on the next invocation can
read the options file in on startup */
try_make_homedir (filename);
rc = GNUPG_File_Open_Error;
rc = gpg_error (GPG_ERR_FILE_OPEN_ERROR);
*last_slash_in_filename = DIRSEP_C;
goto leave;
}
@ -185,9 +185,9 @@ keydb_add_resource (const char *url, int force, int secret)
fp = fopen (filename, "w");
if (!fp)
{
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error (_("error creating keybox `%s': %s\n"),
filename, strerror(errno));
rc = GNUPG_File_Create_Error;
goto leave;
}
@ -204,7 +204,7 @@ keydb_add_resource (const char *url, int force, int secret)
if (!token)
; /* already registered - ignore it */
else if (used_resources >= MAX_KEYDB_RESOURCES)
rc = GNUPG_Resource_Limit;
rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
else
{
all_resources[used_resources].type = rt;
@ -223,7 +223,7 @@ keydb_add_resource (const char *url, int force, int secret)
break;
default:
log_error ("resource type of `%s' not supported\n", url);
rc = GNUPG_Not_Supported;
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave;
}
@ -562,7 +562,7 @@ keydb_get_cert (KEYDB_HANDLE hd, KsbaCert *r_cert)
int rc = 0;
if (!hd)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
@ -570,7 +570,7 @@ keydb_get_cert (KEYDB_HANDLE hd, KsbaCert *r_cert)
switch (hd->active[hd->found].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error; /* oops */
rc = gpg_error (GPG_ERR_GENERAL); /* oops */
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
@ -591,7 +591,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, KsbaCert cert)
char digest[20];
if (!hd)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
if (opt.dry_run)
return 0;
@ -601,7 +601,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, KsbaCert cert)
else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current;
else
return GNUPG_General_Error;
return gpg_error (GPG_ERR_GENERAL);
rc = lock_all (hd);
if (rc)
@ -612,7 +612,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, KsbaCert cert)
switch (hd->active[idx].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
@ -633,7 +633,7 @@ keydb_update_cert (KEYDB_HANDLE hd, KsbaCert cert)
char digest[20];
if (!hd)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
@ -650,7 +650,7 @@ keydb_update_cert (KEYDB_HANDLE hd, KsbaCert cert)
switch (hd->active[hd->found].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error; /* oops */
rc = gpg_error (GPG_ERR_GENERAL); /* oops */
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest);
@ -671,7 +671,7 @@ keydb_delete (KEYDB_HANDLE hd)
int rc = -1;
if (!hd)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */
@ -686,7 +686,7 @@ keydb_delete (KEYDB_HANDLE hd)
switch (hd->active[hd->found].type)
{
case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_delete (hd->active[hd->found].u.kr);
@ -710,7 +710,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
int rc;
if (!hd)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
rc = keydb_search_reset (hd); /* this does reset hd->current */
if (rc)
@ -770,7 +770,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
int i, rc = 0;
if (!hd)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
hd->current = 0;
hd->found = -1;
@ -800,7 +800,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
int rc = -1;
if (!hd)
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
{
@ -891,12 +891,12 @@ keydb_search_issuer_sn (KEYDB_HANDLE hd,
desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
s = serial;
if (*s !='(')
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
s++;
for (desc.snlen = 0; digitp (s); s++)
desc.snlen = 10*desc.snlen + atoi_1 (s);
if (*s !=':')
return GNUPG_Invalid_Value;
return gpg_error (GPG_ERR_INVALID_VALUE);
desc.sn = s+1;
desc.u.name = issuer;
rc = keydb_search (hd, &desc, 1);
@ -1209,7 +1209,7 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
desc = &dummy_desc;
if (!classify_user_id (name, desc, &dummy))
return GNUPG_Invalid_Name;
return gpg_error (GPG_ERR_INV_NAME);
return 0;
}
@ -1231,14 +1231,14 @@ keydb_store_cert (KsbaCert cert, int ephemeral, int *existed)
if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
{
log_error (_("failed to get the fingerprint\n"));
return GNUPG_General_Error;
return gpg_error (GPG_ERR_GENERAL);
}
kh = keydb_new (0);
if (!kh)
{
log_error (_("failed to allocate keyDB handle\n"));
return GNUPG_Out_Of_Core;
return gpg_error (GPG_ERR_ENOMEM);;
}
if (ephemeral)

51
sm/server.c
View File

@ -245,18 +245,21 @@ cmd_recipient (ASSUAN_CONTEXT ctx, char *line)
rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist);
if (rc)
gpgsm_status2 (ctrl, STATUS_INV_RECP,
rc == -1? "1":
rc == GNUPG_No_Public_Key? "1":
rc == GNUPG_Ambiguous_Name? "2":
rc == GNUPG_Wrong_Key_Usage? "3":
rc == GNUPG_Certificate_Revoked? "4":
rc == GNUPG_Certificate_Expired? "5":
rc == GNUPG_No_CRL_Known? "6":
rc == GNUPG_CRL_Too_Old? "7":
rc == GNUPG_No_Policy_Match? "8":
{
gpg_err_code_t r = gpg_err_code (rc);
gpgsm_status2 (ctrl, STATUS_INV_RECP,
r == -1? "1":
r == GPG_ERR_NO_PUBKEY? "1":
r == GPG_ERR_AMBIGUOUS_NAME? "2":
r == GPG_ERR_WRONG_KEY_USAGE? "3":
r == GPG_ERR_CERT_REVOKED? "4":
r == GPG_ERR_CERT_EXPIRED? "5":
r == GPG_ERR_NO_CRL_KNOWN? "6":
r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8":
"0",
line, NULL);
}
return map_to_assuan_status (rc);
}
@ -285,20 +288,22 @@ cmd_signer (ASSUAN_CONTEXT ctx, char *line)
rc = gpgsm_add_to_certlist (ctrl, line, 1, &ctrl->server_local->signerlist);
if (rc)
gpgsm_status2 (ctrl, STATUS_INV_RECP,
rc == -1? "1":
rc == GNUPG_No_Public_Key? "1":
rc == GNUPG_Ambiguous_Name? "2":
rc == GNUPG_Wrong_Key_Usage? "3":
rc == GNUPG_Certificate_Revoked? "4":
rc == GNUPG_Certificate_Expired? "5":
rc == GNUPG_No_CRL_Known? "6":
rc == GNUPG_CRL_Too_Old? "7":
rc == GNUPG_No_Policy_Match? "8":
rc == GNUPG_No_Secret_Key? "9":
{
gpg_err_code_t r = gpg_err_code (rc);
gpgsm_status2 (ctrl, STATUS_INV_RECP,
r == -1? "1":
r == GPG_ERR_NO_PUBKEY? "1":
r == GPG_ERR_AMBIGUOUS_NAME? "2":
r == GPG_ERR_WRONG_KEY_USAGE? "3":
r == GPG_ERR_CERT_REVOKED? "4":
r == GPG_ERR_CERT_EXPIRED? "5":
r == GPG_ERR_NO_CRL_KNOWN? "6":
r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8":
r == GPG_ERR_NO_SECKEY? "9":
"0",
line, NULL);
line, NULL);
}
return map_to_assuan_status (rc);
}

29
sm/sign.c
View File

@ -1,5 +1,5 @@
/* sign.c - Sign a message
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -73,8 +73,9 @@ hash_and_copy_data (int fd, GCRY_MD_HD md, KsbaWriter writer)
fp = fdopen ( dup (fd), "rb");
if (!fp)
{
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
return GNUPG_File_Open_Error;
return tmperr;
}
do
@ -95,8 +96,8 @@ hash_and_copy_data (int fd, GCRY_MD_HD md, KsbaWriter writer)
while (nread && !rc);
if (ferror (fp))
{
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("read error on fd %d: %s\n", fd, strerror (errno));
rc = GNUPG_Read_Error;
}
fclose (fp);
if (!any)
@ -106,7 +107,7 @@ hash_and_copy_data (int fd, GCRY_MD_HD md, KsbaWriter writer)
already written the tag for data and now expects an octet
string but an octet string of zeize 0 is illegal. */
log_error ("cannot sign an empty message\n");
rc = GNUPG_No_Data;
rc = gpg_error (GPG_ERR_NO_DATA);
}
if (!rc)
{
@ -134,7 +135,7 @@ gpgsm_get_default_cert (KsbaCert *r_cert)
hd = keydb_new (0);
if (!hd)
return GNUPG_General_Error;
return gpg_error (GPG_ERR_GENERAL);
rc = keydb_search_first (hd);
if (rc)
{
@ -313,7 +314,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
@ -328,7 +329,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
cms = ksba_cms_new ();
if (!cms)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -360,13 +361,13 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (!cert)
{
log_error ("no default signer found\n");
rc = seterr (General_Error);
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
signerlist = xtrycalloc (1, sizeof *signerlist);
if (!signerlist)
{
rc = GNUPG_Out_Of_Core;
rc = OUT_OF_CORE (errno);
ksba_cert_release (cert);
goto leave;
}
@ -424,7 +425,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (!algo)
{
log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
rc = GNUPG_Bug;
rc = gpg_error (GPG_ERR_BUG);
goto leave;
}
gcry_md_enable (data_md, algo);
@ -446,7 +447,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if ( !digest || !digest_len)
{
log_error ("problem getting the hash of the data\n");
rc = GNUPG_Bug;
rc = gpg_error (GPG_ERR_BUG);
goto leave;
}
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
@ -505,7 +506,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if ( !digest || !digest_len)
{
log_error ("problem getting the hash of the data\n");
rc = GNUPG_Bug;
rc = gpg_error (GPG_ERR_BUG);
goto leave;
}
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
@ -574,7 +575,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
fpr = gpgsm_get_fingerprint_hexstring (cl->cert, GCRY_MD_SHA1);
if (!fpr)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
gcry_md_close (md);
goto leave;
}
@ -587,7 +588,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
xfree (fpr);
if (rc < 0)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
gcry_md_close (md);
goto leave;
}

22
sm/verify.c
View File

@ -1,5 +1,5 @@
/* verify.c - Verify a messages signature
* Copyright (C) 2001, 2002 Free Software Foundation, Inc.
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -114,7 +114,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (!kh)
{
log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error;
rc = gpg_error (GPG_ERR_GENERAL);
goto leave;
}
@ -122,8 +122,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
fp = fdopen ( dup (in_fd), "rb");
if (!fp)
{
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave;
}
@ -147,7 +147,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
cms = ksba_cms_new ();
if (!cms)
{
rc = seterr (Out_Of_Core);
rc = gpg_error (GPG_ERR_ENOMEM);
goto leave;
}
@ -233,7 +233,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (data_fd != -1 && !is_detached)
{
log_error ("data given for a non-detached signature\n");
rc = GNUPG_Conflict;
rc = gpg_error (GPG_ERR_CONFLICT);
goto leave;
}
@ -360,7 +360,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (rc == -1)
{
log_error ("certificate not found\n");
rc = GNUPG_No_Public_Key;
rc = gpg_error (GPG_ERR_NO_PUBKEY);
}
else
log_error ("failed to find the certificate: %s\n",
@ -457,7 +457,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (DBG_X509)
log_debug ("signature okay - checking certs\n");
rc = gpgsm_validate_chain (ctrl, cert, &keyexptime);
if (rc == GNUPG_Certificate_Expired)
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
{
gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);
rc = 0;
@ -482,10 +482,10 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (rc) /* of validate_chain */
{
log_error ("invalid certification chain: %s\n", gnupg_strerror (rc));
if (rc == GNUPG_Bad_Certificate_Chain
|| rc == GNUPG_Bad_Certificate
|| rc == GNUPG_Bad_CA_Certificate
|| rc == GNUPG_Certificate_Revoked)
if (gpg_err_code (rc) == GPG_ERR_BAD_CERT_CHAIN
|| gpg_err_code (rc) == GPG_ERR_BAD_CERT
|| gpg_err_code (rc) == GPG_ERR_BAD_CA_CERT
|| gpg_err_code (rc) == GPG_ERR_CERT_REVOKED)
gpgsm_status (ctrl, STATUS_TRUST_NEVER, gnupg_error_token (rc));
else
gpgsm_status (ctrl, STATUS_TRUST_UNDEFINED, gnupg_error_token (rc));