security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Make use of libgpg-error

This commit is contained in:
Werner Koch 2003-06-03 19:55:50 +00:00
parent 7c9855aaa2
commit c3cdaeeff7
58 changed files with 1110 additions and 684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
agent/ChangeLog
View File

@ -1,3 +1,14 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* agent.h: Include gpg-error.h and errno.h
* Makefile.am: Link with libgpg-error
* query.c: assuan.h is now a system header.
* genkey.c (agent_genkey): Fixed silly use of xmalloc by
xtrymalloc.
2003-04-29 Werner Koch <wk@gnupg.org> 2003-04-29 Werner Koch <wk@gnupg.org>
* command.c (register_commands): Adjusted for new Assuan semantics. * command.c (register_commands): Adjusted for new Assuan semantics.

6
agent/Makefile.am
View File

@ -46,7 +46,7 @@ gpg_agent_SOURCES = \
gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \ gpg_agent_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) $(LIBGCRYPT_LIBS) $(PTH_LIBS) $(LIBASSUAN_LIBS) -lgpg-error
gpg_protect_tool_SOURCES = \ gpg_protect_tool_SOURCES = \
protect-tool.c \ protect-tool.c \
@ -55,8 +55,6 @@ gpg_protect_tool_SOURCES = \
simple-pwquery.c simple-pwquery.h simple-pwquery.c simple-pwquery.h
gpg_protect_tool_LDADD = ../jnlib/libjnlib.a \ gpg_protect_tool_LDADD = ../jnlib/libjnlib.a \
../common/libcommon.a $(LIBGCRYPT_LIBS) ../common/libcommon.a $(LIBGCRYPT_LIBS) -lgpg-error

15
agent/agent.h
View File

@ -21,10 +21,25 @@
#ifndef AGENT_H #ifndef AGENT_H
#define AGENT_H #define AGENT_H
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGAGENT
#include <gpg-error.h>
#include <errno.h>
#include <gcrypt.h> #include <gcrypt.h>
#include "../common/util.h" #include "../common/util.h"
#include "../common/errors.h" #include "../common/errors.h"
/* Convenience function to be used instead of returning the old
GNUPG_Out_Of_Core. */
static __inline__ gpg_error_t
out_of_core (void)
{
return gpg_error (gpg_err_code_from_errno (errno));
}
#define MAX_DIGEST_LEN 24 #define MAX_DIGEST_LEN 24
/* A large struct name "opt" to keep global flags */ /* A large struct name "opt" to keep global flags */

26
agent/call-scd.c
View File

@ -38,7 +38,7 @@
#endif #endif
#include "agent.h" #include "agent.h"
#include "../assuan/assuan.h" #include <assuan.h>
#ifdef _POSIX_OPEN_MAX #ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@ -144,7 +144,7 @@ unlock_scd (int rc)
{ {
log_error ("failed to release the SCD lock\n"); log_error ("failed to release the SCD lock\n");
if (!rc) if (!rc)
rc = GNUPG_Internal_Error; rc = gpg_error (GPG_ERR_INTERNAL);
} }
#endif #endif
return rc; return rc;
@ -165,7 +165,7 @@ start_scd (void)
if (!pth_mutex_acquire (&scd_lock, 0, NULL)) if (!pth_mutex_acquire (&scd_lock, 0, NULL))
{ {
log_error ("failed to acquire the SCD lock\n"); log_error ("failed to acquire the SCD lock\n");
return GNUPG_Internal_Error; return gpg_error (GPG_ERR_INTERNAL);
} }
#endif #endif
@ -179,8 +179,9 @@ start_scd (void)
if (fflush (NULL)) if (fflush (NULL))
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno)); log_error ("error flushing pending output: %s\n", strerror (errno));
return unlock_scd (seterr (Write_Error)); return unlock_scd (tmperr);
} }
if (!opt.scdaemon_program || !*opt.scdaemon_program) if (!opt.scdaemon_program || !*opt.scdaemon_program)
@ -210,7 +211,7 @@ start_scd (void)
{ {
log_error ("can't connect to the SCdaemon: %s\n", log_error ("can't connect to the SCdaemon: %s\n",
assuan_strerror (rc)); assuan_strerror (rc));
return unlock_scd (seterr (No_Scdaemon)); return unlock_scd (gpg_error (GPG_ERR_NO_SCDAEMON));
} }
scd_ctx = ctx; scd_ctx = ctx;
@ -410,7 +411,7 @@ agent_card_pksign (const char *keyid,
return rc; return rc;
if (indatalen*2 + 50 > DIM(line)) if (indatalen*2 + 50 > DIM(line))
return unlock_scd (seterr (General_Error)); return unlock_scd (gpg_error (GPG_ERR_GENERAL));
sprintf (line, "SETDATA "); sprintf (line, "SETDATA ");
p = line + strlen (line); p = line + strlen (line);
@ -443,8 +444,9 @@ agent_card_pksign (const char *keyid,
*r_buf = xtrymalloc (*r_buflen); *r_buf = xtrymalloc (*r_buflen);
if (!*r_buf) if (!*r_buf)
{ {
gpg_error_t tmperr = out_of_core ();
xfree (*r_buf); xfree (*r_buf);
return unlock_scd (GNUPG_Out_Of_Core); return unlock_scd (tmperr);
} }
p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" ); p = stpcpy (*r_buf, "(7:sig-val(3:rsa(1:s" );
sprintf (p, "%u:", (unsigned int)sigbuflen); sprintf (p, "%u:", (unsigned int)sigbuflen);
@ -479,7 +481,7 @@ agent_card_pkdecrypt (const char *keyid,
/* FIXME: use secure memory where appropriate */ /* FIXME: use secure memory where appropriate */
if (indatalen*2 + 50 > DIM(line)) if (indatalen*2 + 50 > DIM(line))
return unlock_scd (seterr (General_Error)); return unlock_scd (gpg_error (GPG_ERR_GENERAL));
sprintf (line, "SETDATA "); sprintf (line, "SETDATA ");
p = line + strlen (line); p = line + strlen (line);
@ -506,7 +508,7 @@ agent_card_pkdecrypt (const char *keyid,
} }
*r_buf = get_membuf (&data, r_buflen); *r_buf = get_membuf (&data, r_buflen);
if (!*r_buf) if (!*r_buf)
return unlock_scd (GNUPG_Out_Of_Core); return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
return unlock_scd (0); return unlock_scd (0);
} }
@ -541,7 +543,7 @@ agent_card_readcert (const char *id, char **r_buf, size_t *r_buflen)
} }
*r_buf = get_membuf (&data, r_buflen); *r_buf = get_membuf (&data, r_buflen);
if (!*r_buf) if (!*r_buf)
return unlock_scd (GNUPG_Out_Of_Core); return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
return unlock_scd (0); return unlock_scd (0);
} }
@ -577,12 +579,12 @@ agent_card_readkey (const char *id, unsigned char **r_buf)
} }
*r_buf = get_membuf (&data, &buflen); *r_buf = get_membuf (&data, &buflen);
if (!*r_buf) if (!*r_buf)
return unlock_scd (GNUPG_Out_Of_Core); return unlock_scd (gpg_error (GPG_ERR_ENOMEM));
if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL)) if (!gcry_sexp_canon_len (*r_buf, buflen, NULL, NULL))
{ {
xfree (*r_buf); *r_buf = NULL; xfree (*r_buf); *r_buf = NULL;
return unlock_scd (GNUPG_Invalid_Value); return unlock_scd (gpg_error (GPG_ERR_INV_VALUE));
} }
return unlock_scd (0); return unlock_scd (0);

4
agent/command.c
View File

@ -559,11 +559,11 @@ cmd_passwd (ASSUAN_CONTEXT ctx, char *line)
s_skey = agent_key_from_file (ctrl, grip, &shadow_info, 1); s_skey = agent_key_from_file (ctrl, grip, &shadow_info, 1);
if (!s_skey && !shadow_info) if (!s_skey && !shadow_info)
rc = seterr (No_Secret_Key); rc = gpg_error (GPG_ERR_NO_SECKEY);
else if (!s_skey) else if (!s_skey)
{ {
log_error ("changing a smartcard PIN is not yet supported\n"); log_error ("changing a smartcard PIN is not yet supported\n");
rc = seterr (Not_Implemented); rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
} }
else else
rc = agent_protect_and_store (ctrl, s_skey); rc = agent_protect_and_store (ctrl, s_skey);

41
agent/divert-scd.c
View File

@ -48,14 +48,14 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
*r_kid = NULL; *r_kid = NULL;
s = shadow_info; s = shadow_info;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
want_sn = xtrymalloc (n*2+1); want_sn = xtrymalloc (n*2+1);
if (!want_sn) if (!want_sn)
return GNUPG_Out_Of_Core; return out_of_core ();
for (i=0; i < n; i++) for (i=0; i < n; i++)
sprintf (want_sn+2*i, "%02X", s[i]); sprintf (want_sn+2*i, "%02X", s[i]);
s += n; s += n;
@ -68,12 +68,13 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
want_kid = xtrymalloc (n+1); want_kid = xtrymalloc (n+1);
if (!want_kid) if (!want_kid)
{ {
gpg_error_t tmperr = out_of_core ();
xfree (want_sn); xfree (want_sn);
return GNUPG_Out_Of_Core; return tmperr;
} }
memcpy (want_kid, s, n); memcpy (want_kid, s, n);
want_kid[n] = 0; want_kid[n] = 0;
@ -94,7 +95,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
return 0; /* yes, we have the correct card */ return 0; /* yes, we have the correct card */
} }
} }
else if (rc == GNUPG_Card_Not_Present) else if (gpg_err_code (rc) == GPG_ERR_CARD_NOT_PRESENT)
{ {
log_debug ("no card present\n"); log_debug ("no card present\n");
rc = 0; rc = 0;
@ -115,7 +116,7 @@ ask_for_card (CTRL ctrl, const unsigned char *shadow_info, char **r_kid)
"insert the one with serial number", "insert the one with serial number",
want_sn_displen, want_sn) < 0) want_sn_displen, want_sn) < 0)
{ {
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
} }
else else
{ {
@ -146,12 +147,12 @@ encode_md_for_card (const unsigned char *digest, size_t digestlen, int algo,
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen)) if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
{ {
log_error ("no object identifier for algo %d\n", algo); log_error ("no object identifier for algo %d\n", algo);
return GNUPG_Internal_Error; return gpg_error (GPG_ERR_INTERNAL);
} }
frame = xtrymalloc (asnlen + digestlen); frame = xtrymalloc (asnlen + digestlen);
if (!frame) if (!frame)
return GNUPG_Out_Of_Core; return out_of_core ();
memcpy (frame, asn, asnlen); memcpy (frame, asn, asnlen);
memcpy (frame+asnlen, digest, digestlen); memcpy (frame+asnlen, digest, digestlen);
if (DBG_CRYPTO) if (DBG_CRYPTO)
@ -177,7 +178,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf)
CTRL ctrl = opaque; CTRL ctrl = opaque;
if (maxbuf < 2) if (maxbuf < 2)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
/* FIXME: keep PI and TRIES in OPAQUE. Frankly this is a whole /* FIXME: keep PI and TRIES in OPAQUE. Frankly this is a whole
@ -260,32 +261,32 @@ divert_pkdecrypt (CTRL ctrl,
s = cipher; s = cipher;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "enc-val")) if (!smatch (&s, n, "enc-val"))
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(') if (*s != '(')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "rsa")) if (!smatch (&s, n, "rsa"))
return GNUPG_Unsupported_Algorithm; return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
if (*s != '(') if (*s != '(')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "a")) if (!smatch (&s, n, "a"))
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
ciphertext = s; ciphertext = s;
ciphertextlen = n; ciphertextlen = n;

23
agent/findkey.c
View File

@ -64,7 +64,7 @@ agent_write_private_key (const unsigned char *grip,
{ {
log_error ("secret key file `%s' already exists\n", fname); log_error ("secret key file `%s' already exists\n", fname);
xfree (fname); xfree (fname);
return seterr (General_Error); return gpg_error (GPG_ERR_GENERAL);
} }
/* We would like to create FNAME but only if it does not already /* We would like to create FNAME but only if it does not already
@ -82,32 +82,39 @@ agent_write_private_key (const unsigned char *grip,
else else
{ {
fp = fdopen (fd, "wb"); fp = fdopen (fd, "wb");
if (! fp) if (!fp)
close (fd); {
int save_e = errno;
close (fd);
errno = save_e;
}
} }
} }
if (!fp) if (!fp)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("can't create `%s': %s\n", fname, strerror (errno)); log_error ("can't create `%s': %s\n", fname, strerror (errno));
xfree (fname); xfree (fname);
return seterr (File_Create_Error); return tmperr;
} }
if (fwrite (buffer, length, 1, fp) != 1) if (fwrite (buffer, length, 1, fp) != 1)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error writing `%s': %s\n", fname, strerror (errno)); log_error ("error writing `%s': %s\n", fname, strerror (errno));
fclose (fp); fclose (fp);
remove (fname); remove (fname);
xfree (fname); xfree (fname);
return seterr (File_Create_Error); return tmperr;
} }
if ( fclose (fp) ) if ( fclose (fp) )
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error closing `%s': %s\n", fname, strerror (errno)); log_error ("error closing `%s': %s\n", fname, strerror (errno));
remove (fname); remove (fname);
xfree (fname); xfree (fname);
return seterr (File_Create_Error); return tmperr;
} }
xfree (fname); xfree (fname);
@ -291,7 +298,7 @@ agent_key_from_file (CTRL ctrl,
assert (n); assert (n);
*shadow_info = xtrymalloc (n); *shadow_info = xtrymalloc (n);
if (!*shadow_info) if (!*shadow_info)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
else else
{ {
memcpy (*shadow_info, s, n); memcpy (*shadow_info, s, n);
@ -306,7 +313,7 @@ agent_key_from_file (CTRL ctrl,
break; break;
default: default:
log_error ("invalid private key format\n"); log_error ("invalid private key format\n");
rc = GNUPG_Bad_Secret_Key; rc = gpg_error (GPG_ERR_BAD_SECKEY);
break; break;
} }
if (rc) if (rc)

18
agent/genkey.c
View File

@ -40,14 +40,14 @@ store_key (GCRY_SEXP private, const char *passphrase, int force)
if ( !gcry_pk_get_keygrip (private, grip) ) if ( !gcry_pk_get_keygrip (private, grip) )
{ {
log_error ("can't calculate keygrip\n"); log_error ("can't calculate keygrip\n");
return seterr (General_Error); return gpg_error (GPG_ERR_GENERAL);
} }
len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0); len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len); assert (len);
buf = gcry_malloc_secure (len); buf = gcry_malloc_secure (len);
if (!buf) if (!buf)
return seterr (Out_Of_Core); return out_of_core ();
len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len); len = gcry_sexp_sprint (private, GCRYSEXP_FMT_CANON, buf, len);
assert (len); assert (len);
@ -101,7 +101,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
if (rc) if (rc)
{ {
log_error ("failed to convert keyparam: %s\n", gcry_strerror (rc)); log_error ("failed to convert keyparam: %s\n", gcry_strerror (rc));
return seterr (Invalid_Data); return gpg_error (GPG_ERR_INVALID_DATA);
} }
/* Get the passphrase now, cause key generation may take a while. */ /* Get the passphrase now, cause key generation may take a while. */
@ -147,7 +147,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
log_error ("key generation failed: invalid return value\n"); log_error ("key generation failed: invalid return value\n");
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
xfree (pi); xfree (pi);
return seterr (Invalid_Data); return gpg_error (GPG_ERR_INVALID_DATA);
} }
s_public = gcry_sexp_find_token (s_key, "public-key", 0); s_public = gcry_sexp_find_token (s_key, "public-key", 0);
if (!s_public) if (!s_public)
@ -156,7 +156,7 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
gcry_sexp_release (s_private); gcry_sexp_release (s_private);
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
xfree (pi); xfree (pi);
return seterr (Invalid_Data); return gpg_error (GPG_ERR_INVALID_DATA);
} }
gcry_sexp_release (s_key); s_key = NULL; gcry_sexp_release (s_key); s_key = NULL;
@ -175,22 +175,24 @@ agent_genkey (CTRL ctrl, const char *keyparam, size_t keyparamlen,
log_debug ("returning public key\n"); log_debug ("returning public key\n");
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0); len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, NULL, 0);
assert (len); assert (len);
buf = xmalloc (len); buf = xtrymalloc (len);
if (!buf) if (!buf)
{ {
gpg_error_t tmperr = out_of_core ();
gcry_sexp_release (s_private); gcry_sexp_release (s_private);
gcry_sexp_release (s_public); gcry_sexp_release (s_public);
return seterr (Out_Of_Core); return tmperr;
} }
len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len); len = gcry_sexp_sprint (s_public, GCRYSEXP_FMT_CANON, buf, len);
assert (len); assert (len);
if (fwrite (buf, len, 1, outfp) != 1) if (fwrite (buf, len, 1, outfp) != 1)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error writing public key: %s\n", strerror (errno)); log_error ("error writing public key: %s\n", strerror (errno));
gcry_sexp_release (s_private); gcry_sexp_release (s_private);
gcry_sexp_release (s_public); gcry_sexp_release (s_public);
xfree (buf); xfree (buf);
return seterr (File_Create_Error); return tmperr;
} }
gcry_sexp_release (s_public); gcry_sexp_release (s_public);
xfree (buf); xfree (buf);

14
agent/learncard.c
View File

@ -29,7 +29,7 @@
#include <sys/stat.h> #include <sys/stat.h>
#include "agent.h" #include "agent.h"
#include "../assuan/assuan.h" #include <assuan.h>
struct keypair_info_s { struct keypair_info_s {
struct keypair_info_s *next; struct keypair_info_s *next;
@ -97,7 +97,7 @@ kpinfo_cb (void *opaque, const char *line)
item = xtrycalloc (1, sizeof *item + strlen (line)); item = xtrycalloc (1, sizeof *item + strlen (line));
if (!item) if (!item)
{ {
parm->error = GNUPG_Out_Of_Core; parm->error = out_of_core ();
return; return;
} }
strcpy (item->hexgrip, line); strcpy (item->hexgrip, line);
@ -110,7 +110,7 @@ kpinfo_cb (void *opaque, const char *line)
} }
else if ((p - item->hexgrip) != 40 || !spacep (p)) else if ((p - item->hexgrip) != 40 || !spacep (p))
{ /* not a 20 byte hex keygrip or not followed by a space */ { /* not a 20 byte hex keygrip or not followed by a space */
parm->error = GNUPG_Invalid_Response; parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
xfree (item); xfree (item);
return; return;
} }
@ -122,7 +122,7 @@ kpinfo_cb (void *opaque, const char *line)
p++; p++;
if (p == item->id) if (p == item->id)
{ /* invalid ID string */ { /* invalid ID string */
parm->error = GNUPG_Invalid_Response; parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
xfree (item); xfree (item);
return; return;
} }
@ -154,7 +154,7 @@ certinfo_cb (void *opaque, const char *line)
; ;
if (p == pend || !*p) if (p == pend || !*p)
{ {
parm->error = GNUPG_Invalid_Response; parm->error = gpg_error (GPG_ERR_INVALID_RESPONSE);
return; return;
} }
*pend = 0; /* ignore trailing stuff */ *pend = 0; /* ignore trailing stuff */
@ -162,7 +162,7 @@ certinfo_cb (void *opaque, const char *line)
item = xtrycalloc (1, sizeof *item + strlen (p)); item = xtrycalloc (1, sizeof *item + strlen (p));
if (!item) if (!item)
{ {
parm->error = GNUPG_Out_Of_Core; parm->error = out_of_core ();
return; return;
} }
item->type = type; item->type = type;
@ -323,7 +323,7 @@ agent_handle_learn (void *assuan_context)
unsigned char *shadow_info = make_shadow_info (serialno, item->id); unsigned char *shadow_info = make_shadow_info (serialno, item->id);
if (!shadow_info) if (!shadow_info)
{ {
rc = GNUPG_Out_Of_Core; rc = gpg_error (GPG_ERR_ENOMEM);
xfree (pubkey); xfree (pubkey);
goto leave; goto leave;
} }

8
agent/pkdecrypt.c
View File

@ -47,7 +47,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (!ctrl->have_keygrip) if (!ctrl->have_keygrip)
{ {
log_error ("speculative decryption not yet supported\n"); log_error ("speculative decryption not yet supported\n");
rc = seterr (No_Secret_Key); rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave; goto leave;
} }
@ -55,7 +55,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (rc) if (rc)
{ {
log_error ("failed to convert ciphertext: %s\n", gcry_strerror (rc)); log_error ("failed to convert ciphertext: %s\n", gcry_strerror (rc));
rc = seterr (Invalid_Data); rc = gpg_error (GPG_ERR_INV_DATA);
goto leave; goto leave;
} }
@ -68,7 +68,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (!s_skey && !shadow_info) if (!s_skey && !shadow_info)
{ {
log_error ("failed to read the secret key\n"); log_error ("failed to read the secret key\n");
rc = seterr (No_Secret_Key); rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave; goto leave;
} }
@ -77,7 +77,7 @@ agent_pkdecrypt (CTRL ctrl, const char *ciphertext, size_t ciphertextlen,
if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL)) if (!gcry_sexp_canon_len (ciphertext, ciphertextlen, NULL, NULL))
{ {
rc = GNUPG_Invalid_Sexp; rc = gpg_error (GPG_ERR_INVALID_SEXP);
goto leave; goto leave;
} }

10
agent/pksign.c
View File

@ -45,14 +45,14 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen)) if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
{ {
log_error ("no object identifier for algo %d\n", algo); log_error ("no object identifier for algo %d\n", algo);
return GNUPG_Internal_Error; return gpg_error (GPG_ERR_INTERNAL);
} }
if (digestlen + asnlen + 4 > nframe ) if (digestlen + asnlen + 4 > nframe )
{ {
log_error ("can't encode a %d bit MD into a %d bits frame\n", log_error ("can't encode a %d bit MD into a %d bits frame\n",
(int)(digestlen*8), (int)nbits); (int)(digestlen*8), (int)nbits);
return GNUPG_Internal_Error; return gpg_error (GPG_ERR_INTERNAL);
} }
/* We encode the MD in this way: /* We encode the MD in this way:
@ -63,7 +63,7 @@ do_encode_md (const unsigned char *digest, size_t digestlen, int algo,
*/ */
frame = xtrymalloc (nframe); frame = xtrymalloc (nframe);
if (!frame) if (!frame)
return GNUPG_Out_Of_Core; return out_of_core ();
n = 0; n = 0;
frame[n++] = 0; frame[n++] = 0;
frame[n++] = 1; /* block type */ frame[n++] = 1; /* block type */
@ -96,14 +96,14 @@ agent_pksign (CTRL ctrl, FILE *outfp, int ignore_cache)
size_t len; size_t len;
if (!ctrl->have_keygrip) if (!ctrl->have_keygrip)
return seterr (No_Secret_Key); return gpg_error (GPG_ERR_NO_SECKEY);
s_skey = agent_key_from_file (ctrl, s_skey = agent_key_from_file (ctrl,
ctrl->keygrip, &shadow_info, ignore_cache); ctrl->keygrip, &shadow_info, ignore_cache);
if (!s_skey && !shadow_info) if (!s_skey && !shadow_info)
{ {
log_error ("failed to read the secret key\n"); log_error ("failed to read the secret key\n");
rc = seterr (No_Secret_Key); rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave; goto leave;
} }

172
agent/protect.c
View File

@ -68,20 +68,20 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
s = plainkey; s = plainkey;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "private-key")) if (!smatch (&s, n, "private-key"))
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(') if (*s != '(')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
hash_begin = s; hash_begin = s;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; /* skip over the algorithm name */ s += n; /* skip over the algorithm name */
while (*s == '(') while (*s == '(')
@ -89,18 +89,18 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; s += n;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; s += n;
if ( *s != ')' ) if ( *s != ')' )
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s++; s++;
} }
if (*s != ')') if (*s != ')')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s++; s++;
hash_end = s; hash_end = s;
@ -164,13 +164,13 @@ do_encryption (const char *protbegin, size_t protlen,
enclen = outlen/blklen * blklen; enclen = outlen/blklen * blklen;
outbuf = gcry_malloc_secure (outlen); outbuf = gcry_malloc_secure (outlen);
if (!outbuf) if (!outbuf)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
if (!rc) if (!rc)
{ {
/* allocate random bytes to be used as IV, padding and s2k salt*/ /* allocate random bytes to be used as IV, padding and s2k salt*/
iv = gcry_random_bytes (blklen*2+8, GCRY_WEAK_RANDOM); iv = gcry_random_bytes (blklen*2+8, GCRY_WEAK_RANDOM);
if (!iv) if (!iv)
rc = GNUPG_Out_Of_Core; rc = gpg_error (GPG_ERR_ENOMEM);
else else
rc = gcry_cipher_setiv (hd, iv, blklen); rc = gcry_cipher_setiv (hd, iv, blklen);
} }
@ -181,7 +181,7 @@ do_encryption (const char *protbegin, size_t protlen,
key = gcry_malloc_secure (keylen); key = gcry_malloc_secure (keylen);
if (!key) if (!key)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
else else
{ {
rc = hash_passphrase (passphrase, GCRY_MD_SHA1, rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@ -232,7 +232,7 @@ do_encryption (const char *protbegin, size_t protlen,
blklen, &ivpos, blklen, "", blklen, &ivpos, blklen, "",
enclen, &encpos, enclen, ""); enclen, &encpos, enclen, "");
if (p) if (p)
{ /* asprintf does not use out malloc system */ { /* asprintf does not use our malloc system */
char *psave = p; char *psave = p;
p = xtrymalloc (strlen (psave)+1); p = xtrymalloc (strlen (psave)+1);
if (p) if (p)
@ -241,9 +241,10 @@ do_encryption (const char *protbegin, size_t protlen,
} }
if (!p) if (!p)
{ {
gpg_error_t tmperr = out_of_core ();
xfree (iv); xfree (iv);
xfree (outbuf); xfree (outbuf);
return GNUPG_Out_Of_Core; return tmperr;
} }
*resultlen = strlen (p); *resultlen = strlen (p);
*result = p; *result = p;
@ -277,28 +278,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
s = plainkey; s = plainkey;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "private-key")) if (!smatch (&s, n, "private-key"))
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(') if (*s != '(')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++; depth++;
hash_begin = s; hash_begin = s;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
for (infidx=0; protect_info[infidx].algo for (infidx=0; protect_info[infidx].algo
&& !smatch (&s, n, protect_info[infidx].algo); infidx++) && !smatch (&s, n, protect_info[infidx].algo); infidx++)
; ;
if (!protect_info[infidx].algo) if (!protect_info[infidx].algo)
return GNUPG_Unsupported_Algorithm; return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
prot_begin = prot_end = NULL; prot_begin = prot_end = NULL;
for (i=0; (c=protect_info[infidx].parmlist[i]); i++) for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
@ -306,28 +307,28 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
if (i == protect_info[infidx].prot_from) if (i == protect_info[infidx].prot_from)
prot_begin = s; prot_begin = s;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (n != 1 || c != *s) if (n != 1 || c != *s)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; s += n;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s +=n; /* skip value */ s +=n; /* skip value */
if (*s != ')') if (*s != ')')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth--; depth--;
if (i == protect_info[infidx].prot_to) if (i == protect_info[infidx].prot_to)
prot_end = s; prot_end = s;
s++; s++;
} }
if (*s != ')' || !prot_begin || !prot_end ) if (*s != ')' || !prot_begin || !prot_end )
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth--; depth--;
hash_end = s; hash_end = s;
s++; s++;
@ -358,8 +359,9 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
*result = p = xtrymalloc (*resultlen); *result = p = xtrymalloc (*resultlen);
if (!p) if (!p)
{ {
gpg_error_t tmperr = out_of_core ();
xfree (protected); xfree (protected);
return GNUPG_Out_Of_Core; return tmperr;
} }
memcpy (p, "(21:protected-", 14); memcpy (p, "(21:protected-", 14);
p += 14; p += 14;
@ -391,7 +393,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER); blklen = gcry_cipher_get_algo_blklen (PROT_CIPHER);
if (protectedlen < 4 || (protectedlen%blklen)) if (protectedlen < 4 || (protectedlen%blklen))
return GNUPG_Corrupted_Protection; return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
hd = gcry_cipher_open (PROT_CIPHER, GCRY_CIPHER_MODE_CBC, hd = gcry_cipher_open (PROT_CIPHER, GCRY_CIPHER_MODE_CBC,
GCRY_CIPHER_SECURE); GCRY_CIPHER_SECURE);
@ -400,7 +402,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
outbuf = gcry_malloc_secure (protectedlen); outbuf = gcry_malloc_secure (protectedlen);
if (!outbuf) if (!outbuf)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
if (!rc) if (!rc)
rc = gcry_cipher_setiv (hd, iv, ivlen); rc = gcry_cipher_setiv (hd, iv, ivlen);
if (!rc) if (!rc)
@ -410,7 +412,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
key = gcry_malloc_secure (keylen); key = gcry_malloc_secure (keylen);
if (!key) if (!key)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
else else
{ {
rc = hash_passphrase (passphrase, GCRY_MD_SHA1, rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
@ -433,14 +435,14 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
if (*outbuf != '(' && outbuf[1] != '(') if (*outbuf != '(' && outbuf[1] != '(')
{ {
xfree (outbuf); xfree (outbuf);
return GNUPG_Bad_Passphrase; return gpg_error (GPG_ERR_BAD_PASSPHRASE);
} }
/* check that we have a consistent S-Exp */ /* check that we have a consistent S-Exp */
reallen = gcry_sexp_canon_len (outbuf, protectedlen, NULL, NULL); reallen = gcry_sexp_canon_len (outbuf, protectedlen, NULL, NULL);
if (!reallen || (reallen + blklen < protectedlen) ) if (!reallen || (reallen + blklen < protectedlen) )
{ {
xfree (outbuf); xfree (outbuf);
return GNUPG_Bad_Passphrase; return gpg_error (GPG_ERR_BAD_PASSPHRASE);
} }
*result = outbuf; *result = outbuf;
return 0; return 0;
@ -464,21 +466,21 @@ merge_lists (const unsigned char *protectedkey,
int i, rc; int i, rc;
if (replacepos < 26) if (replacepos < 26)
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
/* Estimate the required size of the resulting list. We have a large /* Estimate the required size of the resulting list. We have a large
safety margin of >20 bytes (MIC hash from CLEARTEXT and the safety margin of >20 bytes (MIC hash from CLEARTEXT and the
removed "protected-" */ removed "protected-" */
newlistlen = gcry_sexp_canon_len (protectedkey, 0, NULL, NULL); newlistlen = gcry_sexp_canon_len (protectedkey, 0, NULL, NULL);
if (!newlistlen) if (!newlistlen)
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
n = gcry_sexp_canon_len (cleartext, 0, NULL, NULL); n = gcry_sexp_canon_len (cleartext, 0, NULL, NULL);
if (!n) if (!n)
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
newlistlen += n; newlistlen += n;
newlist = gcry_malloc_secure (newlistlen); newlist = gcry_malloc_secure (newlistlen);
if (!newlist) if (!newlist)
return GNUPG_Out_Of_Core; return out_of_core ();
/* Copy the initial segment */ /* Copy the initial segment */
strcpy (newlist, "(11:private-key"); strcpy (newlist, "(11:private-key");
@ -489,7 +491,7 @@ merge_lists (const unsigned char *protectedkey,
/* copy the cleartext */ /* copy the cleartext */
s = cleartext; s = cleartext;
if (*s != '(' && s[1] != '(') if (*s != '(' && s[1] != '(')
return GNUPG_Bug; /*we already checked this */ return gpg_error (GPG_ERR_BUG); /*we already checked this */
s += 2; s += 2;
startpos = s; startpos = s;
while ( *s == '(' ) while ( *s == '(' )
@ -564,7 +566,7 @@ merge_lists (const unsigned char *protectedkey,
invalid_sexp: invalid_sexp:
xfree (newlist); xfree (newlist);
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
} }
@ -589,25 +591,25 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
s = protectedkey; s = protectedkey;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "protected-private-key")) if (!smatch (&s, n, "protected-private-key"))
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(') if (*s != '(')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
for (infidx=0; protect_info[infidx].algo for (infidx=0; protect_info[infidx].algo
&& !smatch (&s, n, protect_info[infidx].algo); infidx++) && !smatch (&s, n, protect_info[infidx].algo); infidx++)
; ;
if (!protect_info[infidx].algo) if (!protect_info[infidx].algo)
return GNUPG_Unsupported_Algorithm; return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
/* now find the list with the protected information. Here is an /* now find the list with the protected information. Here is an
example for such a list: example for such a list:
@ -618,12 +620,12 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
for (;;) for (;;)
{ {
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
prot_begin = s; prot_begin = s;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (smatch (&s, n, "protected")) if (smatch (&s, n, "protected"))
break; break;
s += n; s += n;
@ -635,47 +637,47 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
/* found */ /* found */
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc")) if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"))
return GNUPG_Unsupported_Protection; return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
if (*s != '(' || s[1] != '(') if (*s != '(' || s[1] != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += 2; s += 2;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "sha1")) if (!smatch (&s, n, "sha1"))
return GNUPG_Unsupported_Protection; return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
n = snext (&s); n = snext (&s);
if (n != 8) if (n != 8)
return GNUPG_Corrupted_Protection; return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
s2ksalt = s; s2ksalt = s;
s += n; s += n;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Corrupted_Protection; return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
/* We expect a list close as next, so we can simply use strtoul() /* We expect a list close as next, so we can simply use strtoul()
here. We might want to check that we only have digits - but this here. We might want to check that we only have digits - but this
is nothing we should worry about */ is nothing we should worry about */
if (s[n] != ')' ) if (s[n] != ')' )
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s2kcount = strtoul (s, NULL, 10); s2kcount = strtoul (s, NULL, 10);
if (!s2kcount) if (!s2kcount)
return GNUPG_Corrupted_Protection; return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
s += n; s += n;
s++; /* skip list end */ s++; /* skip list end */
n = snext (&s); n = snext (&s);
if (n != 16) /* Wrong blocksize for IV (we support ony aes-128) */ if (n != 16) /* Wrong blocksize for IV (we support ony aes-128) */
return GNUPG_Corrupted_Protection; return gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
iv = s; iv = s;
s += n; s += n;
if (*s != ')' ) if (*s != ')' )
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
rc = do_decryption (s, n, rc = do_decryption (s, n,
passphrase, s2ksalt, s2kcount, passphrase, s2ksalt, s2kcount,
@ -692,7 +694,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
rc = calculate_mic (final, sha1hash2); rc = calculate_mic (final, sha1hash2);
if (!rc && memcmp (sha1hash, sha1hash2, 20)) if (!rc && memcmp (sha1hash, sha1hash2, 20))
rc = GNUPG_Corrupted_Protection; rc = gpg_error (GPG_ERR_CORRUPTED_PROTECTION);
if (rc) if (rc)
{ {
xfree (final); xfree (final);
@ -755,9 +757,9 @@ hash_passphrase (const char *passphrase, int hashalgo,
if ( (s2kmode != 0 && s2kmode != 1 && s2kmode != 3) if ( (s2kmode != 0 && s2kmode != 1 && s2kmode != 3)
|| !hashalgo || !keylen || !key || !passphrase) || !hashalgo || !keylen || !key || !passphrase)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt) if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
md = gcry_md_open (hashalgo, GCRY_MD_FLAG_SECURE); md = gcry_md_open (hashalgo, GCRY_MD_FLAG_SECURE);
if (!md) if (!md)
@ -834,42 +836,42 @@ agent_shadow_key (const unsigned char *pubkey,
size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL); size_t shadow_info_len = gcry_sexp_canon_len (shadow_info, 0, NULL,NULL);
if (!pubkey_len || !shadow_info_len) if (!pubkey_len || !shadow_info_len)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
s = pubkey; s = pubkey;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "public-key")) if (!smatch (&s, n, "public-key"))
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(') if (*s != '(')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; /* skip over the algorithm name */ s += n; /* skip over the algorithm name */
while (*s != ')') while (*s != ')')
{ {
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; s += n;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s +=n; /* skip value */ s +=n; /* skip value */
if (*s != ')') if (*s != ')')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth--; depth--;
s++; s++;
} }
@ -883,7 +885,7 @@ agent_shadow_key (const unsigned char *pubkey,
n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1; n = 12 + pubkey_len + 1 + 3+8 + 2+5 + shadow_info_len + 1;
*result = p = xtrymalloc (n); *result = p = xtrymalloc (n);
if (!p) if (!p)
return GNUPG_Out_Of_Core; return out_of_core ();
p = stpcpy (p, "(20:shadowed-private-key"); p = stpcpy (p, "(20:shadowed-private-key");
/* (10:public-key ...)*/ /* (10:public-key ...)*/
memcpy (p, pubkey+14, point - (pubkey+14)); memcpy (p, pubkey+14, point - (pubkey+14));
@ -910,58 +912,58 @@ agent_get_shadow_info (const unsigned char *shadowkey,
s = shadowkey; s = shadowkey;
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (!smatch (&s, n, "shadowed-private-key")) if (!smatch (&s, n, "shadowed-private-key"))
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(') if (*s != '(')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; /* skip over the algorithm name */ s += n; /* skip over the algorithm name */
for (;;) for (;;)
{ {
if (*s == ')') if (*s == ')')
return GNUPG_Unknown_Sexp; return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth++; depth++;
s++; s++;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (smatch (&s, n, "shadowed")) if (smatch (&s, n, "shadowed"))
break; break;
s += n; s += n;
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s +=n; /* skip value */ s +=n; /* skip value */
if (*s != ')') if (*s != ')')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
depth--; depth--;
s++; s++;
} }
/* found the shadowed list, s points to the protocol */ /* found the shadowed list, s points to the protocol */
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
if (smatch (&s, n, "t1-v1")) if (smatch (&s, n, "t1-v1"))
{ {
if (*s != '(') if (*s != '(')
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
*shadow_info = s; *shadow_info = s;
} }
else else
return GNUPG_Unsupported_Protocol; return gpg_error (GPG_ERR_UNSUPPORTED_PROTOCOL);
return 0; return 0;
} }

37
agent/query.c
View File

@ -33,7 +33,7 @@
#include "agent.h" #include "agent.h"
#include "i18n.h" #include "i18n.h"
#include "../assuan/assuan.h" #include <assuan.h>
#ifdef _POSIX_OPEN_MAX #ifdef _POSIX_OPEN_MAX
#define MAX_OPEN_FDS _POSIX_OPEN_MAX #define MAX_OPEN_FDS _POSIX_OPEN_MAX
@ -70,7 +70,7 @@ unlock_pinentry (int rc)
{ {
log_error ("failed to release the entry lock\n"); log_error ("failed to release the entry lock\n");
if (!rc) if (!rc)
rc = GNUPG_Internal_Error; rc = gpg_error (GPG_ERR_INTERNAL);
} }
#endif #endif
entry_ctx = NULL; entry_ctx = NULL;
@ -96,7 +96,7 @@ start_pinentry (CTRL ctrl)
if (!pth_mutex_acquire (&entry_lock, 0, NULL)) if (!pth_mutex_acquire (&entry_lock, 0, NULL))
{ {
log_error ("failed to acquire the entry lock\n"); log_error ("failed to acquire the entry lock\n");
return GNUPG_Internal_Error; return gpg_error (GPG_ERR_INTERNAL);
} }
#endif #endif
@ -108,8 +108,9 @@ start_pinentry (CTRL ctrl)
if (fflush (NULL)) if (fflush (NULL))
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno)); log_error ("error flushing pending output: %s\n", strerror (errno));
return unlock_pinentry (seterr (Write_Error)); return unlock_pinentry (tmperr);
} }
if (!opt.pinentry_program || !*opt.pinentry_program) if (!opt.pinentry_program || !*opt.pinentry_program)
@ -145,7 +146,7 @@ start_pinentry (CTRL ctrl)
{ {
log_error ("can't connect to the PIN entry module: %s\n", log_error ("can't connect to the PIN entry module: %s\n",
assuan_strerror (rc)); assuan_strerror (rc));
return unlock_pinentry (seterr (No_PIN_Entry)); return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY));
} }
entry_ctx = ctx; entry_ctx = ctx;
@ -161,7 +162,7 @@ start_pinentry (CTRL ctrl)
{ {
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION ttyname=%s", ctrl->ttyname) < 0 ) if (asprintf (&optstr, "OPTION ttyname=%s", ctrl->ttyname) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core); return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL); NULL);
free (optstr); free (optstr);
@ -172,7 +173,7 @@ start_pinentry (CTRL ctrl)
{ {
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION ttytype=%s", ctrl->ttytype) < 0 ) if (asprintf (&optstr, "OPTION ttytype=%s", ctrl->ttytype) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core); return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL); NULL);
if (rc) if (rc)
@ -182,7 +183,7 @@ start_pinentry (CTRL ctrl)
{ {
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 ) if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core); return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL); NULL);
if (rc) if (rc)
@ -192,7 +193,7 @@ start_pinentry (CTRL ctrl)
{ {
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 ) if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 )
return unlock_pinentry (GNUPG_Out_Of_Core); return unlock_pinentry (out_of_core ());
rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL); NULL);
if (rc) if (rc)
@ -250,7 +251,7 @@ agent_askpin (CTRL ctrl,
return 0; /* fixme: we should return BAD PIN */ return 0; /* fixme: we should return BAD PIN */
if (!pininfo || pininfo->max_length < 1) if (!pininfo || pininfo->max_length < 1)
return seterr (Invalid_Value); return gpg_error (GPG_ERR_INV_VALUE);
if (!desc_text && pininfo->min_digits) if (!desc_text && pininfo->min_digits)
desc_text = _("Please enter your PIN, so that the secret key " desc_text = _("Please enter your PIN, so that the secret key "
"can be unlocked for this session"); "can be unlocked for this session");
@ -322,7 +323,8 @@ agent_askpin (CTRL ctrl,
rc = pininfo->check_cb (pininfo); rc = pininfo->check_cb (pininfo);
if (rc == -1 && pininfo->cb_errtext) if (rc == -1 && pininfo->cb_errtext)
errtext = pininfo->cb_errtext; errtext = pininfo->cb_errtext;
else if (rc == GNUPG_Bad_Passphrase || rc == GNUPG_Bad_PIN) else if (gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE
|| gpg_err_code (rc) == GPG_ERR_BAD_PIN)
errtext = (is_pin? _("Bad PIN") errtext = (is_pin? _("Bad PIN")
: _("Bad Passphrase")); : _("Bad Passphrase"));
else if (rc) else if (rc)
@ -333,8 +335,8 @@ agent_askpin (CTRL ctrl,
return unlock_pinentry (0); /* okay, got a PIN or passphrase */ return unlock_pinentry (0); /* okay, got a PIN or passphrase */
} }
return unlock_pinentry (pininfo->min_digits? GNUPG_Bad_PIN return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
: GNUPG_Bad_Passphrase); : GPG_ERR_BAD_PASSPHRASE));
} }
@ -356,7 +358,7 @@ agent_get_passphrase (CTRL ctrl,
*retpass = NULL; *retpass = NULL;
if (opt.batch) if (opt.batch)
return GNUPG_Bad_Passphrase; return gpg_error (GPG_ERR_BAD_PASSPHRASE);
rc = start_pinentry (ctrl); rc = start_pinentry (ctrl);
if (rc) if (rc)
@ -394,7 +396,7 @@ agent_get_passphrase (CTRL ctrl,
parm.size = ASSUAN_LINELENGTH/2 - 5; parm.size = ASSUAN_LINELENGTH/2 - 5;
parm.buffer = gcry_malloc_secure (parm.size+10); parm.buffer = gcry_malloc_secure (parm.size+10);
if (!parm.buffer) if (!parm.buffer)
return unlock_pinentry (seterr (Out_Of_Core)); return unlock_pinentry (out_of_core ());
assuan_begin_confidential (entry_ctx); assuan_begin_confidential (entry_ctx);
rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL); rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, NULL, NULL, NULL, NULL);
@ -407,8 +409,9 @@ agent_get_passphrase (CTRL ctrl,
hexstring = gcry_malloc_secure (strlen (parm.buffer)*2+1); hexstring = gcry_malloc_secure (strlen (parm.buffer)*2+1);
if (!hexstring) if (!hexstring)
{ {
gpg_error_t tmperr = out_of_core ();
xfree (parm.buffer); xfree (parm.buffer);
return unlock_pinentry (seterr (Out_Of_Core)); return unlock_pinentry (tmperr);
} }
for (i=0, p=parm.buffer; *p; p++, i += 2) for (i=0, p=parm.buffer; *p; p++, i += 2)
@ -423,7 +426,7 @@ agent_get_passphrase (CTRL ctrl,
/* Pop up the PIN-entry, display the text and the prompt and ask the /* Pop up the PIN-entry, display the text and the prompt and ask the
user to confirm this. We return 0 for success, ie. the used user to confirm this. We return 0 for success, ie. the used
confirmed it, GNUPG_Not_Confirmed for what the text says or an confirmed it, GPG_ERR_NOT_CONFIRMED for what the text says or an
other error. */ other error. */
int int
agent_get_confirmation (CTRL ctrl, agent_get_confirmation (CTRL ctrl,

4
agent/sexp-parse.h
View File

@ -68,10 +68,10 @@ sskip (unsigned char const **buf, int *depth)
else else
{ {
if (!d) if (!d)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
n = snext (&s); n = snext (&s);
if (!n) if (!n)
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
s += n; s += n;
} }
} }

28
agent/trustlist.c
View File

@ -29,8 +29,7 @@
#include <sys/stat.h> #include <sys/stat.h>
#include "agent.h" #include "agent.h"
#include "../assuan/assuan.h" /* fixme: need a way to avoid assuan #include <assuan.h> /* fixme: need a way to avoid assuan calls here */
calls here */
static const char headerblurb[] = static const char headerblurb[] =
"# This is the list of trusted keys. Comments like this one and empty\n" "# This is the list of trusted keys. Comments like this one and empty\n"
@ -60,9 +59,10 @@ open_list (int append)
trustfp = fopen (fname, "wx"); trustfp = fopen (fname, "wx");
if (!trustfp) if (!trustfp)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("can't create `%s': %s\n", fname, strerror (errno)); log_error ("can't create `%s': %s\n", fname, strerror (errno));
xfree (fname); xfree (fname);
return seterr (File_Create_Error); return tmperr;
} }
fputs (headerblurb, trustfp); fputs (headerblurb, trustfp);
fclose (trustfp); fclose (trustfp);
@ -71,9 +71,10 @@ open_list (int append)
if (!trustfp) if (!trustfp)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("can't open `%s': %s\n", fname, strerror (errno)); log_error ("can't open `%s': %s\n", fname, strerror (errno));
xfree (fname); xfree (fname);
return seterr (File_Open_Error); return tmperr;
} }
/*FIXME: check the MAC */ /*FIXME: check the MAC */
@ -109,7 +110,7 @@ read_list (char *key, int *keyflag)
{ {
if (feof (trustfp)) if (feof (trustfp))
return -1; return -1;
return GNUPG_Read_Error; return gpg_error (gpg_err_code_from_errno (errno));
} }
if (!*line || line[strlen(line)-1] != '\n') if (!*line || line[strlen(line)-1] != '\n')
@ -117,7 +118,8 @@ read_list (char *key, int *keyflag)
/* eat until end of line */ /* eat until end of line */
while ( (c=getc (trustfp)) != EOF && c != '\n') while ( (c=getc (trustfp)) != EOF && c != '\n')
; ;
return *line? GNUPG_Line_Too_Long: GNUPG_Incomplete_Line; return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
: GPG_ERR_INCOMPLETE_LINE);
} }
/* Allow for emty lines and spaces */ /* Allow for emty lines and spaces */
@ -132,7 +134,7 @@ read_list (char *key, int *keyflag)
if (i!=40 || !(spacep (p+i) || p[i] == '\n')) if (i!=40 || !(spacep (p+i) || p[i] == '\n'))
{ {
log_error ("invalid formatted fingerprint in trustlist\n"); log_error ("invalid formatted fingerprint in trustlist\n");
return GNUPG_Bad_Data; return gpg_error (GPG_ERR_BAD_DATA);
} }
assert (p[i]); assert (p[i]);
if (p[i] == '\n') if (p[i] == '\n')
@ -149,13 +151,13 @@ read_list (char *key, int *keyflag)
else else
{ {
log_error ("invalid keyflag in trustlist\n"); log_error ("invalid keyflag in trustlist\n");
return GNUPG_Bad_Data; return gpg_error (GPG_ERR_BAD_DATA);
} }
i++; i++;
if ( !(spacep (p+i) || p[i] == '\n')) if ( !(spacep (p+i) || p[i] == '\n'))
{ {
log_error ("invalid keyflag in trustlist\n"); log_error ("invalid keyflag in trustlist\n");
return GNUPG_Bad_Data; return gpg_error (GPG_ERR_BAD_DATA);
} }
} }
@ -253,7 +255,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
" \"%s\"%%0A" " \"%s\"%%0A"
"has the fingerprint:%%0A" "has the fingerprint:%%0A"
" %s", name, fpr) < 0 ) " %s", name, fpr) < 0 )
return GNUPG_Out_Of_Core; return out_of_core ();
rc = agent_get_confirmation (ctrl, desc, "Correct", "No"); rc = agent_get_confirmation (ctrl, desc, "Correct", "No");
free (desc); free (desc);
if (rc) if (rc)
@ -264,7 +266,7 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
" \"%s\"%%0A" " \"%s\"%%0A"
"to correctly certify user certificates?", "to correctly certify user certificates?",
name) < 0 ) name) < 0 )
return GNUPG_Out_Of_Core; return out_of_core ();
rc = agent_get_confirmation (ctrl, desc, "Yes", "No"); rc = agent_get_confirmation (ctrl, desc, "Yes", "No");
free (desc); free (desc);
if (rc) if (rc)
@ -294,11 +296,11 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
print_sanitized_string (trustfp, name, 0); print_sanitized_string (trustfp, name, 0);
fprintf (trustfp, "\n%s %c\n", fpr, flag); fprintf (trustfp, "\n%s %c\n", fpr, flag);
if (ferror (trustfp)) if (ferror (trustfp))
rc = GNUPG_Write_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
/* close because we are in append mode */ /* close because we are in append mode */
if (fclose (trustfp)) if (fclose (trustfp))
rc = GNUPG_File_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
trustfp = NULL; trustfp = NULL;
return rc; return rc;
} }

9
common/errors.h
View File

@ -23,7 +23,13 @@
#include "util.h" #include "util.h"
/* Error numbers */ #ifdef GPG_ERR_SOURCE_DEFAULT
# define GPG_ERR_INVALID_VALUE GPG_ERR_INV_VALUE
# define GPG_ERR_INVALID_DATA GPG_ERR_INV_DATA
# define GPG_ERR_INVALID_SEXP GPG_ERR_INV_SEXP
#else /*GPG_ERR_SOURCE_DEFAUL*/
/* Error numbers. Note, that they are onkly used for old code not yet
converted to libgpg-error. */
enum { enum {
GNUPG_EOF = -1, GNUPG_EOF = -1,
GNUPG_No_Error = 0, GNUPG_No_Error = 0,
@ -104,6 +110,7 @@ enum {
GNUPG_Unsupported_Operation = 75, GNUPG_Unsupported_Operation = 75,
GNUPG_Wrong_Key_Usage = 76, GNUPG_Wrong_Key_Usage = 76,
}; };
#endif /* !GPG_ERR_SOURCE_DEFAULT */
/* Status codes - fixme: should go into another file */ /* Status codes - fixme: should go into another file */
enum { enum {

8
kbx/ChangeLog
View File

@ -1,3 +1,11 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* keybox-defs.h: Include gpg-error.h .
(KeyboxError): Removed.
* Makefile.am: Removed keybox-error.c stuff.
2002-11-14 Werner Koch <wk@gnupg.org> 2002-11-14 Werner Koch <wk@gnupg.org>
* keybox-search.c (blob_cmp_name) <compare all names>: Fixed * keybox-search.c (blob_cmp_name) <compare all names>: Fixed

9
kbx/Makefile.am
View File

@ -1,5 +1,5 @@
# Keybox Makefile # Keybox Makefile
# Copyright (C) 2001, 2002 Free Software Foundation, Inc. # Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
# #
# This file is part of GnuPG. # This file is part of GnuPG.
# #
@ -24,7 +24,6 @@ INCLUDES = -I../intl -DLOCALEDIR=\"$(localedir)\"
EXTRA_DIST = mkerrors EXTRA_DIST = mkerrors
AM_CPPFLAGS = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS) AM_CPPFLAGS = $(KSBA_CFLAGS) $(LIBGCRYPT_CFLAGS)
BUILT_SOURCES = keybox-errors.c
noinst_LIBRARIES = libkeybox.a noinst_LIBRARIES = libkeybox.a
bin_PROGRAMS = kbxutil bin_PROGRAMS = kbxutil
@ -32,7 +31,6 @@ bin_PROGRAMS = kbxutil
common_sources = \ common_sources = \
keybox.h keybox-defs.h keybox-search-desc.h \ keybox.h keybox-defs.h keybox-search-desc.h \
keybox-util.c \ keybox-util.c \
keybox-errors.c \
keybox-init.c \ keybox-init.c \
keybox-blob.c \ keybox-blob.c \
keybox-file.c \ keybox-file.c \
@ -44,10 +42,7 @@ common_sources = \
libkeybox_a_SOURCES = $(common_sources) libkeybox_a_SOURCES = $(common_sources)
kbxutil_SOURCES = kbxutil.c $(common_sources) kbxutil_SOURCES = kbxutil.c $(common_sources)
kbxutil_LDADD = ../jnlib/libjnlib.a $(KSBA_LIBS) $(LIBGCRYPT_LIBS) kbxutil_LDADD = ../jnlib/libjnlib.a $(KSBA_LIBS) $(LIBGCRYPT_LIBS) -lgpg-error
keybox-errors.c : keybox.h mkerrors
$(srcdir)/mkerrors < $(srcdir)/keybox.h > keybox-errors.c

32
kbx/keybox-blob.c
View File

@ -1,5 +1,5 @@
/* keybox-blob.c - KBX Blob handling /* keybox-blob.c - KBX Blob handling
* Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -489,7 +489,7 @@ x509_create_blob_cert (KEYBOXBLOB blob, KsbaCert cert)
image = ksba_cert_get_image (cert, &length); image = ksba_cert_get_image (cert, &length);
if (!image) if (!image)
return KEYBOX_General_Error; return gpg_error (GPG_ERR_GENERAL);
put_membuf (a, image, length); put_membuf (a, image, length);
add_fixup (blob, 12, a->len - kbstart); add_fixup (blob, 12, a->len - kbstart);
@ -651,7 +651,7 @@ create_blob_finish (KEYBOXBLOB blob)
/* get the memory area */ /* get the memory area */
p = get_membuf (a, &n); p = get_membuf (a, &n);
if (!p) if (!p)
return KEYBOX_Out_Of_Core; return gpg_error (GPG_ERR_ENOMEM);
assert (n >= 20); assert (n >= 20);
/* fixup the length */ /* fixup the length */
@ -659,7 +659,7 @@ create_blob_finish (KEYBOXBLOB blob)
/* do the fixups */ /* do the fixups */
if (blob->fixup_out_of_core) if (blob->fixup_out_of_core)
return KEYBOX_Out_Of_Core; return gpg_error (GPG_ERR_ENOMEM);
{ {
struct fixup_list *fl; struct fixup_list *fl;
@ -678,7 +678,7 @@ create_blob_finish (KEYBOXBLOB blob)
pp = xtrymalloc (n); pp = xtrymalloc (n);
if ( !pp ) if ( !pp )
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
memcpy (pp , p, n); memcpy (pp , p, n);
blob->blob = pp; blob->blob = pp;
blob->bloblen = n; blob->bloblen = n;
@ -698,8 +698,8 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
*r_blob = NULL; *r_blob = NULL;
blob = xtrycalloc (1, sizeof *blob); blob = xtrycalloc (1, sizeof *blob);
if( !blob ) if (!blob)
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
/* fixme: Do some sanity checks on the keyblock */ /* fixme: Do some sanity checks on the keyblock */
@ -723,7 +723,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs ); blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
if (!blob->keys || !blob->uids || !blob->sigs) if (!blob->keys || !blob->uids || !blob->sigs)
{ {
rc = KEYBOX_Out_Of_Core; rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -818,7 +818,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
*r_blob = NULL; *r_blob = NULL;
blob = xtrycalloc (1, sizeof *blob); blob = xtrycalloc (1, sizeof *blob);
if( !blob ) if( !blob )
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
p = ksba_cert_get_serial (cert); p = ksba_cert_get_serial (cert);
if (p) if (p)
@ -828,7 +828,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
if (n < 2) if (n < 2)
{ {
xfree (p); xfree (p);
return KEYBOX_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
blob->serialbuf = p; blob->serialbuf = p;
p++; n--; /* skip '(' */ p++; n--; /* skip '(' */
@ -838,7 +838,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
{ {
xfree (blob->serialbuf); xfree (blob->serialbuf);
blob->serialbuf = NULL; blob->serialbuf = NULL;
return KEYBOX_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
p++; p++;
blob->serial = p; blob->serial = p;
@ -853,13 +853,13 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
names = xtrymalloc (max_names * sizeof *names); names = xtrymalloc (max_names * sizeof *names);
if (!names) if (!names)
{ {
rc = KEYBOX_Out_Of_Core; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
p = ksba_cert_get_issuer (cert, 0); p = ksba_cert_get_issuer (cert, 0);
if (!p) if (!p)
{ {
rc = KEYBOX_Missing_Value; rc = gpg_error (GPG_ERR_MISSING_VALUE);
goto leave; goto leave;
} }
names[blob->nuids++] = p; names[blob->nuids++] = p;
@ -874,7 +874,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
tmp = xtryrealloc (names, max_names * sizeof *names); tmp = xtryrealloc (names, max_names * sizeof *names);
if (!tmp) if (!tmp)
{ {
rc = KEYBOX_Out_Of_Core; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
} }
@ -891,7 +891,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs ); blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
if (!blob->keys || !blob->uids || !blob->sigs) if (!blob->keys || !blob->uids || !blob->sigs)
{ {
rc = KEYBOX_Out_Of_Core; rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -964,7 +964,7 @@ _keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen, off_t off)
*r_blob = NULL; *r_blob = NULL;
blob = xtrycalloc (1, sizeof *blob); blob = xtrycalloc (1, sizeof *blob);
if (!blob) if (!blob)
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
blob->blob = image; blob->blob = image;
blob->bloblen = imagelen; blob->bloblen = imagelen;

7
kbx/keybox-defs.h
View File

@ -24,6 +24,13 @@
#include <sys/types.h> /* off_t */ #include <sys/types.h> /* off_t */
#include "keybox.h" #include "keybox.h"
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_KEYBOX
#include <gpg-error.h>
#ifndef HAVE_BYTE_TYPEDEF #ifndef HAVE_BYTE_TYPEDEF
typedef unsigned char byte; /* fixme */ typedef unsigned char byte; /* fixme */
#endif #endif

8
kbx/keybox-dump.c
View File

@ -1,5 +1,5 @@
/* keybox-dump.c - Debug helpers /* keybox-dump.c - Debug helpers
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -322,8 +322,9 @@ _keybox_dump_file (const char *filename, FILE *outfp)
fp = fopen (filename, "rb"); fp = fopen (filename, "rb");
if (!fp) if (!fp)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
fprintf (outfp, "can't open `%s': %s\n", filename, strerror(errno)); fprintf (outfp, "can't open `%s': %s\n", filename, strerror(errno));
return KEYBOX_File_Error; return tmperr;
} }
while ( !(rc = _keybox_read_blob (&blob, fp)) ) while ( !(rc = _keybox_read_blob (&blob, fp)) )
@ -337,8 +338,7 @@ _keybox_dump_file (const char *filename, FILE *outfp)
if (rc == -1) if (rc == -1)
rc = 0; rc = 0;
if (rc) if (rc)
fprintf (outfp, "error reading `%s': %s\n", filename, fprintf (outfp, "error reading `%s': %s\n", filename, gpg_strerror (rc));
rc == KEYBOX_Read_Error? keybox_strerror(rc):strerror (errno));
if (fp != stdin) if (fp != stdin)
fclose (fp); fclose (fp);

22
kbx/keybox-file.c
View File

@ -1,5 +1,5 @@
/* keybox-file.c - file oeprations /* keybox-file.c - file oeprations
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -22,6 +22,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <errno.h>
#include "keybox-defs.h" #include "keybox-defs.h"
@ -40,7 +41,7 @@ _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
*r_blob = NULL; *r_blob = NULL;
off = ftello (fp); off = ftello (fp);
if (off == (off_t)-1) if (off == (off_t)-1)
return KEYBOX_Read_Error; return gpg_error (gpg_err_code_from_errno (errno));
if ((c1 = getc (fp)) == EOF if ((c1 = getc (fp)) == EOF
|| (c2 = getc (fp)) == EOF || (c2 = getc (fp)) == EOF
@ -50,33 +51,34 @@ _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
{ {
if ( c1 == EOF && !ferror (fp) ) if ( c1 == EOF && !ferror (fp) )
return -1; /* eof */ return -1; /* eof */
return KEYBOX_Read_Error; return gpg_error (gpg_err_code_from_errno (errno));
} }
imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4; imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4;
if (imagelen > 500000) /* sanity check */ if (imagelen > 500000) /* sanity check */
return KEYBOX_Blob_Too_Large; return gpg_error (GPG_ERR_TOO_LARGE);
if (imagelen < 5) if (imagelen < 5)
return KEYBOX_Blob_Too_Short; return gpg_error (GPG_ERR_TOO_SHORT);
if (!type) if (!type)
{ {
/* special treatment for empty blobs. */ /* special treatment for empty blobs. */
if (fseek (fp, imagelen-5, SEEK_CUR)) if (fseek (fp, imagelen-5, SEEK_CUR))
return KEYBOX_Read_Error; return gpg_error (gpg_err_code_from_errno (errno));
goto again; goto again;
} }
image = xtrymalloc (imagelen); image = xtrymalloc (imagelen);
if (!image) if (!image)
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
image[0] = c1; image[1] = c2; image[2] = c3; image[3] = c4; image[4] = type; image[0] = c1; image[1] = c2; image[2] = c3; image[3] = c4; image[4] = type;
if (fread (image+5, imagelen-5, 1, fp) != 1) if (fread (image+5, imagelen-5, 1, fp) != 1)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (image); xfree (image);
return KEYBOX_Read_Error; return tmperr;
} }
rc = r_blob? _keybox_new_blob (r_blob, image, imagelen, off) : 0; rc = r_blob? _keybox_new_blob (r_blob, image, imagelen, off) : 0;
@ -95,8 +97,6 @@ _keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
image = _keybox_get_blob_image (blob, &length); image = _keybox_get_blob_image (blob, &length);
if (fwrite (image, length, 1, fp) != 1) if (fwrite (image, length, 1, fp) != 1)
{ return gpg_error (gpg_err_code_from_errno (errno));
return KEYBOX_Write_Error;
}
return 0; return 0;
} }

2
kbx/keybox-init.c
View File

@ -120,7 +120,7 @@ int
keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes) keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
{ {
if (!hd) if (!hd)
return KEYBOX_Invalid_Handle; return gpg_error (GPG_ERR_INV_HANDLE);
hd->ephemeral = yes; hd->ephemeral = yes;
return 0; return 0;
} }

38
kbx/keybox-search.c
View File

@ -1,5 +1,5 @@
/* keybox-search.c - Search operations /* keybox-search.c - Search operations
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -23,6 +23,7 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#include <assert.h> #include <assert.h>
#include <errno.h>
#include "../jnlib/stringhelp.h" /* ascii_xxxx() */ #include "../jnlib/stringhelp.h" /* ascii_xxxx() */
#include "keybox-defs.h" #include "keybox-defs.h"
@ -481,7 +482,7 @@ int
keybox_search_reset (KEYBOX_HANDLE hd) keybox_search_reset (KEYBOX_HANDLE hd)
{ {
if (!hd) if (!hd)
return KEYBOX_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (hd->found.blob) if (hd->found.blob)
{ {
@ -512,7 +513,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
struct sn_array_s *sn_array = NULL; struct sn_array_s *sn_array = NULL;
if (!hd) if (!hd)
return KEYBOX_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
/* clear last found result */ /* clear last found result */
if (hd->found.blob) if (hd->found.blob)
@ -548,7 +549,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
{ {
sn_array = xtrycalloc (ndesc, sizeof *sn_array); sn_array = xtrycalloc (ndesc, sizeof *sn_array);
if (!sn_array) if (!sn_array)
return (hd->error = KEYBOX_Out_Of_Core); return (hd->error = gpg_error (gpg_err_code_from_errno (errno)));
} }
} }
@ -557,8 +558,9 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
hd->fp = fopen (hd->kb->fname, "rb"); hd->fp = fopen (hd->kb->fname, "rb");
if (!hd->fp) if (!hd->fp)
{ {
hd->error = gpg_error (gpg_err_code_from_errno (errno));
xfree (sn_array); xfree (sn_array);
return (hd->error = KEYBOX_File_Open_Error); return hd->error;
} }
} }
@ -588,8 +590,9 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
sn_array[n].sn = xtrymalloc (snlen); sn_array[n].sn = xtrymalloc (snlen);
if (!sn_array[n].sn) if (!sn_array[n].sn)
{ {
hd->error = gpg_error (gpg_err_code_from_errno (errno));
release_sn_array (sn_array, n); release_sn_array (sn_array, n);
return (hd->error = KEYBOX_Out_Of_Core); return hd->error;
} }
sn_array[n].snlen = snlen; sn_array[n].snlen = snlen;
sn = sn_array[n].sn; sn = sn_array[n].sn;
@ -611,8 +614,9 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
sn_array[n].sn = xtrymalloc (snlen); sn_array[n].sn = xtrymalloc (snlen);
if (!sn_array[n].sn) if (!sn_array[n].sn)
{ {
hd->error = gpg_error (gpg_err_code_from_errno (errno));
release_sn_array (sn_array, n); release_sn_array (sn_array, n);
return (hd->error = KEYBOX_Out_Of_Core); return hd->error;
} }
sn_array[n].snlen = snlen; sn_array[n].snlen = snlen;
memcpy (sn_array[n].sn, sn, snlen); memcpy (sn_array[n].sn, sn, snlen);
@ -700,7 +704,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
goto found; goto found;
break; break;
default: default:
rc = KEYBOX_Invalid_Value; rc = gpg_error (GPG_ERR_INV_VALUE);
goto found; goto found;
} }
} }
@ -759,37 +763,37 @@ keybox_get_cert (KEYBOX_HANDLE hd, KsbaCert *r_cert)
int rc; int rc;
if (!hd) if (!hd)
return KEYBOX_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (!hd->found.blob) if (!hd->found.blob)
return KEYBOX_Nothing_Found; return gpg_error (GPG_ERR_NOTHING_FOUND);
if (blob_get_type (hd->found.blob) != BLOBTYPE_X509) if (blob_get_type (hd->found.blob) != BLOBTYPE_X509)
return KEYBOX_Wrong_Blob_Type; return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
buffer = _keybox_get_blob_image (hd->found.blob, &length); buffer = _keybox_get_blob_image (hd->found.blob, &length);
if (length < 40) if (length < 40)
return KEYBOX_Blob_Too_Short; return gpg_error (GPG_ERR_TOO_SHORT);
cert_off = get32 (buffer+8); cert_off = get32 (buffer+8);
cert_len = get32 (buffer+12); cert_len = get32 (buffer+12);
if (cert_off+cert_len > length) if (cert_off+cert_len > length)
return KEYBOX_Blob_Too_Short; return gpg_error (GPG_ERR_TOO_SHORT);
reader = ksba_reader_new (); reader = ksba_reader_new ();
if (!reader) if (!reader)
return KEYBOX_Out_Of_Core; return gpg_error (GPG_ERR_ENOMEM);
rc = ksba_reader_set_mem (reader, buffer+cert_off, cert_len); rc = ksba_reader_set_mem (reader, buffer+cert_off, cert_len);
if (rc) if (rc)
{ {
ksba_reader_release (reader); ksba_reader_release (reader);
/* fixme: need to map the error codes */ /* fixme: need to map the error codes */
return KEYBOX_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
cert = ksba_cert_new (); cert = ksba_cert_new ();
if (!cert) if (!cert)
{ {
ksba_reader_release (reader); ksba_reader_release (reader);
return KEYBOX_Out_Of_Core; return gpg_error (GPG_ERR_ENOMEM);
} }
rc = ksba_cert_read_der (cert, reader); rc = ksba_cert_read_der (cert, reader);
@ -798,7 +802,7 @@ keybox_get_cert (KEYBOX_HANDLE hd, KsbaCert *r_cert)
ksba_cert_release (cert); ksba_cert_release (cert);
ksba_reader_release (reader); ksba_reader_release (reader);
/* fixme: need to map the error codes */ /* fixme: need to map the error codes */
return KEYBOX_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
*r_cert = cert; *r_cert = cert;

74
kbx/keybox-update.c
View File

@ -1,5 +1,5 @@
/* keybox-update.c - keybox update operations /* keybox-update.c - keybox update operations
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -50,15 +50,16 @@ create_tmp_file (const char *template,
{ {
bakfname = xtrymalloc (strlen (template) + 1); bakfname = xtrymalloc (strlen (template) + 1);
if (!bakfname) if (!bakfname)
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
strcpy (bakfname, template); strcpy (bakfname, template);
strcpy (bakfname+strlen(template)-4, EXTSEP_S "bak"); strcpy (bakfname+strlen(template)-4, EXTSEP_S "bak");
tmpfname = xtrymalloc (strlen (template) + 1); tmpfname = xtrymalloc (strlen (template) + 1);
if (!tmpfname) if (!tmpfname)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (bakfname); xfree (bakfname);
return KEYBOX_Out_Of_Core; return tmperr;
} }
strcpy (tmpfname,template); strcpy (tmpfname,template);
strcpy (tmpfname + strlen (template)-4, EXTSEP_S "tmp"); strcpy (tmpfname + strlen (template)-4, EXTSEP_S "tmp");
@ -67,28 +68,30 @@ create_tmp_file (const char *template,
{ /* file does not end with kbx; hmmm */ { /* file does not end with kbx; hmmm */
bakfname = xtrymalloc ( strlen (template) + 5); bakfname = xtrymalloc ( strlen (template) + 5);
if (!bakfname) if (!bakfname)
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
strcpy (stpcpy (bakfname, template), EXTSEP_S "bak"); strcpy (stpcpy (bakfname, template), EXTSEP_S "bak");
tmpfname = xtrymalloc ( strlen (template) + 5); tmpfname = xtrymalloc ( strlen (template) + 5);
if (!tmpfname) if (!tmpfname)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (bakfname); xfree (bakfname);
return KEYBOX_Out_Of_Core; return tmperr;
} }
strcpy (stpcpy (tmpfname, template), EXTSEP_S "tmp"); strcpy (stpcpy (tmpfname, template), EXTSEP_S "tmp");
} }
# else /* Posix file names */ # else /* Posix file names */
bakfname = xtrymalloc (strlen (template) + 2); bakfname = xtrymalloc (strlen (template) + 2);
if (!bakfname) if (!bakfname)
return KEYBOX_Out_Of_Core; return gpg_error (gpg_err_code_from_errno (errno));
strcpy (stpcpy (bakfname,template),"~"); strcpy (stpcpy (bakfname,template),"~");
tmpfname = xtrymalloc ( strlen (template) + 5); tmpfname = xtrymalloc ( strlen (template) + 5);
if (!tmpfname) if (!tmpfname)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (bakfname); xfree (bakfname);
return KEYBOX_Out_Of_Core; return tmperr;
} }
strcpy (stpcpy (tmpfname,template), EXTSEP_S "tmp"); strcpy (stpcpy (tmpfname,template), EXTSEP_S "tmp");
# endif /* Posix filename */ # endif /* Posix filename */
@ -96,9 +99,10 @@ create_tmp_file (const char *template,
*r_fp = fopen (tmpfname, "wb"); *r_fp = fopen (tmpfname, "wb");
if (!*r_fp) if (!*r_fp)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
xfree (tmpfname); xfree (tmpfname);
xfree (bakfname); xfree (bakfname);
return KEYBOX_File_Create_Error; return tmperr;
} }
*r_bakfname = bakfname; *r_bakfname = bakfname;
@ -139,7 +143,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
#endif #endif
if (rename (fname, bakfname) ) if (rename (fname, bakfname) )
{ {
return KEYBOX_File_Error; return gpg_error (gpg_err_code_from_errno (errno));
} }
} }
@ -149,7 +153,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
#endif #endif
if (rename (tmpfname, fname) ) if (rename (tmpfname, fname) )
{ {
rc = KEYBOX_File_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
if (secret) if (secret)
{ {
/* log_info ("WARNING: 2 files with confidential" */ /* log_info ("WARNING: 2 files with confidential" */
@ -185,7 +189,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
/* Open the source file. Because we do a rename, we have to check the /* Open the source file. Because we do a rename, we have to check the
permissions of the file */ permissions of the file */
if (access (fname, W_OK)) if (access (fname, W_OK))
return KEYBOX_Write_Error; return gpg_error (gpg_err_code_from_errno (errno));
fp = fopen (fname, "rb"); fp = fopen (fname, "rb");
if (mode == 1 && !fp && errno == ENOENT) if (mode == 1 && !fp && errno == ENOENT)
@ -193,7 +197,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
newfp = fopen (fname, "wb"); newfp = fopen (fname, "wb");
if (!newfp ) if (!newfp )
{ {
return KEYBOX_File_Create_Error; return gpg_error (gpg_err_code_from_errno (errno));
} }
rc = _keybox_write_blob (blob, newfp); rc = _keybox_write_blob (blob, newfp);
@ -203,7 +207,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
} }
if ( fclose (newfp) ) if ( fclose (newfp) )
{ {
return KEYBOX_File_Create_Error; return gpg_error (gpg_err_code_from_errno (errno));
} }
/* if (chmod( fname, S_IRUSR | S_IWUSR )) */ /* if (chmod( fname, S_IRUSR | S_IWUSR )) */
@ -216,7 +220,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
if (!fp) if (!fp)
{ {
rc = KEYBOX_File_Open_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
@ -236,13 +240,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
{ {
if (fwrite (buffer, nread, 1, newfp) != 1) if (fwrite (buffer, nread, 1, newfp) != 1)
{ {
rc = KEYBOX_Write_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
} }
if (ferror (fp)) if (ferror (fp))
{ {
rc = KEYBOX_Read_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
} }
@ -265,14 +269,14 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
if (fwrite (buffer, nread, 1, newfp) != 1) if (fwrite (buffer, nread, 1, newfp) != 1)
{ {
rc = KEYBOX_Write_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
} }
if (ferror (fp)) if (ferror (fp))
{ {
rc = KEYBOX_Read_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
/* skip this blob */ /* skip this blob */
@ -296,13 +300,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
{ {
if (fwrite (buffer, nread, 1, newfp) != 1) if (fwrite (buffer, nread, 1, newfp) != 1)
{ {
rc = KEYBOX_Write_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
} }
if (ferror (fp)) if (ferror (fp))
{ {
rc = KEYBOX_Read_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
} }
@ -310,13 +314,13 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
/* close both files */ /* close both files */
if (fclose(fp)) if (fclose(fp))
{ {
rc = KEYBOX_File_Close_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
fclose (newfp); fclose (newfp);
goto leave; goto leave;
} }
if (fclose(newfp)) if (fclose(newfp))
{ {
rc = KEYBOX_File_Close_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
@ -341,12 +345,12 @@ keybox_insert_cert (KEYBOX_HANDLE hd, KsbaCert cert,
KEYBOXBLOB blob; KEYBOXBLOB blob;
if (!hd) if (!hd)
return KEYBOX_Invalid_Handle; return gpg_error (GPG_ERR_INV_HANDLE);
if (!hd->kb) if (!hd->kb)
return KEYBOX_Invalid_Handle; return gpg_error (GPG_ERR_INV_HANDLE);
fname = hd->kb->fname; fname = hd->kb->fname;
if (!fname) if (!fname)
return KEYBOX_Invalid_Handle; return gpg_error (GPG_ERR_INV_HANDLE);
/* close this one otherwise we will mess up the position for a next /* close this one otherwise we will mess up the position for a next
search. Fixme: it would be better to adjust the position after search. Fixme: it would be better to adjust the position after
@ -390,18 +394,18 @@ keybox_delete (KEYBOX_HANDLE hd)
int rc; int rc;
if (!hd) if (!hd)
return KEYBOX_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (!hd->found.blob) if (!hd->found.blob)
return KEYBOX_Nothing_Found; return gpg_error (GPG_ERR_NOTHING_FOUND);
if (!hd->kb) if (!hd->kb)
return KEYBOX_Invalid_Handle; return gpg_error (GPG_ERR_INV_HANDLE);
fname = hd->kb->fname; fname = hd->kb->fname;
if (!fname) if (!fname)
return KEYBOX_Invalid_Handle; return gpg_error (GPG_ERR_INV_HANDLE);
off = _keybox_get_blob_fileoffset (hd->found.blob); off = _keybox_get_blob_fileoffset (hd->found.blob);
if (off == (off_t)-1) if (off == (off_t)-1)
return KEYBOX_General_Error; return gpg_error (GPG_ERR_GENERAL);
off += 4; off += 4;
if (hd->fp) if (hd->fp)
@ -412,19 +416,19 @@ keybox_delete (KEYBOX_HANDLE hd)
fp = fopen (hd->kb->fname, "r+b"); fp = fopen (hd->kb->fname, "r+b");
if (!fp) if (!fp)
return KEYBOX_File_Open_Error; return gpg_error (gpg_err_code_from_errno (errno));
if (fseeko (fp, off, SEEK_SET)) if (fseeko (fp, off, SEEK_SET))
rc = KEYBOX_Write_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
else if (putc (0, fp) == EOF) else if (putc (0, fp) == EOF)
rc = KEYBOX_Write_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
else else
rc = 0; rc = 0;
if (fclose (fp)) if (fclose (fp))
{ {
if (!rc) if (!rc)
rc = KEYBOX_File_Close_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
} }
return rc; return rc;

26
kbx/keybox.h
View File

@ -1,5 +1,5 @@
/* keybox.h - Keybox operations /* keybox.h - Keybox operations
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -43,27 +43,6 @@ extern "C" {
#endif #endif
typedef enum {
KEYBOX_No_Error = 0,
KEYBOX_General_Error = 1,
KEYBOX_Out_Of_Core = 2,
KEYBOX_Invalid_Value = 3,
KEYBOX_Timeout = 4,
KEYBOX_Read_Error = 5,
KEYBOX_Write_Error = 6,
KEYBOX_File_Error = 7,
KEYBOX_Blob_Too_Short = 8,
KEYBOX_Blob_Too_Large = 9,
KEYBOX_Invalid_Handle = 10,
KEYBOX_File_Create_Error = 11,
KEYBOX_File_Open_Error = 12,
KEYBOX_File_Close_Error = 13,
KEYBOX_Nothing_Found = 14,
KEYBOX_Wrong_Blob_Type = 15,
KEYBOX_Missing_Value = 16,
} KeyboxError;
typedef struct keybox_handle *KEYBOX_HANDLE; typedef struct keybox_handle *KEYBOX_HANDLE;
@ -115,9 +94,6 @@ void keybox_set_malloc_hooks ( void *(*new_alloc_func)(size_t n),
void *(*new_realloc_func)(void *p, size_t n), void *(*new_realloc_func)(void *p, size_t n),
void (*new_free_func)(void*) ); void (*new_free_func)(void*) );
/*-- keybox-errors.c (built) --*/
const char *keybox_strerror (KeyboxError err);
#ifdef __cplusplus #ifdef __cplusplus
} }

22
scd/ChangeLog
View File

@ -1,3 +1,25 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* scdaemon.h: Include gpg-error.h and errno.h
* card.c (map_sc_err): Use unknown for the error source.
* Makefile.am: Link with libgpg-error
2003-05-14 Werner Koch <wk@gnupg.org>
* atr.c, atr.h: New.
* sc-investigate.c: Dump the ATR in a human readable format.
2003-05-08 Werner Koch <wk@gnupg.org>
* scdaemon.h (DBG_CARD_IO_VALUE): New.
* sc-investigate.c: New.
* scdaemon.c (main): Removed --print-atr option.
* iso7816.c, iso7816.h, app-openpgp.c: New.
2003-04-29 Werner Koch <wk@gnupg.org> 2003-04-29 Werner Koch <wk@gnupg.org>
* scdaemon.c: New options --print-atr and --reader-port * scdaemon.c: New options --print-atr and --reader-port

38
scd/Makefile.am
View File

@ -1,4 +1,4 @@
# Copyright (C) 2002 Free Software Foundation, Inc. # Copyright (C) 2002, 2003 Free Software Foundation, Inc.
# #
# This file is part of GnuPG. # This file is part of GnuPG.
# #
@ -21,7 +21,7 @@
localedir = $(datadir)/locale localedir = $(datadir)/locale
INCLUDES = -I../intl -DLOCALEDIR=\"$(localedir)\" INCLUDES = -I../intl -DLOCALEDIR=\"$(localedir)\"
bin_PROGRAMS = scdaemon bin_PROGRAMS = scdaemon sc-investigate sc-genkey
AM_CPPFLAGS = -I$(top_srcdir)/common $(OPENSC_CFLAGS) $(LIBGCRYPT_CFLAGS) \ AM_CPPFLAGS = -I$(top_srcdir)/common $(OPENSC_CFLAGS) $(LIBGCRYPT_CFLAGS) \
$(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
@ -31,7 +31,37 @@ scdaemon_SOURCES = \
command.c card.c \ command.c card.c \
card-common.h \ card-common.h \
card-p15.c card-dinsig.c \ card-p15.c card-dinsig.c \
apdu.c apdu.h apdu.c apdu.h \
iso7816.c iso7816.h \
app-openpgp.c
scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \ scdaemon_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(OPENSC_LIBS) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -ldl $(OPENSC_LIBS) $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) -lgpg-error -ldl
sc_investigate_SOURCES = \
sc-investigate.c scdaemon.h \
apdu.c apdu.h \
iso7816.c iso7816.h \
app-openpgp.c \
atr.c atr.h
sc_investigate_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) -lgpg-error -ldl
sc_genkey_SOURCES = \
sc-genkey.c scdaemon.h \
apdu.c apdu.h \
iso7816.c iso7816.h \
app-openpgp.c \
atr.c atr.h
sc_genkey_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) -lgpg-error -ldl

253
scd/apdu.c
View File

@ -24,6 +24,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <dlfcn.h> #include <dlfcn.h>
#include <assert.h>
#include "scdaemon.h" #include "scdaemon.h"
#include "apdu.h" #include "apdu.h"
@ -243,6 +244,31 @@ open_ct_reader (int port)
} }
/* Actuall send the APDU of length APDULEN to SLOT and return a
maximum of *BUFLEN data in BUFFER, the actual retruned size will be
set to BUFLEN. Returns: CT API error code. */
static int
ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen)
{
int rc;
unsigned char dad[1], sad[1];
unsigned short ctbuflen;
dad[0] = 0; /* Destination address: Card. */
sad[0] = 2; /* Source address: Host. */
ctbuflen = *buflen;
if (DBG_CARD_IO)
log_printhex (" CT_data:", apdu, apdulen);
rc = CT_data (slot, dad, sad, apdulen, apdu, &ctbuflen, buffer);
*buflen = ctbuflen;
/* FIXME: map the errorcodes to GNUPG ones, so that they can be
shared between CTAPI and PCSC. */
return rc;
}
#endif /*HAVE_CTAPI*/ #endif /*HAVE_CTAPI*/
@ -292,8 +318,235 @@ apdu_open_reader (int port)
} }
unsigned char *
apdu_get_atr (int slot, size_t *atrlen)
{
char *buf;
if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used )
return NULL;
buf = xtrymalloc (reader_table[slot].atrlen);
if (!buf)
return NULL;
memcpy (buf, reader_table[slot].atr, reader_table[slot].atrlen);
*atrlen = reader_table[slot].atrlen;
return buf;
}
static const char *
error_string (int slot, int rc)
{
#ifdef HAVE_CTAPI
return ct_error_string (rc);
#elif defined(HAVE_PCSC)
return "?";
#else
return "?";
#endif
}
/* Dispatcher for the actual send_apdu fucntion. */
static int
send_apdu (int slot, unsigned char *apdu, size_t apdulen,
unsigned char *buffer, size_t *buflen)
{
#ifdef HAVE_CTAPI
return ct_send_apdu (slot, apdu, apdulen, buffer, buflen);
#elif defined(HAVE_PCSC)
return -1;
#else
return -1;
#endif
}
/* Send an APDU to the card in SLOT. The APDU is created from all
given parameters: CLASS, INS, P0, P1, LC, DATA, LE. A value of -1
for LC won't sent this field and the data field; in this case DATA
must also be passed as NULL. The return value is the status word
or -1 for an invalid SLOT or other non card related error. If
RETBUF is not NULL, it will receive an allocated buffer with the
returned data. The length of that data will be put into
*RETBUFLEN. The caller is reposnible for releasing the buffer even
in case of errors. */
int
apdu_send_le(int slot, int class, int ins, int p0, int p1,
int lc, const char *data, int le,
unsigned char **retbuf, size_t *retbuflen)
{
unsigned char result[256+10]; /* 10 extra in case of bugs in the driver. */
size_t resultlen = 256;
unsigned char apdu[5+256+1];
size_t apdulen;
int rc, sw;
if (DBG_CARD_IO)
log_debug ("send apdu: c=%02X i=%02X p0=%02X p1=%02X lc=%d le=%d\n",
class, ins, p0, p1, lc, le);
if (lc != -1 && (lc > 255 || lc < 0))
return SW_WRONG_LENGTH;
if (le != -1 && (le > 256 || le < 1))
return SW_WRONG_LENGTH;
if ((!data && lc != -1) || (data && lc == -1))
return -1;
apdulen = 0;
apdu[apdulen++] = class;
apdu[apdulen++] = ins;
apdu[apdulen++] = p0;
apdu[apdulen++] = p1;
if (lc != -1)
{
apdu[apdulen++] = lc;
memcpy (apdu+apdulen, data, lc);
apdulen += lc;
}
if (le != -1)
apdu[apdulen++] = le; /* Truncation is okay becuase 0 means 256. */
assert (sizeof (apdu) >= apdulen);
/* As safeguard don't pass any garbage from the stack to the driver. */
memset (apdu+apdulen, 0, sizeof (apdu) - apdulen);
rc = send_apdu (slot, apdu, apdulen, result, &resultlen);
if (rc || resultlen < 2)
{
log_error ("apdu_send_simple(%d) failed: %s\n",
slot, error_string (slot, rc));
return -1;
}
sw = (result[resultlen-2] << 8) | result[resultlen-1];
/* store away the returned data but strip the statusword. */
resultlen -= 2;
if (DBG_CARD_IO)
{
log_debug (" response: sw=%04X datalen=%d\n", sw, resultlen);
if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA))
log_printhex (" dump: ", result, resultlen);
}
if (sw == SW_SUCCESS)
{
if (retbuf)
{
*retbuf = xtrymalloc (resultlen? resultlen : 1);
if (!*retbuf)
return -1; /* fixme: this is actually out of core. */
*retbuflen = resultlen;
memcpy (*retbuf, result, resultlen);
}
}
else if ((sw & 0xff00) == SW_MORE_DATA)
{
unsigned char *p = NULL, *tmp;
size_t bufsize = 4096;
/* It is likely that we need to return much more data, so we
start off with a large buffer. */
if (retbuf)
{
*retbuf = p = xtrymalloc (bufsize);
if (!*retbuf)
return -1; /* fixme: this is actually out of core. */
assert (resultlen < bufsize);
memcpy (p, result, resultlen);
p += resultlen;
}
do
{
int len = (sw & 0x00ff);
log_debug ("apdu_send_simple(%d): %d more bytes available\n",
slot, len);
apdulen = 0;
apdu[apdulen++] = class;
apdu[apdulen++] = 0xC0;
apdu[apdulen++] = 0;
apdu[apdulen++] = 0;
apdu[apdulen++] = 64; /* that is 256 bytes for Le */
memset (apdu+apdulen, 0, sizeof (apdu) - apdulen);
rc = send_apdu (slot, apdu, apdulen, result, &resultlen);
if (rc || resultlen < 2)
{
log_error ("apdu_send_simple(%d) for get response failed: %s\n",
slot, error_string (slot, rc));
return -1;
}
sw = (result[resultlen-2] << 8) | result[resultlen-1];
resultlen -= 2;
if (DBG_CARD_IO)
{
log_debug (" more: sw=%04X datalen=%d\n", sw, resultlen);
if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA))
log_printhex (" dump: ", result, resultlen);
}
if ((sw & 0xff00) == SW_MORE_DATA || sw == SW_SUCCESS)
{
if (retbuf)
{
if (p - *retbuf + resultlen > bufsize)
{
bufsize += resultlen > 4096? resultlen: 4096;
tmp = xtryrealloc (*retbuf, bufsize);
if (!tmp)
return -1; /* fixme: actually this is out of core */
p = tmp + (p - *retbuf);
*retbuf = tmp;
}
memcpy (p, result, resultlen);
p += resultlen;
}
}
else
log_info ("apdu_send_simple(%d) "
"got unexpected status %04X from get response\n",
slot, sw);
}
while ((sw & 0xff00) == SW_MORE_DATA);
if (retbuf)
{
*retbuflen = p - *retbuf;
tmp = xtryrealloc (*retbuf, *retbuflen);
if (tmp)
*retbuf = tmp;
}
}
if (DBG_CARD_IO && retbuf && sw == SW_SUCCESS)
log_printhex (" dump: ", *retbuf, *retbuflen);
return sw;
}
/* Send an APDU to the card in SLOT. The APDU is created from all
given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for
LC won't sent this field and the data field; in this case DATA must
also be passed as NULL. The return value is the status word or -1
for an invalid SLOT or other non card related error. If RETBUF is
not NULL, it will receive an allocated buffer with the returned
data. The length of that data will be put into *RETBUFLEN. The
caller is reponsible for releasing the buffer even in case of
errors. */
int
apdu_send(int slot, int class, int ins, int p0, int p1,
int lc, const char *data, unsigned char **retbuf, size_t *retbuflen)
{
return apdu_send_le (slot, class, ins, p0, p1, lc, data, 256,
retbuf, retbuflen);
}
/* Send an APDU to the card in SLOT. The APDU is created from all
given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for
LC won't sent this field and the data field; in this case DATA must
also be passed as NULL. The return value is the status word or -1
for an invalid SLOT or other non card related error. No data will be
returned. */
int
apdu_send_simple (int slot, int class, int ins, int p0, int p1,
int lc, const char *data)
{
return apdu_send (slot, class, ins, p0, p1, lc, data, NULL, NULL);
}

31
scd/apdu.h
View File

@ -1,4 +1,4 @@
/* apdu.c - ISO 7816 APDU functions and low level I/O /* apdu.h - ISO 7816 APDU functions and low level I/O
* Copyright (C) 2003 Free Software Foundation, Inc. * Copyright (C) 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
@ -21,9 +21,38 @@
#ifndef APDU_H #ifndef APDU_H
#define APDU_H #define APDU_H
/* ISO 7816 values for the statusword are defined here because they
should not be visible to the users of the actual iso command
API. */
enum {
SW_MORE_DATA = 0x6100, /* Note: that the low byte must be
masked of.*/
SW_EEPROM_FAILURE = 0x6581,
SW_WRONG_LENGTH = 0x6700,
SW_CHV_WRONG = 0x6982,
SW_CHV_BLOCKED = 0x6983,
SW_USE_CONDITIONS = 0x6985,
SW_BAD_PARAMETER = 0x6a80, /* (in the data field) */
SW_REF_NOT_FOUND = 0x6a88,
SW_BAD_P0_P1 = 0x6b00,
SW_INS_NOT_SUP = 0x6d00,
SW_CLA_NOT_SUP = 0x6e00,
SW_SUCCESS = 0x9000
};
int apdu_open_reader (int port);
unsigned char *apdu_get_atr (int slot, size_t *atrlen);
int apdu_send_simple (int slot, int class, int ins, int p0, int p1,
int lc, const char *data);
int apdu_send (int slot, int class, int ins, int p0, int p1,
int lc, const char *data,
unsigned char **retbuf, size_t *retbuflen);
int apdu_send_le (int slot, int class, int ins, int p0, int p1,
int lc, const char *data, int le,
unsigned char **retbuf, size_t *retbuflen);
#endif /*APDU_H*/ #endif /*APDU_H*/

2
scd/card-common.h
View File

@ -59,7 +59,7 @@ struct card_ctx_s {
}; };
/*-- card.c --*/ /*-- card.c --*/
int map_sc_err (int rc); gpg_error_t map_sc_err (int rc);
int card_help_get_keygrip (KsbaCert cert, unsigned char *array); int card_help_get_keygrip (KsbaCert cert, unsigned char *array);
/*-- card-15.c --*/ /*-- card-15.c --*/

20
scd/card-dinsig.c
View File

@ -116,8 +116,9 @@ dinsig_enum_keypairs (CARD card, int idx,
cert = ksba_cert_new (); cert = ksba_cert_new ();
if (!cert) if (!cert)
{ {
gpg_error_t tmperr = out_of_core ();
xfree (buf); xfree (buf);
return GNUPG_Out_Of_Core; return tmperr;
} }
krc = ksba_cert_init_from_mem (cert, buf, buflen); krc = ksba_cert_init_from_mem (cert, buf, buflen);
@ -127,13 +128,13 @@ dinsig_enum_keypairs (CARD card, int idx,
log_error ("failed to parse the certificate at idx %d: %s\n", log_error ("failed to parse the certificate at idx %d: %s\n",
idx, ksba_strerror (krc)); idx, ksba_strerror (krc));
ksba_cert_release (cert); ksba_cert_release (cert);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
if (card_help_get_keygrip (cert, keygrip)) if (card_help_get_keygrip (cert, keygrip))
{ {
log_error ("failed to calculate the keygrip at index %d\n", idx); log_error ("failed to calculate the keygrip at index %d\n", idx);
ksba_cert_release (cert); ksba_cert_release (cert);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
ksba_cert_release (cert); ksba_cert_release (cert);
@ -142,7 +143,7 @@ dinsig_enum_keypairs (CARD card, int idx,
{ {
*keyid = xtrymalloc (17); *keyid = xtrymalloc (17);
if (!*keyid) if (!*keyid)
return GNUPG_Out_Of_Core; return out_of_core ();
if (!idx) if (!idx)
strcpy (*keyid, "DINSIG-DF01.C000"); strcpy (*keyid, "DINSIG-DF01.C000");
else else
@ -170,7 +171,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
else if (!strcmp (certidstr, "DINSIG-DF01.C200")) else if (!strcmp (certidstr, "DINSIG-DF01.C200"))
sc_format_path ("3F00DF01C200", &path); sc_format_path ("3F00DF01C200", &path);
else else
return GNUPG_Invalid_Id; return gpg_error (GPG_ERR_INVALID_ID);
rc = sc_select_file (card->scard, &path, &file); rc = sc_select_file (card->scard, &path, &file);
if (rc) if (rc)
@ -183,19 +184,20 @@ dinsig_read_cert (CARD card, const char *certidstr,
{ {
log_error ("wrong type or structure of certificate EF\n"); log_error ("wrong type or structure of certificate EF\n");
sc_file_free (file); sc_file_free (file);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
if (file->size < 20) /* check against a somewhat arbitrary length */ if (file->size < 20) /* check against a somewhat arbitrary length */
{ {
log_error ("certificate EF too short\n"); log_error ("certificate EF too short\n");
sc_file_free (file); sc_file_free (file);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
buf = xtrymalloc (file->size); buf = xtrymalloc (file->size);
if (!buf) if (!buf)
{ {
gpg_error_t tmperr = out_of_core ();
sc_file_free (file); sc_file_free (file);
return GNUPG_Out_Of_Core; return tmperr;
} }
rc = sc_read_binary (card->scard, 0, buf, file->size, 0); rc = sc_read_binary (card->scard, 0, buf, file->size, 0);
@ -204,7 +206,7 @@ dinsig_read_cert (CARD card, const char *certidstr,
log_error ("short read on certificate EF\n"); log_error ("short read on certificate EF\n");
sc_file_free (file); sc_file_free (file);
xfree (buf); xfree (buf);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
sc_file_free (file); sc_file_free (file);
if (rc < 0) if (rc < 0)

52
scd/card-p15.c
View File

@ -53,7 +53,7 @@ init_private_data (CARD card)
priv = xtrycalloc (1, sizeof *priv); priv = xtrycalloc (1, sizeof *priv);
if (!priv) if (!priv)
return GNUPG_Out_Of_Core; return out_of_core ();
/* OpenSC (0.7.0) is a bit strange in that the get_objects functions /* OpenSC (0.7.0) is a bit strange in that the get_objects functions
tries to be a bit too clever and implicitly does an enumeration tries to be a bit too clever and implicitly does an enumeration
@ -70,7 +70,7 @@ init_private_data (CARD card)
{ {
log_error ("private keys enumeration failed: %s\n", sc_strerror (rc)); log_error ("private keys enumeration failed: %s\n", sc_strerror (rc));
xfree (priv); xfree (priv);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
priv->n_prkey_rsa_objs = rc; priv->n_prkey_rsa_objs = rc;
@ -82,7 +82,7 @@ init_private_data (CARD card)
{ {
log_error ("private keys enumeration failed: %s\n", sc_strerror (rc)); log_error ("private keys enumeration failed: %s\n", sc_strerror (rc));
xfree (priv); xfree (priv);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
priv->n_cert_objs = rc; priv->n_cert_objs = rc;
@ -136,7 +136,7 @@ p15_enum_keypairs (CARD card, int idx,
log_info ("certificate for private key %d not found: %s\n", log_info ("certificate for private key %d not found: %s\n",
idx, sc_strerror (rc)); idx, sc_strerror (rc));
/* note, that we return the ID anyway */ /* note, that we return the ID anyway */
rc = GNUPG_Missing_Certificate; rc = gpg_error (GPG_ERR_MISSING_CERTIFICATE);
goto return_keyid; goto return_keyid;
} }
certinfo = tmpobj->data; certinfo = tmpobj->data;
@ -145,14 +145,15 @@ p15_enum_keypairs (CARD card, int idx,
{ {
log_info ("failed to read certificate for private key %d: %s\n", log_info ("failed to read certificate for private key %d: %s\n",
idx, sc_strerror (rc)); idx, sc_strerror (rc));
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
cert = ksba_cert_new (); cert = ksba_cert_new ();
if (!cert) if (!cert)
{ {
gpg_error_t tmperr = out_of_core ();
sc_pkcs15_free_certificate (certder); sc_pkcs15_free_certificate (certder);
return GNUPG_Out_Of_Core; return tmperr;
} }
krc = ksba_cert_init_from_mem (cert, certder->data, certder->data_len); krc = ksba_cert_init_from_mem (cert, certder->data, certder->data_len);
sc_pkcs15_free_certificate (certder); sc_pkcs15_free_certificate (certder);
@ -161,13 +162,13 @@ p15_enum_keypairs (CARD card, int idx,
log_error ("failed to parse the certificate for private key %d: %s\n", log_error ("failed to parse the certificate for private key %d: %s\n",
idx, ksba_strerror (krc)); idx, ksba_strerror (krc));
ksba_cert_release (cert); ksba_cert_release (cert);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
if (card_help_get_keygrip (cert, keygrip)) if (card_help_get_keygrip (cert, keygrip))
{ {
log_error ("failed to calculate the keygrip of private key %d\n", idx); log_error ("failed to calculate the keygrip of private key %d\n", idx);
ksba_cert_release (cert); ksba_cert_release (cert);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
ksba_cert_release (cert); ksba_cert_release (cert);
@ -180,7 +181,7 @@ p15_enum_keypairs (CARD card, int idx,
*keyid = p = xtrymalloc (9+pinfo->id.len*2+1); *keyid = p = xtrymalloc (9+pinfo->id.len*2+1);
if (!*keyid) if (!*keyid)
return GNUPG_Out_Of_Core; return out_of_core ();
p = stpcpy (p, "P15-5015."); p = stpcpy (p, "P15-5015.");
for (i=0; i < pinfo->id.len; i++, p += 2) for (i=0; i < pinfo->id.len; i++, p += 2)
sprintf (p, "%02X", pinfo->id.value[i]); sprintf (p, "%02X", pinfo->id.value[i]);
@ -218,7 +219,7 @@ p15_enum_certs (CARD card, int idx, char **certid, int *type)
*certid = p = xtrymalloc (9+cinfo->id.len*2+1); *certid = p = xtrymalloc (9+cinfo->id.len*2+1);
if (!*certid) if (!*certid)
return GNUPG_Out_Of_Core; return out_of_core ();
p = stpcpy (p, "P15-5015."); p = stpcpy (p, "P15-5015.");
for (i=0; i < cinfo->id.len; i++, p += 2) for (i=0; i < cinfo->id.len; i++, p += 2)
sprintf (p, "%02X", cinfo->id.value[i]); sprintf (p, "%02X", cinfo->id.value[i]);
@ -251,14 +252,14 @@ idstr_to_id (const char *idstr, struct sc_pkcs15_id *id)
/* For now we only support the standard DF */ /* For now we only support the standard DF */
if (strncmp (idstr, "P15-5015.", 9) ) if (strncmp (idstr, "P15-5015.", 9) )
return GNUPG_Invalid_Id; return gpg_error (GPG_ERR_INVALID_ID);
for (s=idstr+9, n=0; hexdigitp (s); s++, n++) for (s=idstr+9, n=0; hexdigitp (s); s++, n++)
; ;
if (*s || (n&1)) if (*s || (n&1))
return GNUPG_Invalid_Id; /* invalid or odd number of digits */ return gpg_error (GPG_ERR_INVALID_ID); /*invalid or odd number of digits*/
n /= 2; n /= 2;
if (!n || n > SC_PKCS15_MAX_ID_SIZE) if (!n || n > SC_PKCS15_MAX_ID_SIZE)
return GNUPG_Invalid_Id; /* empty or too large */ return gpg_error (GPG_ERR_INVALID_ID); /* empty or too large */
for (s=idstr+9, n=0; *s; s += 2, n++) for (s=idstr+9, n=0; *s; s += 2, n++)
id->value[n] = xtoi_2 (s); id->value[n] = xtoi_2 (s);
id->len = n; id->len = n;
@ -278,9 +279,9 @@ p15_read_cert (CARD card, const char *certidstr,
int rc; int rc;
if (!card || !certidstr || !cert || !ncert) if (!card || !certidstr || !cert || !ncert)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
if (!card->p15card) if (!card->p15card)
return GNUPG_No_PKCS15_App; return gpg_error (GPG_ERR_NO_PKCS15_APP);
rc = idstr_to_id (certidstr, &certid); rc = idstr_to_id (certidstr, &certid);
if (rc) if (rc)
@ -299,14 +300,15 @@ p15_read_cert (CARD card, const char *certidstr,
{ {
log_info ("failed to read certificate '%s': %s\n", log_info ("failed to read certificate '%s': %s\n",
certidstr, sc_strerror (rc)); certidstr, sc_strerror (rc));
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
*cert = xtrymalloc (certder->data_len); *cert = xtrymalloc (certder->data_len);
if (!*cert) if (!*cert)
{ {
gpg_error_t tmperr = out_of_core ();
sc_pkcs15_free_certificate (certder); sc_pkcs15_free_certificate (certder);
return GNUPG_Out_Of_Core; return tmperr;
} }
memcpy (*cert, certder->data, certder->data_len); memcpy (*cert, certder->data, certder->data_len);
*ncert = certder->data_len; *ncert = certder->data_len;
@ -337,7 +339,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
if (rc < 0) if (rc < 0)
{ {
log_error ("private key not found: %s\n", sc_strerror(rc)); log_error ("private key not found: %s\n", sc_strerror(rc));
return GNUPG_No_Secret_Key; return gpg_error (GPG_ERR_NO_SECRET_KEY);
} }
rc = sc_pkcs15_find_pin_by_auth_id (card->p15card, rc = sc_pkcs15_find_pin_by_auth_id (card->p15card,
@ -345,7 +347,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
if (rc) if (rc)
{ {
log_error ("failed to find PIN by auth ID: %s\n", sc_strerror (rc)); log_error ("failed to find PIN by auth ID: %s\n", sc_strerror (rc));
return GNUPG_Bad_PIN_Method; return gpg_error (GPG_ERR_BAD_PIN_METHOD);
} }
pin = pinobj->data; pin = pinobj->data;
@ -365,7 +367,7 @@ p15_prepare_key (CARD card, const char *keyidstr,
if (rc) if (rc)
{ {
log_info ("PIN verification failed: %s\n", sc_strerror (rc)); log_info ("PIN verification failed: %s\n", sc_strerror (rc));
return GNUPG_Bad_PIN; return gpg_error (GPG_ERR_BAD_PIN);
} }
/* fixme: check wheter we need to release KEYOBJ in case of an error */ /* fixme: check wheter we need to release KEYOBJ in case of an error */
@ -389,7 +391,7 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
size_t outbuflen; size_t outbuflen;
if (hashalgo != GCRY_MD_SHA1) if (hashalgo != GCRY_MD_SHA1)
return GNUPG_Unsupported_Algorithm; return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
rc = p15_prepare_key (card, keyidstr, pincb, pincb_arg, &keyobj); rc = p15_prepare_key (card, keyidstr, pincb, pincb_arg, &keyobj);
if (rc) if (rc)
@ -400,7 +402,7 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
outbuflen = 1024; outbuflen = 1024;
outbuf = xtrymalloc (outbuflen); outbuf = xtrymalloc (outbuflen);
if (!outbuf) if (!outbuf)
return GNUPG_Out_Of_Core; return out_of_core ();
rc = sc_pkcs15_compute_signature (card->p15card, keyobj, rc = sc_pkcs15_compute_signature (card->p15card, keyobj,
cryptflags, cryptflags,
@ -409,7 +411,7 @@ p15_sign (CARD card, const char *keyidstr, int hashalgo,
if (rc < 0) if (rc < 0)
{ {
log_error ("failed to create signature: %s\n", sc_strerror (rc)); log_error ("failed to create signature: %s\n", sc_strerror (rc));
rc = GNUPG_Card_Error; rc = gpg_error (GPG_ERR_CARD_ERROR);
} }
else else
{ {
@ -462,7 +464,7 @@ p15_decipher (CARD card, const char *keyidstr,
outbuflen = indatalen < 256? 256 : indatalen; outbuflen = indatalen < 256? 256 : indatalen;
outbuf = xtrymalloc (outbuflen); outbuf = xtrymalloc (outbuflen);
if (!outbuf) if (!outbuf)
return GNUPG_Out_Of_Core; return out_of_core ();
rc = sc_pkcs15_decipher (card->p15card, keyobj, rc = sc_pkcs15_decipher (card->p15card, keyobj,
0, 0,
@ -471,7 +473,7 @@ p15_decipher (CARD card, const char *keyidstr,
if (rc < 0) if (rc < 0)
{ {
log_error ("failed to decipher the data: %s\n", sc_strerror (rc)); log_error ("failed to decipher the data: %s\n", sc_strerror (rc));
rc = GNUPG_Card_Error; rc = gpg_error (GPG_ERR_CARD_ERROR);
} }
else else
{ {

98
scd/card.c
View File

@ -34,23 +34,25 @@
#include "card-common.h" #include "card-common.h"
/* Map the SC error codes to the GNUPG ones */ /* Map the SC error codes to the GNUPG ones */
int gpg_error_t
map_sc_err (int rc) map_sc_err (int rc)
{ {
gpg_err_code_t e;
switch (rc) switch (rc)
{ {
case 0: rc = 0; break; case 0: e = 0; break;
#ifdef HAVE_OPENSC #ifdef HAVE_OPENSC
case SC_ERROR_NOT_SUPPORTED: rc = GNUPG_Not_Supported; break; case SC_ERROR_NOT_SUPPORTED: e = GPG_ERR_NOT_SUPPORTED; break;
case SC_ERROR_PKCS15_APP_NOT_FOUND: rc = GNUPG_No_PKCS15_App; break; case SC_ERROR_PKCS15_APP_NOT_FOUND: e = GPG_ERR_NO_PKCS15_APP; break;
case SC_ERROR_OUT_OF_MEMORY: rc = GNUPG_Out_Of_Core; break; case SC_ERROR_OUT_OF_MEMORY: e = GPG_ERR_ENOMEM; break;
case SC_ERROR_CARD_NOT_PRESENT: rc = GNUPG_Card_Not_Present; break; case SC_ERROR_CARD_NOT_PRESENT: e = GPG_ERR_CARD_NOT_PRESENT; break;
case SC_ERROR_CARD_REMOVED: rc = GNUPG_Card_Removed; break; case SC_ERROR_CARD_REMOVED: e = GPG_ERR_CARD_REMOVED; break;
case SC_ERROR_INVALID_CARD: rc = GNUPG_Invalid_Card; break; case SC_ERROR_INVALID_CARD: e = GPG_ERR_INVALID_CARD; break;
#endif #endif
default: rc = GNUPG_Card_Error; break; default: e = GPG_ERR_CARD_ERROR; break;
} }
return rc; return gpg_make_error (GPG_ERR_SOURCE_UNKNOWN, e);
} }
/* Get the keygrip from CERT, return 0 on success */ /* Get the keygrip from CERT, return 0 on success */
@ -89,7 +91,7 @@ card_help_get_keygrip (KsbaCert cert, unsigned char *array)
information of the card. Detects whgether a PKCS_15 application is information of the card. Detects whgether a PKCS_15 application is
stored. stored.
Common errors: GNUPG_Card_Not_Present */ Common errors: GPG_ERR_CARD_NOT_PRESENT */
int int
card_open (CARD *rcard) card_open (CARD *rcard)
{ {
@ -99,7 +101,7 @@ card_open (CARD *rcard)
card = xtrycalloc (1, sizeof *card); card = xtrycalloc (1, sizeof *card);
if (!card) if (!card)
return GNUPG_Out_Of_Core; return out_of_core ();
card->reader = 0; card->reader = 0;
rc = sc_establish_context (&card->ctx, "scdaemon"); rc = sc_establish_context (&card->ctx, "scdaemon");
@ -112,7 +114,7 @@ card_open (CARD *rcard)
if (card->reader >= card->ctx->reader_count) if (card->reader >= card->ctx->reader_count)
{ {
log_error ("no card reader available\n"); log_error ("no card reader available\n");
rc = GNUPG_Card_Error; rc = gpg_error (GPG_ERR_CARD_ERROR);
goto leave; goto leave;
} }
card->ctx->error_file = log_get_stream (); card->ctx->error_file = log_get_stream ();
@ -121,7 +123,7 @@ card_open (CARD *rcard)
if (sc_detect_card_presence (card->ctx->reader[card->reader], 0) != 1) if (sc_detect_card_presence (card->ctx->reader[card->reader], 0) != 1)
{ {
rc = GNUPG_Card_Not_Present; rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
goto leave; goto leave;
} }
@ -155,7 +157,7 @@ card_open (CARD *rcard)
return rc; return rc;
#else #else
return GNUPG_Not_Supported; return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif #endif
} }
@ -240,7 +242,7 @@ find_iccsn (const unsigned char *buffer, size_t length, char **serial)
s = find_simple_tlv (buffer, length, 0x5A, &n); s = find_simple_tlv (buffer, length, 0x5A, &n);
if (!s) if (!s)
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
length -= s - buffer; length -= s - buffer;
if (n > length) if (n > length)
{ {
@ -255,14 +257,16 @@ find_iccsn (const unsigned char *buffer, size_t length, char **serial)
n--; n--;
} }
else else
return GNUPG_Card_Error; /* Bad encoding; does not fit into buffer. */ return gpg_error (GPG_ERR_CARD_ERROR); /* Bad encoding; does
not fit into
buffer. */
} }
if (!n) if (!n)
return GNUPG_Card_Error; /* Well, that is too short. */ return gpg_error (GPG_ERR_CARD_ERROR); /* Well, that is too short. */
*serial = p = xtrymalloc (2*n+1); *serial = p = xtrymalloc (2*n+1);
if (!*serial) if (!*serial)
return GNUPG_Out_Of_Core; return out_of_core ();
for (; n; n--, p += 2, s++) for (; n; n--, p += 2, s++)
sprintf (p, "%02X", *s); sprintf (p, "%02X", *s);
*p = 0; *p = 0;
@ -290,7 +294,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
#endif #endif
if (!card || !serial || !stamp) if (!card || !serial || !stamp)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
*serial = NULL; *serial = NULL;
*stamp = 0; /* not available */ *stamp = 0; /* not available */
@ -328,21 +332,21 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
if (rc) if (rc)
{ {
log_error ("sc_select_file failed: %s\n", sc_strerror (rc)); log_error ("sc_select_file failed: %s\n", sc_strerror (rc));
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
if (file->type != SC_FILE_TYPE_WORKING_EF if (file->type != SC_FILE_TYPE_WORKING_EF
|| file->ef_structure != SC_FILE_EF_TRANSPARENT) || file->ef_structure != SC_FILE_EF_TRANSPARENT)
{ {
log_error ("wrong type or structure of GDO file\n"); log_error ("wrong type or structure of GDO file\n");
sc_file_free (file); sc_file_free (file);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
if (!file->size || file->size >= DIM(buf) ) if (!file->size || file->size >= DIM(buf) )
{ /* FIXME: Use a real parser */ { /* FIXME: Use a real parser */
log_error ("unsupported size of GDO file (%d)\n", file->size); log_error ("unsupported size of GDO file (%d)\n", file->size);
sc_file_free (file); sc_file_free (file);
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
buflen = file->size; buflen = file->size;
@ -351,16 +355,16 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
if (rc < 0) if (rc < 0)
{ {
log_error ("error reading GDO file: %s\n", sc_strerror (rc)); log_error ("error reading GDO file: %s\n", sc_strerror (rc));
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
if (rc != buflen) if (rc != buflen)
{ {
log_error ("short read on GDO file\n"); log_error ("short read on GDO file\n");
return GNUPG_Card_Error; return gpg_error (GPG_ERR_CARD_ERROR);
} }
rc = find_iccsn (buf, buflen, serial); rc = find_iccsn (buf, buflen, serial);
if (rc == GNUPG_Card_Error) if (gpg_err_code (rc) == GPG_ERR_CARD_ERROR)
log_error ("invalid structure of GDO file\n"); log_error ("invalid structure of GDO file\n");
if (!rc && card->p15card && !strcmp (*serial, "D27600000000000000000000")) if (!rc && card->p15card && !strcmp (*serial, "D27600000000000000000000"))
{ /* This is a German card with a silly serial number. Try to get { /* This is a German card with a silly serial number. Try to get
@ -376,7 +380,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
*serial = NULL; *serial = NULL;
p = xtrymalloc (strlen (efser) + 7); p = xtrymalloc (strlen (efser) + 7);
if (!p) if (!p)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
else else
{ {
strcpy (p, "FF0100"); strcpy (p, "FF0100");
@ -392,7 +396,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
{ {
xfree (*serial); xfree (*serial);
*serial = NULL; *serial = NULL;
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
} }
else else
{ {
@ -404,7 +408,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
} }
return rc; return rc;
#else #else
return GNUPG_Not_Supported; return gpg_error (GPG_ERR_NOT_SUPPORTED);
#endif #endif
} }
@ -415,7 +419,7 @@ card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp)
the KEYGRIP of the keypair. If KEYID is not NULL, it returns the the KEYGRIP of the keypair. If KEYID is not NULL, it returns the
ID field of the key in allocated memory; this is a string without ID field of the key in allocated memory; this is a string without
spaces. The function returns -1 when all keys have been spaces. The function returns -1 when all keys have been
enumerated. Note that the error GNUPG_Missing_Certificate may be enumerated. Note that the error GPG_ERR_MISSING_CERTIFICATE may be
returned if there is just the private key but no public key (ie.e a returned if there is just the private key but no public key (ie.e a
certificate) available. Applications might want to continue certificate) available. Applications might want to continue
enumerating after this error.*/ enumerating after this error.*/
@ -430,13 +434,13 @@ card_enum_keypairs (CARD card, int idx,
*keyid = NULL; *keyid = NULL;
if (!card || !keygrip) if (!card || !keygrip)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (idx < 0) if (idx < 0)
return GNUPG_Invalid_Index; return gpg_error (GPG_ERR_INVALID_INDEX);
if (!card->fnc.initialized) if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized; return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.enum_keypairs) if (!card->fnc.enum_keypairs)
return GNUPG_Unsupported_Operation; return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.enum_keypairs (card, idx, keygrip, keyid); rc = card->fnc.enum_keypairs (card, idx, keygrip, keyid);
if (opt.verbose) if (opt.verbose)
log_info ("card operation enum_keypairs result: %s\n", log_info ("card operation enum_keypairs result: %s\n",
@ -462,13 +466,13 @@ card_enum_certs (CARD card, int idx, char **certid, int *certtype)
*certid = NULL; *certid = NULL;
if (!card) if (!card)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (idx < 0) if (idx < 0)
return GNUPG_Invalid_Index; return gpg_error (GPG_ERR_INVALID_INDEX);
if (!card->fnc.initialized) if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized; return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.enum_certs) if (!card->fnc.enum_certs)
return GNUPG_Unsupported_Operation; return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.enum_certs (card, idx, certid, certtype); rc = card->fnc.enum_certs (card, idx, certid, certtype);
if (opt.verbose) if (opt.verbose)
log_info ("card operation enum_certs result: %s\n", log_info ("card operation enum_certs result: %s\n",
@ -489,11 +493,11 @@ card_read_cert (CARD card, const char *certidstr,
int rc; int rc;
if (!card || !certidstr || !cert || !ncert) if (!card || !certidstr || !cert || !ncert)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (!card->fnc.initialized) if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized; return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.read_cert) if (!card->fnc.read_cert)
return GNUPG_Unsupported_Operation; return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.read_cert (card, certidstr, cert, ncert); rc = card->fnc.read_cert (card, certidstr, cert, ncert);
if (opt.verbose) if (opt.verbose)
log_info ("card operation read_cert result: %s\n", gnupg_strerror (rc)); log_info ("card operation read_cert result: %s\n", gnupg_strerror (rc));
@ -514,11 +518,11 @@ card_sign (CARD card, const char *keyidstr, int hashalgo,
int rc; int rc;
if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb) if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (!card->fnc.initialized) if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized; return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.sign) if (!card->fnc.sign)
return GNUPG_Unsupported_Operation; return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.sign (card, keyidstr, hashalgo, rc = card->fnc.sign (card, keyidstr, hashalgo,
pincb, pincb_arg, pincb, pincb_arg,
indata, indatalen, indata, indatalen,
@ -542,11 +546,11 @@ card_decipher (CARD card, const char *keyidstr,
int rc; int rc;
if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb) if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INV_VALUE);
if (!card->fnc.initialized) if (!card->fnc.initialized)
return GNUPG_Card_Not_Initialized; return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED);
if (!card->fnc.decipher) if (!card->fnc.decipher)
return GNUPG_Unsupported_Operation; return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
rc = card->fnc.decipher (card, keyidstr, rc = card->fnc.decipher (card, keyidstr,
pincb, pincb_arg, pincb, pincb_arg,
indata, indatalen, indata, indatalen,

14
scd/command.c
View File

@ -233,7 +233,7 @@ cmd_learn (ASSUAN_CONTEXT ctx, char *line)
buf = xtrymalloc (40 + 1 + strlen (certid) + 1); buf = xtrymalloc (40 + 1 + strlen (certid) + 1);
if (!buf) if (!buf)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
else else
{ {
sprintf (buf, "%d %s", certtype, certid); sprintf (buf, "%d %s", certtype, certid);
@ -255,7 +255,7 @@ cmd_learn (ASSUAN_CONTEXT ctx, char *line)
int no_cert = 0; int no_cert = 0;
rc = card_enum_keypairs (ctrl->card_ctx, idx, keygrip, &keyid); rc = card_enum_keypairs (ctrl->card_ctx, idx, keygrip, &keyid);
if (rc == GNUPG_Missing_Certificate && keyid) if (gpg_err_code (rc) == GPG_ERR_MISSING_CERT && keyid)
{ {
/* this does happen with an incomplete personalized /* this does happen with an incomplete personalized
card; i.e. during the time we have stored the key on the card; i.e. during the time we have stored the key on the
@ -271,7 +271,7 @@ cmd_learn (ASSUAN_CONTEXT ctx, char *line)
buf = p = xtrymalloc (40 + 1 + strlen (keyid) + 1); buf = p = xtrymalloc (40 + 1 + strlen (keyid) + 1);
if (!buf) if (!buf)
rc = GNUPG_Out_Of_Core; rc = out_of_core ();
else else
{ {
int i; int i;
@ -358,8 +358,8 @@ cmd_readkey (ASSUAN_CONTEXT ctx, char *line)
kc = ksba_cert_new (); kc = ksba_cert_new ();
if (!kc) if (!kc)
{ {
rc = out_of_core ();
xfree (cert); xfree (cert);
rc = GNUPG_Out_Of_Core;
goto leave; goto leave;
} }
rc = ksba_cert_init_from_mem (kc, cert, ncert); rc = ksba_cert_init_from_mem (kc, cert, ncert);
@ -373,7 +373,7 @@ cmd_readkey (ASSUAN_CONTEXT ctx, char *line)
p = ksba_cert_get_public_key (kc); p = ksba_cert_get_public_key (kc);
if (!p) if (!p)
{ {
rc = GNUPG_No_Public_Key; rc = gpg_error (GPG_ERR_NO_PUBKEY);
goto leave; goto leave;
} }
@ -439,7 +439,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
rc = asprintf (&command, "NEEDPIN %s", info); rc = asprintf (&command, "NEEDPIN %s", info);
if (rc < 0) if (rc < 0)
return GNUPG_Out_Of_Core; return out_of_core ();
/* FIXME: Write an inquire function which returns the result in /* FIXME: Write an inquire function which returns the result in
secure memory */ secure memory */
@ -452,7 +452,7 @@ pin_cb (void *opaque, const char *info, char **retstr)
{ {
/* We require that the returned value is an UTF-8 string */ /* We require that the returned value is an UTF-8 string */
xfree (value); xfree (value);
return GNUPG_Invalid_Response; return gpg_error (GPG_ERR_INVALID_RESPONSE);
} }
*retstr = value; *retstr = value;
return 0; return 0;

12
scd/scdaemon.c
View File

@ -69,7 +69,6 @@ enum cmd_and_opt_values
oDaemon, oDaemon,
oBatch, oBatch,
oReaderPort, oReaderPort,
oPrintATR,
aTest }; aTest };
@ -93,7 +92,6 @@ static ARGPARSE_OPTS opts[] = {
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")}, { oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
{ oLogFile, "log-file" ,2, N_("use a log file for the server")}, { oLogFile, "log-file" ,2, N_("use a log file for the server")},
{ oReaderPort, "reader-port", 1, N_("|N|connect to reader at port N")}, { oReaderPort, "reader-port", 1, N_("|N|connect to reader at port N")},
{ oPrintATR, "print-atr", 0, N_("print ATR and exit")},
{0} {0}
}; };
@ -233,9 +231,6 @@ main (int argc, char **argv )
char *logfile = NULL; char *logfile = NULL;
int debug_wait = 0; int debug_wait = 0;
int reader_port = 32768; /* First USB reader. */ int reader_port = 32768; /* First USB reader. */
int print_atr = 0;
set_strusage (my_strusage); set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
@ -371,7 +366,6 @@ main (int argc, char **argv )
case oDaemon: is_daemon = 1; break; case oDaemon: is_daemon = 1; break;
case oReaderPort: reader_port = pargs.r.ret_int; break; case oReaderPort: reader_port = pargs.r.ret_int; break;
case oPrintATR: print_atr = 1; break;
default : pargs.err = configfp? 1:2; break; default : pargs.err = configfp? 1:2; break;
} }
@ -410,12 +404,6 @@ main (int argc, char **argv )
} }
if (print_atr)
{
apdu_open_reader (reader_port);
scd_exit (0);
}
if (debug_wait && pipe_server) if (debug_wait && pipe_server)
{ {
log_debug ("waiting for debugger - my pid is %u .....\n", log_debug ("waiting for debugger - my pid is %u .....\n",

20
scd/scdaemon.h
View File

@ -1,5 +1,5 @@
/* scdaemon.h - Global definitions for the SCdaemon /* scdaemon.h - Global definitions for the SCdaemon
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -21,11 +21,27 @@
#ifndef SCDAEMON_H #ifndef SCDAEMON_H
#define SCDAEMON_H #define SCDAEMON_H
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_SCD
#include <gpg-error.h>
#include <errno.h>
#include <time.h> #include <time.h>
#include <gcrypt.h> #include <gcrypt.h>
#include "../common/util.h" #include "../common/util.h"
#include "../common/errors.h" #include "../common/errors.h"
/* Convenience funcion to be used instead of returning the old
GNUPG_Out_Of_Core. */
static __inline__ gpg_error_t
out_of_core (void)
{
return gpg_error (gpg_err_code_from_errno (errno));
}
#define MAX_DIGEST_LEN 24 #define MAX_DIGEST_LEN 24
/* A large struct name "opt" to keep global flags */ /* A large struct name "opt" to keep global flags */
@ -48,6 +64,7 @@ struct {
#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
#define DBG_HASHING_VALUE 512 /* debug hashing operations */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */
#define DBG_ASSUAN_VALUE 1024 #define DBG_ASSUAN_VALUE 1024
#define DBG_CARD_IO_VALUE 2048
#define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE) #define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE)
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
@ -55,6 +72,7 @@ struct {
#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) #define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE)
#define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
struct server_local_s; struct server_local_s;
struct card_ctx_s; struct card_ctx_s;

7
sm/ChangeLog
View File

@ -1,3 +1,10 @@
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* gpgsm.h: Include gpg-error.h .
* Makefile.am: Link with libgpg-error.
2003-04-29 Werner Koch <wk@gnupg.org> 2003-04-29 Werner Koch <wk@gnupg.org>
* Makefile.am: Use libassuan. Don't override LDFLAGS anymore. * Makefile.am: Use libassuan. Don't override LDFLAGS anymore.

4
sm/Makefile.am
View File

@ -51,6 +51,4 @@ gpgsm_SOURCES = \
gpgsm_LDADD = ../jnlib/libjnlib.a ../kbx/libkeybox.a ../common/libcommon.a \ gpgsm_LDADD = ../jnlib/libjnlib.a ../kbx/libkeybox.a ../common/libcommon.a \
$(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(KSBA_LIBS) -lgpg-error

14
sm/base64.c
View File

@ -1,5 +1,5 @@
/* base64.c /* base64.c
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -482,7 +482,7 @@ base64_finish_write (struct writer_cb_parm_s *parm)
fputs (parm->pem_name, fp); fputs (parm->pem_name, fp);
fputs ("-----\n", fp); fputs ("-----\n", fp);
} }
return ferror (fp)? GNUPG_Write_Error : 0; return ferror (fp)? gpg_error (gpg_err_code_from_errno (errno)) : 0;
} }
@ -504,13 +504,13 @@ gpgsm_create_reader (Base64Context *ctx,
*r_reader = NULL; *r_reader = NULL;
*ctx = xtrycalloc (1, sizeof **ctx); *ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx) if (!*ctx)
return seterr (Out_Of_Core); return OUT_OF_CORE (errno);
r = ksba_reader_new (); r = ksba_reader_new ();
if (!r) if (!r)
{ {
xfree (*ctx); *ctx = NULL; xfree (*ctx); *ctx = NULL;
return seterr (Out_Of_Core); return gpg_error (GPG_ERR_ENOMEM);
} }
(*ctx)->u.rparm.fp = fp; (*ctx)->u.rparm.fp = fp;
@ -569,13 +569,13 @@ gpgsm_create_writer (Base64Context *ctx,
*r_writer = NULL; *r_writer = NULL;
*ctx = xtrycalloc (1, sizeof **ctx); *ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx) if (!*ctx)
return seterr (Out_Of_Core); return OUT_OF_CORE (errno);
w = ksba_writer_new (); w = ksba_writer_new ();
if (!w) if (!w)
{ {
xfree (*ctx); *ctx = NULL; xfree (*ctx); *ctx = NULL;
return seterr (Out_Of_Core); return gpg_error (GPG_ERR_ENOMEM);
} }
if (ctrl->create_pem || ctrl->create_base64) if (ctrl->create_pem || ctrl->create_base64)
@ -607,7 +607,7 @@ gpgsm_finish_writer (Base64Context ctx)
struct writer_cb_parm_s *parm; struct writer_cb_parm_s *parm;
if (!ctx) if (!ctx)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
parm = &ctx->u.wparm; parm = &ctx->u.wparm;
if (parm->did_finish) if (parm->did_finish)
return 0; /* already done */ return 0; /* already done */

62
sm/call-agent.c
View File

@ -1,5 +1,5 @@
/* call-agent.c - divert operations to the agent /* call-agent.c - divert operations to the agent
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -30,9 +30,9 @@
#ifdef HAVE_LOCALE_H #ifdef HAVE_LOCALE_H
#include <locale.h> #include <locale.h>
#endif #endif
#include <assuan.h>
#include "gpgsm.h" #include "gpgsm.h"
#include "../assuan/assuan.h"
#include "i18n.h" #include "i18n.h"
#include "keydb.h" /* fixme: Move this to import.c */ #include "keydb.h" /* fixme: Move this to import.c */
@ -159,8 +159,9 @@ start_agent (void)
if (fflush (NULL)) if (fflush (NULL))
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno)); log_error ("error flushing pending output: %s\n", strerror (errno));
return seterr (Write_Error); return tmperr;
} }
if (!opt.agent_program || !*opt.agent_program) if (!opt.agent_program || !*opt.agent_program)
@ -224,7 +225,7 @@ start_agent (void)
if (rc) if (rc)
{ {
log_error ("can't connect to the agent: %s\n", assuan_strerror (rc)); log_error ("can't connect to the agent: %s\n", assuan_strerror (rc));
return seterr (No_Agent); return gpg_error (GPG_ERR_NO_AGENT);
} }
agent_ctx = ctx; agent_ctx = ctx;
@ -241,7 +242,7 @@ start_agent (void)
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION display=%s", if (asprintf (&optstr, "OPTION display=%s",
opt.display ? opt.display : dft_display) < 0) opt.display ? opt.display : dft_display) < 0)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL); NULL);
free (optstr); free (optstr);
@ -259,7 +260,7 @@ start_agent (void)
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION ttyname=%s", if (asprintf (&optstr, "OPTION ttyname=%s",
opt.ttyname ? opt.ttyname : dft_ttyname) < 0) opt.ttyname ? opt.ttyname : dft_ttyname) < 0)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL); NULL);
free (optstr); free (optstr);
@ -272,7 +273,7 @@ start_agent (void)
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION ttytype=%s", if (asprintf (&optstr, "OPTION ttytype=%s",
opt.ttyname ? opt.ttytype : dft_ttytype) < 0) opt.ttyname ? opt.ttytype : dft_ttytype) < 0)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL); NULL);
free (optstr); free (optstr);
@ -285,7 +286,7 @@ start_agent (void)
{ {
old_lc = strdup (old_lc); old_lc = strdup (old_lc);
if (!old_lc) if (!old_lc)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
} }
dft_lc = setlocale (LC_CTYPE, ""); dft_lc = setlocale (LC_CTYPE, "");
#endif #endif
@ -294,7 +295,7 @@ start_agent (void)
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION lc-ctype=%s", if (asprintf (&optstr, "OPTION lc-ctype=%s",
opt.lc_ctype ? opt.lc_ctype : dft_lc) < 0) opt.lc_ctype ? opt.lc_ctype : dft_lc) < 0)
rc = GNUPG_Out_Of_Core; rc = OUT_OF_CORE (errno);
else else
{ {
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
@ -319,7 +320,7 @@ start_agent (void)
{ {
old_lc = strdup (old_lc); old_lc = strdup (old_lc);
if (!old_lc) if (!old_lc)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
} }
dft_lc = setlocale (LC_MESSAGES, ""); dft_lc = setlocale (LC_MESSAGES, "");
#endif #endif
@ -328,7 +329,7 @@ start_agent (void)
char *optstr; char *optstr;
if (asprintf (&optstr, "OPTION lc-messages=%s", if (asprintf (&optstr, "OPTION lc-messages=%s",
opt.lc_messages ? opt.lc_messages : dft_lc) < 0) opt.lc_messages ? opt.lc_messages : dft_lc) < 0)
rc = GNUPG_Out_Of_Core; rc = OUT_OF_CORE (errno);
else else
{ {
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL, rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
@ -381,7 +382,7 @@ gpgsm_agent_pksign (const char *keygrip,
return rc; return rc;
if (digestlen*2 + 50 > DIM(line)) if (digestlen*2 + 50 > DIM(line))
return seterr (General_Error); return gpg_error (GPG_ERR_GENERAL);
rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); rc = assuan_transact (agent_ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL);
if (rc) if (rc)
@ -414,10 +415,10 @@ gpgsm_agent_pksign (const char *keygrip,
if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL)) if (!gcry_sexp_canon_len (*r_buf, *r_buflen, NULL, NULL))
{ {
xfree (*r_buf); *r_buf = NULL; xfree (*r_buf); *r_buf = NULL;
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
} }
return *r_buf? 0 : GNUPG_Out_Of_Core; return *r_buf? 0 : OUT_OF_CORE (errno);
} }
@ -454,12 +455,12 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
size_t ciphertextlen; size_t ciphertextlen;
if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen) if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
*r_buf = NULL; *r_buf = NULL;
ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL); ciphertextlen = gcry_sexp_canon_len (ciphertext, 0, NULL, NULL);
if (!ciphertextlen) if (!ciphertextlen)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
rc = start_agent (); rc = start_agent ();
if (rc) if (rc)
@ -492,16 +493,17 @@ gpgsm_agent_pkdecrypt (const char *keygrip,
put_membuf (&data, "", 1); /* make sure it is 0 terminated */ put_membuf (&data, "", 1); /* make sure it is 0 terminated */
buf = get_membuf (&data, &len); buf = get_membuf (&data, &len);
if (!buf) if (!buf)
return seterr (Out_Of_Core); return gpg_error (GPG_ERR_ENOMEM);
/* FIXME: We would better a return a full S-exp and not just a part */ /* FIXME: We would better a return a full S-exp and not just a part */
assert (len); assert (len);
len--; /* remove the terminating 0 */ len--; /* remove the terminating 0 */
n = strtoul (buf, &endp, 10); n = strtoul (buf, &endp, 10);
if (!n || *endp != ':') if (!n || *endp != ':')
return seterr (Invalid_Sexp); return gpg_error (GPG_ERR_INVALID_SEXP);
endp++; endp++;
if (endp-buf+n > len) if (endp-buf+n > len)
return seterr (Invalid_Sexp); /* oops len does not match internal len*/ return gpg_error (GPG_ERR_INVALID_SEXP); /* oops len does not
match internal len*/
memmove (buf, endp, n); memmove (buf, endp, n);
*r_buflen = n; *r_buflen = n;
*r_buf = buf; *r_buf = buf;
@ -550,7 +552,7 @@ gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
gk_parm.sexp = keyparms; gk_parm.sexp = keyparms;
gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL); gk_parm.sexplen = gcry_sexp_canon_len (keyparms, 0, NULL, NULL);
if (!gk_parm.sexplen) if (!gk_parm.sexplen)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
rc = assuan_transact (agent_ctx, "GENKEY", rc = assuan_transact (agent_ctx, "GENKEY",
membuf_data_cb, &data, membuf_data_cb, &data,
inq_genkey_parms, &gk_parm, NULL, NULL); inq_genkey_parms, &gk_parm, NULL, NULL);
@ -561,11 +563,11 @@ gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
} }
buf = get_membuf (&data, &len); buf = get_membuf (&data, &len);
if (!buf) if (!buf)
return GNUPG_Out_Of_Core; return gpg_error (GPG_ERR_ENOMEM);
if (!gcry_sexp_canon_len (buf, len, NULL, NULL)) if (!gcry_sexp_canon_len (buf, len, NULL, NULL))
{ {
xfree (buf); xfree (buf);
return GNUPG_Invalid_Sexp; return gpg_error (GPG_ERR_INVALID_SEXP);
} }
*r_pubkey = buf; *r_pubkey = buf;
return 0; return 0;
@ -589,7 +591,7 @@ gpgsm_agent_istrusted (KsbaCert cert)
if (!fpr) if (!fpr)
{ {
log_error ("error getting the fingerprint\n"); log_error ("error getting the fingerprint\n");
return seterr (General_Error); return gpg_error (GPG_ERR_GENERAL);
} }
snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr); snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
@ -616,14 +618,14 @@ gpgsm_agent_marktrusted (KsbaCert cert)
if (!fpr) if (!fpr)
{ {
log_error ("error getting the fingerprint\n"); log_error ("error getting the fingerprint\n");
return seterr (General_Error); return gpg_error (GPG_ERR_GENERAL);
} }
dn = ksba_cert_get_issuer (cert, 0); dn = ksba_cert_get_issuer (cert, 0);
if (!dn) if (!dn)
{ {
xfree (fpr); xfree (fpr);
return seterr (General_Error); return gpg_error (GPG_ERR_GENERAL);
} }
snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn); snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
line[DIM(line)-1] = 0; line[DIM(line)-1] = 0;
@ -649,7 +651,7 @@ gpgsm_agent_havekey (const char *hexkeygrip)
return rc; return rc;
if (!hexkeygrip || strlen (hexkeygrip) != 40) if (!hexkeygrip || strlen (hexkeygrip) != 40)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip); snprintf (line, DIM(line)-1, "HAVEKEY %s", hexkeygrip);
line[DIM(line)-1] = 0; line[DIM(line)-1] = 0;
@ -680,7 +682,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
buf = get_membuf (parm->data, &len); buf = get_membuf (parm->data, &len);
if (!buf) if (!buf)
{ {
parm->error = GNUPG_Out_Of_Core; parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0; return 0;
} }
@ -689,7 +691,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
cert = ksba_cert_new (); cert = ksba_cert_new ();
if (!cert) if (!cert)
{ {
parm->error = GNUPG_Out_Of_Core; parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0; return 0;
} }
rc = ksba_cert_init_from_mem (cert, buf, len); rc = ksba_cert_init_from_mem (cert, buf, len);
@ -702,7 +704,7 @@ learn_cb (void *opaque, const void *buffer, size_t length)
} }
rc = gpgsm_basic_cert_check (cert); rc = gpgsm_basic_cert_check (cert);
if (rc == GNUPG_Missing_Certificate) if (gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
{ /* For later use we store it in the ephemeral database. */ { /* For later use we store it in the ephemeral database. */
log_info ("issuer certificate missing - storing as ephemeral\n"); log_info ("issuer certificate missing - storing as ephemeral\n");
keydb_store_cert (cert, 1, NULL); keydb_store_cert (cert, 1, NULL);
@ -766,7 +768,7 @@ gpgsm_agent_passwd (const char *hexkeygrip)
return rc; return rc;
if (!hexkeygrip || strlen (hexkeygrip) != 40) if (!hexkeygrip || strlen (hexkeygrip) != 40)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip); snprintf (line, DIM(line)-1, "PASSWD %s", hexkeygrip);
line[DIM(line)-1] = 0; line[DIM(line)-1] = 0;

25
sm/call-dirmngr.c
View File

@ -1,5 +1,5 @@
/* call-dirmngr.c - communication with the dromngr /* call-dirmngr.c - communication with the dromngr
* Copyright (C) 2002 Free Software Foundation, Inc. * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -29,9 +29,9 @@
#include <ctype.h> #include <ctype.h>
#include <gcrypt.h> #include <gcrypt.h>
#include <assuan.h>
#include "gpgsm.h" #include "gpgsm.h"
#include "../assuan/assuan.h"
#include "i18n.h" #include "i18n.h"
struct membuf { struct membuf {
@ -154,8 +154,9 @@ start_dirmngr (void)
if (fflush (NULL)) if (fflush (NULL))
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("error flushing pending output: %s\n", strerror (errno)); log_error ("error flushing pending output: %s\n", strerror (errno));
return seterr (Write_Error); return tmperr;
} }
if (!opt.dirmngr_program || !*opt.dirmngr_program) if (!opt.dirmngr_program || !*opt.dirmngr_program)
@ -219,7 +220,7 @@ start_dirmngr (void)
if (rc) if (rc)
{ {
log_error ("can't connect to the dirmngr: %s\n", assuan_strerror (rc)); log_error ("can't connect to the dirmngr: %s\n", assuan_strerror (rc));
return seterr (No_Dirmngr); return gpg_error (GPG_ERR_NO_DIRMNGR);
} }
dirmngr_ctx = ctx; dirmngr_ctx = ctx;
@ -284,9 +285,9 @@ inq_certificate (void *opaque, const char *line)
/* Call the directory manager to check whether the certificate is valid /* Call the directory manager to check whether the certificate is valid
Returns 0 for valid or usually one of the errors: Returns 0 for valid or usually one of the errors:
GNUPG_Certificate_Revoked GPG_ERR_CERTIFICATE_REVOKED
GNUPG_No_CRL_Known GPG_ERR NO_CRL_KNOWN
GNUPG_CRL_Too_Old GPG_ERR_CRL_TOO_OLD
*/ */
int int
gpgsm_dirmngr_isvalid (KsbaCert cert) gpgsm_dirmngr_isvalid (KsbaCert cert)
@ -304,7 +305,7 @@ gpgsm_dirmngr_isvalid (KsbaCert cert)
if (!certid) if (!certid)
{ {
log_error ("error getting the certificate ID\n"); log_error ("error getting the certificate ID\n");
return seterr (General_Error); return gpg_error (GPG_ERR_GENERAL);
} }
if (opt.verbose > 1) if (opt.verbose > 1)
@ -352,14 +353,14 @@ lookup_cb (void *opaque, const void *buffer, size_t length)
buf = get_membuf (&parm->data, &len); buf = get_membuf (&parm->data, &len);
if (!buf) if (!buf)
{ {
parm->error = GNUPG_Out_Of_Core; parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0; return 0;
} }
cert = ksba_cert_new (); cert = ksba_cert_new ();
if (!cert) if (!cert)
{ {
parm->error = GNUPG_Out_Of_Core; parm->error = gpg_error (GPG_ERR_ENOMEM);
return 0; return 0;
} }
rc = ksba_cert_init_from_mem (cert, buf, len); rc = ksba_cert_init_from_mem (cert, buf, len);
@ -475,7 +476,7 @@ gpgsm_dirmngr_lookup (CTRL ctrl, STRLIST names,
pattern = pattern_from_strlist (names); pattern = pattern_from_strlist (names);
if (!pattern) if (!pattern)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
snprintf (line, DIM(line)-1, "LOOKUP %s", pattern); snprintf (line, DIM(line)-1, "LOOKUP %s", pattern);
line[DIM(line)-1] = 0; line[DIM(line)-1] = 0;
xfree (pattern); xfree (pattern);
@ -598,7 +599,7 @@ gpgsm_dirmngr_run_command (CTRL ctrl, const char *command,
len += 1 + 3*strlen (argv[i]); /* enough space for percent escaping */ len += 1 + 3*strlen (argv[i]); /* enough space for percent escaping */
line = xtrymalloc (len); line = xtrymalloc (len);
if (!line) if (!line)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
p = stpcpy (line, command); p = stpcpy (line, command);
for (i=0; i < argc; i++) for (i=0; i < argc; i++)

89
sm/certchain.c
View File

@ -1,5 +1,5 @@
/* certchain.c - certificate chain validation /* certchain.c - certificate chain validation
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -58,7 +58,7 @@ unknown_criticals (KsbaCert cert)
{ {
log_error (_("critical certificate extension %s is not supported\n"), log_error (_("critical certificate extension %s is not supported\n"),
oid); oid);
rc = GNUPG_Unsupported_Certificate; rc = gpg_error (GPG_ERR_UNSUPPORTED_CERT);
} }
} }
if (err && err != -1) if (err && err != -1)
@ -79,7 +79,7 @@ allowed_ca (KsbaCert cert, int *chainlen)
if (!flag) if (!flag)
{ {
log_error (_("issuer certificate is not marked as a CA\n")); log_error (_("issuer certificate is not marked as a CA\n"));
return GNUPG_Bad_CA_Certificate; return gpg_error (GPG_ERR_BAD_CA_CERT);
} }
return 0; return 0;
} }
@ -116,7 +116,7 @@ check_cert_policy (KsbaCert cert)
if (any_critical) if (any_critical)
{ {
log_error ("critical marked policy without configured policies\n"); log_error ("critical marked policy without configured policies\n");
return GNUPG_No_Policy_Match; return gpg_error (GPG_ERR_NO_POLICY_MATCH);
} }
return 0; return 0;
} }
@ -127,7 +127,7 @@ check_cert_policy (KsbaCert cert)
log_error ("failed to open `%s': %s\n", log_error ("failed to open `%s': %s\n",
opt.policy_file, strerror (errno)); opt.policy_file, strerror (errno));
xfree (policies); xfree (policies);
return GNUPG_No_Policy_Match; return gpg_error (GPG_ERR_NO_POLICY_MATCH);
} }
for (;;) for (;;)
@ -141,6 +141,8 @@ check_cert_policy (KsbaCert cert)
{ {
if (!fgets (line, DIM(line)-1, fp) ) if (!fgets (line, DIM(line)-1, fp) )
{ {
gpg_error_t tmperr;
xfree (policies); xfree (policies);
if (feof (fp)) if (feof (fp))
{ {
@ -152,10 +154,11 @@ check_cert_policy (KsbaCert cert)
return 0; return 0;
} }
log_error (_("certificate policy not allowed\n")); log_error (_("certificate policy not allowed\n"));
return GNUPG_No_Policy_Match; return gpg_error (GPG_ERR_NO_POLICY_MATCH);
} }
tmperr = gpg_error (gpg_err_code_from_errno (errno));
fclose (fp); fclose (fp);
return GNUPG_Read_Error; return tmperr;
} }
if (!*line || line[strlen(line)-1] != '\n') if (!*line || line[strlen(line)-1] != '\n')
@ -165,7 +168,8 @@ check_cert_policy (KsbaCert cert)
; ;
fclose (fp); fclose (fp);
xfree (policies); xfree (policies);
return *line? GNUPG_Line_Too_Long: GNUPG_Incomplete_Line; return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
: GPG_ERR_INCOMPLETE_LINE);
} }
/* Allow for empty lines and spaces */ /* Allow for empty lines and spaces */
@ -182,7 +186,7 @@ check_cert_policy (KsbaCert cert)
{ {
fclose (fp); fclose (fp);
xfree (policies); xfree (policies);
return GNUPG_Configuration_Error; return gpg_error (GPG_ERR_CONFIGURATION_ERROR);
} }
*p = 0; /* strip the rest of the line */ *p = 0; /* strip the rest of the line */
/* See whether we find ALLOWED (which is an OID) in POLICIES */ /* See whether we find ALLOWED (which is an OID) in POLICIES */
@ -288,7 +292,7 @@ find_up (KEYDB_HANDLE kh, KsbaCert cert, const char *issuer)
pattern = xtrymalloc (strlen (s)+2); pattern = xtrymalloc (strlen (s)+2);
if (!pattern) if (!pattern)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
strcpy (stpcpy (pattern, "/"), s); strcpy (stpcpy (pattern, "/"), s);
add_to_strlist (&names, pattern); add_to_strlist (&names, pattern);
xfree (pattern); xfree (pattern);
@ -332,7 +336,7 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
if (!kh) if (!kh)
{ {
log_error (_("failed to allocated keyDB handle\n")); log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
@ -341,13 +345,13 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
if (!issuer) if (!issuer)
{ {
log_error ("no issuer found in certificate\n"); log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate; rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
if (!subject) if (!subject)
{ {
log_error ("no subject found in certificate\n"); log_error ("no subject found in certificate\n");
rc = GNUPG_Bad_Certificate; rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
@ -364,7 +368,7 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
print an error here */ print an error here */
if (rc != -1 && opt.verbose > 1) if (rc != -1 && opt.verbose > 1)
log_error ("failed to find issuer's certificate: rc=%d\n", rc); log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate; rc = gpg_error (GPG_ERR_MISSING_CERT);
goto leave; goto leave;
} }
@ -372,7 +376,7 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
if (rc) if (rc)
{ {
log_error ("failed to get cert: rc=%d\n", rc); log_error ("failed to get cert: rc=%d\n", rc);
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
} }
leave: leave:
@ -431,7 +435,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (!kh) if (!kh)
{ {
log_error (_("failed to allocated keyDB handle\n")); log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
@ -451,7 +455,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (!issuer) if (!issuer)
{ {
log_error ("no issuer found in certificate\n"); log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate; rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
@ -463,7 +467,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (not_before == (time_t)(-1) || not_after == (time_t)(-1)) if (not_before == (time_t)(-1) || not_after == (time_t)(-1))
{ {
log_error ("certificate with invalid validity\n"); log_error ("certificate with invalid validity\n");
rc = GNUPG_Bad_Certificate; rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
@ -480,7 +484,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
log_error ("certificate too young; valid from "); log_error ("certificate too young; valid from ");
gpgsm_dump_time (not_before); gpgsm_dump_time (not_before);
log_printf ("\n"); log_printf ("\n");
rc = GNUPG_Certificate_Too_Young; rc = gpg_error (GPG_ERR_CERT_TOO_YOUNG);
goto leave; goto leave;
} }
if (not_after && current_time > not_after) if (not_after && current_time > not_after)
@ -499,7 +503,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (!opt.no_policy_check) if (!opt.no_policy_check)
{ {
rc = check_cert_policy (subject_cert); rc = check_cert_policy (subject_cert);
if (rc == GNUPG_No_Policy_Match) if (gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH)
{ {
any_no_policy_match = 1; any_no_policy_match = 1;
rc = 1; rc = 1;
@ -515,15 +519,15 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
{ {
switch (rc) switch (rc)
{ {
case GNUPG_Certificate_Revoked: case GPG_ERR_CERT_REVOKED:
log_error (_("the certificate has been revoked\n")); log_error (_("the certificate has been revoked\n"));
any_revoked = 1; any_revoked = 1;
break; break;
case GNUPG_No_CRL_Known: case GPG_ERR_NO_CRL_KNOWN:
log_error (_("no CRL found for certificate\n")); log_error (_("no CRL found for certificate\n"));
any_no_crl = 1; any_no_crl = 1;
break; break;
case GNUPG_CRL_Too_Old: case GPG_ERR_CRL_TOO_OLD:
log_error (_("the available CRL is too old\n")); log_error (_("the available CRL is too old\n"));
log_info (_("please make sure that the " log_info (_("please make sure that the "
"\"dirmngr\" is properly installed\n")); "\"dirmngr\" is properly installed\n"));
@ -531,7 +535,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
break; break;
default: default:
log_error (_("checking the CRL failed: %s\n"), log_error (_("checking the CRL failed: %s\n"),
gnupg_strerror (rc)); gpg_strerror (rc));
goto leave; goto leave;
} }
rc = 0; rc = 0;
@ -543,7 +547,8 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (gpgsm_check_cert_sig (subject_cert, subject_cert) ) if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
{ {
log_error ("selfsigned certificate has a BAD signatures\n"); log_error ("selfsigned certificate has a BAD signatures\n");
rc = depth? GNUPG_Bad_Certificate_Chain : GNUPG_Bad_Certificate; rc = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN
: GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
rc = allowed_ca (subject_cert, NULL); rc = allowed_ca (subject_cert, NULL);
@ -553,7 +558,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
rc = gpgsm_agent_istrusted (subject_cert); rc = gpgsm_agent_istrusted (subject_cert);
if (!rc) if (!rc)
; ;
else if (rc == GNUPG_Not_Trusted) else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
{ {
int rc2; int rc2;
@ -590,7 +595,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (depth > maxdepth) if (depth > maxdepth)
{ {
log_error (_("certificate chain too long\n")); log_error (_("certificate chain too long\n"));
rc = GNUPG_Bad_Certificate_Chain; rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave; goto leave;
} }
@ -607,7 +612,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
} }
else else
log_error ("failed to find issuer's certificate: rc=%d\n", rc); log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate; rc = gpg_error (GPG_ERR_MISSING_CERT);
goto leave; goto leave;
} }
@ -616,7 +621,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (rc) if (rc)
{ {
log_error ("failed to get cert: rc=%d\n", rc); log_error ("failed to get cert: rc=%d\n", rc);
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
@ -629,7 +634,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
if (gpgsm_check_cert_sig (issuer_cert, subject_cert) ) if (gpgsm_check_cert_sig (issuer_cert, subject_cert) )
{ {
log_error ("certificate has a BAD signatures\n"); log_error ("certificate has a BAD signatures\n");
rc = GNUPG_Bad_Certificate_Chain; rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave; goto leave;
} }
@ -642,7 +647,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
{ {
log_error (_("certificate chain longer than allowed by CA (%d)\n"), log_error (_("certificate chain longer than allowed by CA (%d)\n"),
chainlen); chainlen);
rc = GNUPG_Bad_Certificate_Chain; rc = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave; goto leave;
} }
} }
@ -672,15 +677,15 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
{ /* If we encountered an error somewhere during the checks, set { /* If we encountered an error somewhere during the checks, set
the error code to the most critical one */ the error code to the most critical one */
if (any_revoked) if (any_revoked)
rc = GNUPG_Certificate_Revoked; rc = gpg_error (GPG_ERR_CERT_REVOKED);
else if (any_no_crl) else if (any_no_crl)
rc = GNUPG_No_CRL_Known; rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else if (any_crl_too_old) else if (any_crl_too_old)
rc = GNUPG_CRL_Too_Old; rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
else if (any_no_policy_match) else if (any_no_policy_match)
rc = GNUPG_No_Policy_Match; rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
else if (any_expired) else if (any_expired)
rc = GNUPG_Certificate_Expired; rc = gpg_error (GPG_ERR_CERT_EXPIRED);
} }
leave: leave:
@ -717,7 +722,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (!kh) if (!kh)
{ {
log_error (_("failed to allocated keyDB handle\n")); log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
@ -726,7 +731,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (!issuer) if (!issuer)
{ {
log_error ("no issuer found in certificate\n"); log_error ("no issuer found in certificate\n");
rc = GNUPG_Bad_Certificate; rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
@ -735,7 +740,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (gpgsm_check_cert_sig (cert, cert) ) if (gpgsm_check_cert_sig (cert, cert) )
{ {
log_error ("selfsigned certificate has a BAD signatures\n"); log_error ("selfsigned certificate has a BAD signatures\n");
rc = GNUPG_Bad_Certificate; rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
} }
@ -754,7 +759,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
} }
else else
log_error ("failed to find issuer's certificate: rc=%d\n", rc); log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate; rc = gpg_error (GPG_ERR_MISSING_CERT);
goto leave; goto leave;
} }
@ -763,14 +768,14 @@ gpgsm_basic_cert_check (KsbaCert cert)
if (rc) if (rc)
{ {
log_error ("failed to get cert: rc=%d\n", rc); log_error ("failed to get cert: rc=%d\n", rc);
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
if (gpgsm_check_cert_sig (issuer_cert, cert) ) if (gpgsm_check_cert_sig (issuer_cert, cert) )
{ {
log_error ("certificate has a BAD signatures\n"); log_error ("certificate has a BAD signatures\n");
rc = GNUPG_Bad_Certificate; rc = gpg_error (GPG_ERR_BAD_CERT);
goto leave; goto leave;
} }
if (opt.verbose) if (opt.verbose)

22
sm/certcheck.c
View File

@ -1,5 +1,5 @@
/* certcheck.c - check one certificate /* certcheck.c - check one certificate
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -50,7 +50,7 @@ do_encode_md (GCRY_MD_HD md, int algo, unsigned int nbits,
if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen)) if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
{ {
log_error ("No object identifier for algo %d\n", algo); log_error ("No object identifier for algo %d\n", algo);
return GNUPG_Internal_Error; return gpg_error (GPG_ERR_INTERNAL);
} }
len = gcry_md_get_algo_dlen (algo); len = gcry_md_get_algo_dlen (algo);
@ -59,7 +59,7 @@ do_encode_md (GCRY_MD_HD md, int algo, unsigned int nbits,
{ {
log_error ("can't encode a %d bit MD into a %d bits frame\n", log_error ("can't encode a %d bit MD into a %d bits frame\n",
(int)(len*8), (int)nbits); (int)(len*8), (int)nbits);
return GNUPG_Internal_Error; return gpg_error (GPG_ERR_INTERNAL);
} }
/* We encode the MD in this way: /* We encode the MD in this way:
@ -70,7 +70,7 @@ do_encode_md (GCRY_MD_HD md, int algo, unsigned int nbits,
*/ */
frame = xtrymalloc (nframe); frame = xtrymalloc (nframe);
if (!frame) if (!frame)
return GNUPG_Out_Of_Core; return OUT_OF_CORE (errno);
n = 0; n = 0;
frame[n++] = 0; frame[n++] = 0;
frame[n++] = 1; /* block type */ frame[n++] = 1; /* block type */
@ -115,13 +115,13 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
if (!algo) if (!algo)
{ {
log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?"); log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
return GNUPG_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
md = gcry_md_open (algo, 0); md = gcry_md_open (algo, 0);
if (!md) if (!md)
{ {
log_error ("md_open failed: %s\n", gcry_strerror (-1)); log_error ("md_open failed: %s\n", gcry_strerror (-1));
return GNUPG_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
if (DBG_HASHING) if (DBG_HASHING)
gcry_md_start_debug (md, "hash.cert"); gcry_md_start_debug (md, "hash.cert");
@ -142,7 +142,7 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
log_error ("libksba did not return a proper S-Exp\n"); log_error ("libksba did not return a proper S-Exp\n");
gcry_md_close (md); gcry_md_close (md);
ksba_free (p); ksba_free (p);
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
} }
if (DBG_X509) if (DBG_X509)
{ {
@ -170,7 +170,7 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
gcry_md_close (md); gcry_md_close (md);
ksba_free (p); ksba_free (p);
gcry_sexp_release (s_sig); gcry_sexp_release (s_sig);
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
} }
rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n); rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
ksba_free (p); ksba_free (p);
@ -223,7 +223,7 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
if (!n) if (!n)
{ {
log_error ("libksba did not return a proper S-Exp\n"); log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
} }
rc = gcry_sexp_sscan (&s_sig, NULL, sigval, n); rc = gcry_sexp_sscan (&s_sig, NULL, sigval, n);
if (rc) if (rc)
@ -239,7 +239,7 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
log_error ("libksba did not return a proper S-Exp\n"); log_error ("libksba did not return a proper S-Exp\n");
ksba_free (p); ksba_free (p);
gcry_sexp_release (s_sig); gcry_sexp_release (s_sig);
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
} }
if (DBG_X509) if (DBG_X509)
log_printhex ("public key: ", p, n); log_printhex ("public key: ", p, n);
@ -287,7 +287,7 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
grip = gpgsm_get_keygrip_hexstring (cert); grip = gpgsm_get_keygrip_hexstring (cert);
if (!grip) if (!grip)
return seterr (Bad_Certificate); return gpg_error (GPG_ERR_BAD_CERT);
rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo), rc = gpgsm_agent_pksign (grip, gcry_md_read(md, mdalgo),
gcry_md_get_algo_dlen (mdalgo), mdalgo, gcry_md_get_algo_dlen (mdalgo), mdalgo,

32
sm/certlist.c
View File

@ -1,5 +1,5 @@
/* certlist.c - build list of certificates /* certlist.c - build list of certificates
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -65,7 +65,7 @@ cert_usage_p (KsbaCert cert, int mode)
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN))) if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
return 0; return 0;
log_info ( _("certificate should have not been used certification\n")); log_info ( _("certificate should have not been used certification\n"));
return GNUPG_Wrong_Key_Usage; return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
} }
if ((use & ((mode&1)? if ((use & ((mode&1)?
@ -77,7 +77,7 @@ cert_usage_p (KsbaCert cert, int mode)
mode==2? _("certificate should have not been used for signing\n"): mode==2? _("certificate should have not been used for signing\n"):
mode==1? _("certificate is not usable for encryption\n"): mode==1? _("certificate is not usable for encryption\n"):
_("certificate is not usable for signing\n")); _("certificate is not usable for signing\n"));
return GNUPG_Wrong_Key_Usage; return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
} }
@ -150,7 +150,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{ {
kh = keydb_new (0); kh = keydb_new (0);
if (!kh) if (!kh)
rc = GNUPG_Out_Of_Core; rc = gpg_error (GPG_ERR_ENOMEM);
else else
{ {
int wrong_usage = 0; int wrong_usage = 0;
@ -165,7 +165,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{ {
rc = secret? gpgsm_cert_use_sign_p (cert) rc = secret? gpgsm_cert_use_sign_p (cert)
: gpgsm_cert_use_encrypt_p (cert); : gpgsm_cert_use_encrypt_p (cert);
if (rc == GNUPG_Wrong_Key_Usage) if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE)
{ {
/* There might be another certificate with the /* There might be another certificate with the
correct usage, so we try again */ correct usage, so we try again */
@ -209,14 +209,16 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
if (!keydb_get_cert (kh, &cert2)) if (!keydb_get_cert (kh, &cert2))
{ {
int tmp = (same_subject_issuer (subject, issuer, cert2) int tmp = (same_subject_issuer (subject, issuer, cert2)
&& ((secret? gpgsm_cert_use_sign_p (cert2): && ((gpg_err_code (
gpgsm_cert_use_encrypt_p (cert2)) secret? gpgsm_cert_use_sign_p (cert2)
== GNUPG_Wrong_Key_Usage)); : gpgsm_cert_use_encrypt_p (cert2)
)
) == GPG_ERR_WRONG_KEY_USAGE));
ksba_cert_release (cert2); ksba_cert_release (cert2);
if (tmp) if (tmp)
goto next_ambigious; goto next_ambigious;
} }
rc = GNUPG_Ambiguous_Name; rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
} }
} }
xfree (subject); xfree (subject);
@ -226,7 +228,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{ {
char *p; char *p;
rc = GNUPG_No_Secret_Key; rc = gpg_error (GPG_ERR_NO_SECKEY);
p = gpgsm_get_keygrip_hexstring (cert); p = gpgsm_get_keygrip_hexstring (cert);
if (p) if (p)
{ {
@ -241,7 +243,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
{ {
CERTLIST cl = xtrycalloc (1, sizeof *cl); CERTLIST cl = xtrycalloc (1, sizeof *cl);
if (!cl) if (!cl)
rc = GNUPG_Out_Of_Core; rc = OUT_OF_CORE (errno);
else else
{ {
cl->cert = cert; cert = NULL; cl->cert = cert; cert = NULL;
@ -254,7 +256,7 @@ gpgsm_add_to_certlist (CTRL ctrl, const char *name, int secret,
keydb_release (kh); keydb_release (kh);
ksba_cert_release (cert); ksba_cert_release (cert);
return rc == -1? GNUPG_No_Public_Key: rc; return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
} }
void void
@ -285,7 +287,7 @@ gpgsm_find_cert (const char *name, KsbaCert *r_cert)
{ {
kh = keydb_new (0); kh = keydb_new (0);
if (!kh) if (!kh)
rc = GNUPG_Out_Of_Core; rc = gpg_error (GPG_ERR_ENOMEM);
else else
{ {
rc = keydb_search (kh, &desc, 1); rc = keydb_search (kh, &desc, 1);
@ -299,7 +301,7 @@ gpgsm_find_cert (const char *name, KsbaCert *r_cert)
else else
{ {
if (!rc) if (!rc)
rc = GNUPG_Ambiguous_Name; rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
ksba_cert_release (*r_cert); ksba_cert_release (*r_cert);
*r_cert = NULL; *r_cert = NULL;
} }
@ -308,6 +310,6 @@ gpgsm_find_cert (const char *name, KsbaCert *r_cert)
} }
keydb_release (kh); keydb_release (kh);
return rc == -1? GNUPG_No_Public_Key: rc; return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
} }

32
sm/certreqgen.c
View File

@ -1,5 +1,5 @@
/* certreqgen.c - Generate a key and a certification request /* certreqgen.c - Generate a key and a certification request
* Copyright (C) 2002 Free Software Foundation, Inc. * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -366,12 +366,12 @@ read_parameters (FILE *fp, KsbaWriter writer)
if (err) if (err)
{ {
log_error ("line %d: %s\n", outctrl.lnr, err); log_error ("line %d: %s\n", outctrl.lnr, err);
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
} }
else if (ferror(fp)) else if (ferror(fp))
{ {
log_error ("line %d: read error: %s\n", outctrl.lnr, strerror(errno) ); log_error ("line %d: read error: %s\n", outctrl.lnr, strerror(errno) );
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
} }
else if (para) else if (para)
{ {
@ -382,7 +382,7 @@ read_parameters (FILE *fp, KsbaWriter writer)
} }
if (!rc && !any) if (!rc && !any)
rc = GNUPG_No_Data; rc = gpg_error (GPG_ERR_NO_DATA);
leave: leave:
release_parameter_list (para); release_parameter_list (para);
@ -436,7 +436,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{ {
r = get_parameter (para, pKEYTYPE); r = get_parameter (para, pKEYTYPE);
log_error ("line %d: invalid algorithm\n", r->lnr); log_error ("line %d: invalid algorithm\n", r->lnr);
return GNUPG_Invalid_Parameter; return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* check the keylength */ /* check the keylength */
@ -449,12 +449,12 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
r = get_parameter (para, pKEYTYPE); r = get_parameter (para, pKEYTYPE);
log_error ("line %d: invalid key length %u (valid are 512 to 4096)\n", log_error ("line %d: invalid key length %u (valid are 512 to 4096)\n",
r->lnr, nbits); r->lnr, nbits);
return GNUPG_Invalid_Parameter; return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* check the usage */ /* check the usage */
if (parse_parameter_usage (para, pKEYUSAGE)) if (parse_parameter_usage (para, pKEYUSAGE))
return GNUPG_Invalid_Parameter; return gpg_error (GPG_ERR_INV_PARAMETER);
/* check that there is a subject name and that this DN fits our /* check that there is a subject name and that this DN fits our
requirements */ requirements */
@ -462,7 +462,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{ {
r = get_parameter (para, pKEYTYPE); r = get_parameter (para, pKEYTYPE);
log_error ("line %d: no subject name given\n", r->lnr); log_error ("line %d: no subject name given\n", r->lnr);
return GNUPG_Invalid_Parameter; return gpg_error (GPG_ERR_INV_PARAMETER);
} }
/* fixme check s */ /* fixme check s */
@ -477,7 +477,7 @@ proc_parameters (struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
{ {
r = get_parameter (para, pKEYTYPE); r = get_parameter (para, pKEYTYPE);
log_error ("line %d: not a valid email address\n", r->lnr); log_error ("line %d: not a valid email address\n", r->lnr);
return GNUPG_Invalid_Parameter; return gpg_error (GPG_ERR_INV_PARAMETER);
} }
} }
@ -515,7 +515,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
cr = ksba_certreq_new (); cr = ksba_certreq_new ();
if (!cr) if (!cr)
return seterr (Out_Of_Core); return gpg_error (GPG_ERR_ENOMEM);
md = gcry_md_open (GCRY_MD_SHA1, 0); md = gcry_md_open (GCRY_MD_SHA1, 0);
if (!md) if (!md)
@ -542,11 +542,12 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
s = get_parameter_value (para, pNAMEEMAIL); s = get_parameter_value (para, pNAMEEMAIL);
if (s) if (s)
{ {
char *buf = xtrymalloc (strlen (s) + 3); char *buf;
buf = xtrymalloc (strlen (s) + 3);
if (!buf) if (!buf)
{ {
rc = GNUPG_Out_Of_Core; rc = OUT_OF_CORE (errno);
goto leave; goto leave;
} }
*buf = '<'; *buf = '<';
@ -594,7 +595,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
if (!n) if (!n)
{ {
log_error ("libksba did not return a proper S-Exp\n"); log_error ("libksba did not return a proper S-Exp\n");
err = GNUPG_Bug; err = gpg_error (GPG_ERR_BUG);
goto leave; goto leave;
} }
rc = gcry_sexp_sscan (&s_pkey, NULL, public, n); rc = gcry_sexp_sscan (&s_pkey, NULL, public, n);
@ -606,7 +607,7 @@ create_request (struct para_data_s *para, KsbaConstSexp public,
} }
if ( !gcry_pk_get_keygrip (s_pkey, grip) ) if ( !gcry_pk_get_keygrip (s_pkey, grip) )
{ {
rc = seterr (General_Error); rc = gpg_error (GPG_ERR_GENERAL);
log_error ("can't figure out the keygrip\n"); log_error ("can't figure out the keygrip\n");
gcry_sexp_release (s_pkey); gcry_sexp_release (s_pkey);
goto leave; goto leave;
@ -661,8 +662,9 @@ gpgsm_genkey (CTRL ctrl, int in_fd, FILE *out_fp)
in_fp = fdopen (dup (in_fd), "rb"); in_fp = fdopen (dup (in_fd), "rb");
if (!in_fp) if (!in_fp)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno)); log_error ("fdopen() failed: %s\n", strerror (errno));
return seterr (IO_Error); return tmperr;
} }
ctrl->pem_name = "NEW CERTIFICATE REQUEST"; ctrl->pem_name = "NEW CERTIFICATE REQUEST";

24
sm/decrypt.c
View File

@ -1,5 +1,5 @@
/* decrypt.c - Decrypt a message /* decrypt.c - Decrypt a message
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -82,7 +82,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
{ {
if (n + 7 > seskeylen ) if (n + 7 > seskeylen )
{ {
rc = seterr (Invalid_Session_Key); rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
goto leave; goto leave;
} }
@ -96,7 +96,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
if (seskey[n] != 2 ) /* wrong block type version */ if (seskey[n] != 2 ) /* wrong block type version */
{ {
rc = seterr (Invalid_Session_Key); rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
goto leave; goto leave;
} }
@ -105,7 +105,7 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
n++; /* and the zero byte */ n++; /* and the zero byte */
if (n >= seskeylen ) if (n >= seskeylen )
{ {
rc = seterr (Invalid_Session_Key); rc = gpg_error (GPG_ERR_INV_SESSION_KEY);
goto leave; goto leave;
} }
} }
@ -261,7 +261,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (!kh) if (!kh)
{ {
log_error (_("failed to allocated keyDB handle\n")); log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
@ -269,8 +269,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
in_fp = fdopen ( dup (in_fd), "rb"); in_fp = fdopen ( dup (in_fd), "rb");
if (!in_fp) if (!in_fp)
{ {
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno)); log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave; goto leave;
} }
@ -291,7 +291,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
cms = ksba_cms_new (); cms = ksba_cms_new ();
if (!cms) if (!cms)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -327,7 +327,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
mode = gcry_cipher_mode_from_oid (algoid); mode = gcry_cipher_mode_from_oid (algoid);
if (!algo || !mode) if (!algo || !mode)
{ {
rc = GNUPG_Unsupported_Algorithm; rc = gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
log_error ("unsupported algorithm `%s'\n", algoid? algoid:"?"); log_error ("unsupported algorithm `%s'\n", algoid? algoid:"?");
if (algoid && !strcmp (algoid, "1.2.840.113549.3.2")) if (algoid && !strcmp (algoid, "1.2.840.113549.3.2"))
log_info (_("(this is the RC2 algorithm)\n")); log_info (_("(this is the RC2 algorithm)\n"));
@ -342,7 +342,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
dfparm.mode = mode; dfparm.mode = mode;
dfparm.blklen = gcry_cipher_get_algo_blklen (algo); dfparm.blklen = gcry_cipher_get_algo_blklen (algo);
if (dfparm.blklen > sizeof (dfparm.helpblock)) if (dfparm.blklen > sizeof (dfparm.helpblock))
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
rc = ksba_cms_get_content_enc_iv (cms, rc = ksba_cms_get_content_enc_iv (cms,
dfparm.iv, dfparm.iv,
@ -437,7 +437,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
} }
if (!any_key) if (!any_key)
{ {
rc = GNUPG_No_Secret_Key; rc = gpg_error (GPG_ERR_NO_SECKEY);
goto leave; goto leave;
} }
} }
@ -450,7 +450,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (!npadding || npadding > dfparm.blklen) if (!npadding || npadding > dfparm.blklen)
{ {
log_error ("invalid padding with value %d\n", npadding); log_error ("invalid padding with value %d\n", npadding);
rc = seterr (Invalid_Data); rc = gpg_error (GPG_ERR_INVALID_DATA);
goto leave; goto leave;
} }
rc = ksba_writer_write (writer, rc = ksba_writer_write (writer,
@ -466,7 +466,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
if (dfparm.lastblock[i] != npadding) if (dfparm.lastblock[i] != npadding)
{ {
log_error ("inconsistent padding\n"); log_error ("inconsistent padding\n");
rc = seterr (Invalid_Data); rc = gpg_error (GPG_ERR_INVALID_DATA);
goto leave; goto leave;
} }
} }

6
sm/delete.c
View File

@ -92,13 +92,13 @@ delete_one (CTRL ctrl, const char *username)
goto next_ambigious; goto next_ambigious;
} }
} }
rc = GNUPG_Ambiguous_Name; rc = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
} }
} }
if (rc) if (rc)
{ {
if (rc == -1) if (rc == -1)
rc = GNUPG_No_Public_Key; rc = gpg_error (GPG_ERR_NO_PUBKEY);
log_error (_("certificate `%s' not found: %s\n"), log_error (_("certificate `%s' not found: %s\n"),
username, gnupg_strerror (rc)); username, gnupg_strerror (rc));
gpgsm_status2 (ctrl, STATUS_DELETE_PROBLEM, "3", NULL); gpgsm_status2 (ctrl, STATUS_DELETE_PROBLEM, "3", NULL);
@ -147,7 +147,7 @@ gpgsm_delete (CTRL ctrl, STRLIST names)
if (!names) if (!names)
{ {
log_error ("nothing to delete\n"); log_error ("nothing to delete\n");
return GNUPG_No_Data; return gpg_error (GPG_ERR_NO_DATA);
} }
for (; names; names=names->next ) for (; names; names=names->next )

35
sm/encrypt.c
View File

@ -1,5 +1,5 @@
/* encrypt.c - Encrypt a message /* encrypt.c - Encrypt a message
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -72,28 +72,28 @@ init_dek (DEK dek)
if (!dek->algo || !mode) if (!dek->algo || !mode)
{ {
log_error ("unsupported algorithm `%s'\n", dek->algoid); log_error ("unsupported algorithm `%s'\n", dek->algoid);
return GNUPG_Unsupported_Algorithm; return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
} }
dek->keylen = gcry_cipher_get_algo_keylen (dek->algo); dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
if (!dek->keylen || dek->keylen > sizeof (dek->key)) if (!dek->keylen || dek->keylen > sizeof (dek->key))
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
dek->ivlen = gcry_cipher_get_algo_blklen (dek->algo); dek->ivlen = gcry_cipher_get_algo_blklen (dek->algo);
if (!dek->ivlen || dek->ivlen > sizeof (dek->iv)) if (!dek->ivlen || dek->ivlen > sizeof (dek->iv))
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
if (dek->keylen < 100/8) if (dek->keylen < 100/8)
{ /* make sure we don't use weak keys */ { /* make sure we don't use weak keys */
log_error ("key length of `%s' too small\n", dek->algoid); log_error ("key length of `%s' too small\n", dek->algoid);
return GNUPG_Unsupported_Algorithm; return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
} }
dek->chd = gcry_cipher_open (dek->algo, mode, GCRY_CIPHER_SECURE); dek->chd = gcry_cipher_open (dek->algo, mode, GCRY_CIPHER_SECURE);
if (!dek->chd) if (!dek->chd)
{ {
log_error ("failed to create cipher context: %s\n", gcry_strerror (-1)); log_error ("failed to create cipher context: %s\n", gcry_strerror (-1));
return GNUPG_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
for (i=0; i < 8; i++) for (i=0; i < 8; i++)
@ -218,13 +218,13 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
if (!buf) if (!buf)
{ {
log_error ("no public key for recipient\n"); log_error ("no public key for recipient\n");
return GNUPG_No_Public_Key; return gpg_error (GPG_ERR_NO_PUBKEY);
} }
len = gcry_sexp_canon_len (buf, 0, NULL, NULL); len = gcry_sexp_canon_len (buf, 0, NULL, NULL);
if (!len) if (!len)
{ {
log_error ("libksba did not return a proper S-Exp\n"); log_error ("libksba did not return a proper S-Exp\n");
return GNUPG_Bug; return gpg_error (GPG_ERR_BUG);
} }
rc = gcry_sexp_sscan (&s_pkey, NULL, buf, len); rc = gcry_sexp_sscan (&s_pkey, NULL, buf, len);
xfree (buf); buf = NULL; xfree (buf); buf = NULL;
@ -241,7 +241,7 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
if (!data) if (!data)
{ {
gcry_mpi_release (data); gcry_mpi_release (data);
return GNUPG_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
if (gcry_sexp_build (&s_data, NULL, "%m", data)) if (gcry_sexp_build (&s_data, NULL, "%m", data))
BUG (); BUG ();
@ -259,8 +259,9 @@ encrypt_dek (const DEK dek, KsbaCert cert, char **encval)
buf = xtrymalloc (len); buf = xtrymalloc (len);
if (!buf) if (!buf)
{ {
gpg_error_t tmperr = OUT_OF_CORE (errno);
gcry_sexp_release (s_ciph); gcry_sexp_release (s_ciph);
return GNUPG_Out_Of_Core; return tmperr;
} }
len = gcry_sexp_sprint (s_ciph, GCRYSEXP_FMT_CANON, buf, len); len = gcry_sexp_sprint (s_ciph, GCRYSEXP_FMT_CANON, buf, len);
assert (len); assert (len);
@ -367,7 +368,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
{ {
log_error(_("no valid recipients given\n")); log_error(_("no valid recipients given\n"));
gpgsm_status (ctrl, STATUS_NO_RECP, "0"); gpgsm_status (ctrl, STATUS_NO_RECP, "0");
rc = GNUPG_No_Public_Key; rc = gpg_error (GPG_ERR_NO_PUBKEY);
goto leave; goto leave;
} }
@ -375,15 +376,15 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
if (!kh) if (!kh)
{ {
log_error (_("failed to allocated keyDB handle\n")); log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
data_fp = fdopen ( dup (data_fd), "rb"); data_fp = fdopen ( dup (data_fd), "rb");
if (!data_fp) if (!data_fp)
{ {
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno)); log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave; goto leave;
} }
@ -410,7 +411,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
cms = ksba_cms_new (); cms = ksba_cms_new ();
if (!cms) if (!cms)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -439,7 +440,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
/* create a session key */ /* create a session key */
dek = xtrycalloc (1, sizeof *dek); /* hmmm: should we put it into secmem?*/ dek = xtrycalloc (1, sizeof *dek); /* hmmm: should we put it into secmem?*/
if (!dek) if (!dek)
rc = GNUPG_Out_Of_Core; rc = OUT_OF_CORE (errno);
else else
{ {
dek->algoid = opt.def_cipher_algoid; dek->algoid = opt.def_cipher_algoid;
@ -467,7 +468,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
encparm.buffer = xtrymalloc (encparm.bufsize); encparm.buffer = xtrymalloc (encparm.bufsize);
if (!encparm.buffer) if (!encparm.buffer)
{ {
rc = seterr (Out_Of_Core); rc = OUT_OF_CORE (errno);
goto leave; goto leave;
} }
@ -523,7 +524,7 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
if (encparm.readerror) if (encparm.readerror)
{ {
log_error ("error reading input: %s\n", strerror (encparm.readerror)); log_error ("error reading input: %s\n", strerror (encparm.readerror));
rc = seterr (Read_Error); rc = gpg_error (gpg_err_code_from_errno (encparm.readerror));
goto leave; goto leave;
} }

5
sm/export.c
View File

@ -1,5 +1,5 @@
/* export.c /* export.c
* Copyright (C) 2002 Free Software Foundation, Inc. * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -70,7 +70,8 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
desc = xtrycalloc (ndesc, sizeof *desc); desc = xtrycalloc (ndesc, sizeof *desc);
if (!ndesc) if (!ndesc)
{ {
log_error ("%s\n", gnupg_strerror (GNUPG_Out_Of_Core)); log_error ("allocating memory for export failed: %s\n",
gpg_strerror (OUT_OF_CORE (errno)));
goto leave; goto leave;
} }

2
sm/fingerprint.c
View File

@ -171,7 +171,7 @@ gpgsm_get_keygrip (KsbaCert cert, char *array)
gcry_sexp_release (s_pkey); gcry_sexp_release (s_pkey);
if (!array) if (!array)
{ {
rc = seterr (General_Error); rc = gpg_error (GPG_ERR_GENERAL);
log_error ("can't calculate keygrip\n"); log_error ("can't calculate keygrip\n");
return NULL; return NULL;
} }

45
sm/gpgsm.c
View File

@ -1,5 +1,5 @@
/* gpgsm.c - GnuPG for S/MIME /* gpgsm.c - GnuPG for S/MIME
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -28,8 +28,9 @@
#include <fcntl.h> #include <fcntl.h>
#include <gcrypt.h> #include <gcrypt.h>
#include <assuan.h> /* malloc hooks */
#include "gpgsm.h" #include "gpgsm.h"
#include "../assuan/assuan.h" /* malloc hooks */
#include "../kbx/keybox.h" /* malloc hooks */ #include "../kbx/keybox.h" /* malloc hooks */
#include "i18n.h" #include "i18n.h"
#include "keydb.h" #include "keydb.h"
@ -1096,16 +1097,16 @@ main ( int argc, char **argv)
log_error (_("can't sign using `%s': %s\n"), log_error (_("can't sign using `%s': %s\n"),
sl->d, gnupg_strerror (rc)); sl->d, gnupg_strerror (rc));
gpgsm_status2 (&ctrl, STATUS_INV_RECP, gpgsm_status2 (&ctrl, STATUS_INV_RECP,
rc == -1? "1": gpg_err_code (rc) == -1? "1":
rc == GNUPG_No_Public_Key? "1": gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
rc == GNUPG_Ambiguous_Name? "2": gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
rc == GNUPG_Wrong_Key_Usage? "3": gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
rc == GNUPG_Certificate_Revoked? "4": gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
rc == GNUPG_Certificate_Expired? "5": gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
rc == GNUPG_No_CRL_Known? "6": gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
rc == GNUPG_CRL_Too_Old? "7": gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
rc == GNUPG_No_Policy_Match? "8": gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
rc == GNUPG_No_Secret_Key? "9": gpg_err_code (rc) == GPG_ERR_NO_SECKEY? "9":
"0", "0",
sl->d, NULL); sl->d, NULL);
} }
@ -1118,15 +1119,15 @@ main ( int argc, char **argv)
log_error (_("can't encrypt to `%s': %s\n"), log_error (_("can't encrypt to `%s': %s\n"),
sl->d, gnupg_strerror (rc)); sl->d, gnupg_strerror (rc));
gpgsm_status2 (&ctrl, STATUS_INV_RECP, gpgsm_status2 (&ctrl, STATUS_INV_RECP,
rc == -1? "1": gpg_err_code (rc) == -1? "1":
rc == GNUPG_No_Public_Key? "1": gpg_err_code (rc) == GPG_ERR_NO_PUBKEY? "1":
rc == GNUPG_Ambiguous_Name? "2": gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME? "2":
rc == GNUPG_Wrong_Key_Usage? "3": gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
rc == GNUPG_Certificate_Revoked? "4": gpg_err_code (rc) == GPG_ERR_CERT_REVOKED? "4":
rc == GNUPG_Certificate_Expired? "5": gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED? "5":
rc == GNUPG_No_CRL_Known? "6": gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN? "6":
rc == GNUPG_CRL_Too_Old? "7": gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD? "7":
rc == GNUPG_No_Policy_Match? "8": gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
"0", "0",
sl->d, NULL); sl->d, NULL);
} }
@ -1306,7 +1307,7 @@ main ( int argc, char **argv)
if (rc) if (rc)
; ;
else if (!(grip = gpgsm_get_keygrip_hexstring (cert))) else if (!(grip = gpgsm_get_keygrip_hexstring (cert)))
rc = GNUPG_Bug; rc = gpg_error (GPG_ERR_BUG);
else else
rc = gpgsm_agent_passwd (grip); rc = gpgsm_agent_passwd (grip);
if (rc) if (rc)

10
sm/gpgsm.h
View File

@ -1,5 +1,5 @@
/* gpgsm.h - Global definitions for GpgSM /* gpgsm.h - Global definitions for GpgSM
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -21,10 +21,18 @@
#ifndef GPGSM_H #ifndef GPGSM_H
#define GPGSM_H #define GPGSM_H
#ifdef GPG_ERR_SOURCE_DEFAULT
#error GPG_ERR_SOURCE_DEFAULT already defined
#endif
#define GPG_ERR_SOURCE_DEFAULT GPG_ERR_SOURCE_GPGSM
#include <gpg-error.h>
#include <ksba.h> #include <ksba.h>
#include "../common/util.h" #include "../common/util.h"
#include "../common/errors.h" #include "../common/errors.h"
#define OUT_OF_CORE(a) (gpg_error (gpg_err_code_from_errno ((a))))
#define MAX_DIGEST_LEN 24 #define MAX_DIGEST_LEN 24
/* A large struct name "opt" to keep global flags */ /* A large struct name "opt" to keep global flags */

14
sm/import.c
View File

@ -1,5 +1,5 @@
/* import.c - Import certificates /* import.c - Import certificates
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -181,8 +181,8 @@ check_and_store (CTRL ctrl, struct stats_s *stats, KsbaCert cert, int depth)
log_error (_("basic certificate checks failed - not imported\n")); log_error (_("basic certificate checks failed - not imported\n"));
stats->not_imported++; stats->not_imported++;
print_import_problem (ctrl, cert, print_import_problem (ctrl, cert,
rc == GNUPG_Missing_Certificate? 2 : gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
rc == GNUPG_Bad_Certificate? 1 : 0); gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
} }
} }
@ -203,8 +203,8 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
fp = fdopen ( dup (in_fd), "rb"); fp = fdopen ( dup (in_fd), "rb");
if (!fp) if (!fp)
{ {
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno)); log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave; goto leave;
} }
@ -224,7 +224,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
cms = ksba_cms_new (); cms = ksba_cms_new ();
if (!cms) if (!cms)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -268,7 +268,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
cert = ksba_cert_new (); cert = ksba_cert_new ();
if (!cert) if (!cert)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -284,7 +284,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
else else
{ {
log_error ("can't extract certificates from input\n"); log_error ("can't extract certificates from input\n");
rc = GNUPG_No_Data; rc = gpg_error (GPG_ERR_NO_DATA);
} }
leave: leave:

50
sm/keydb.c
View File

@ -1,5 +1,5 @@
/* keydb.c - key database dispatcher /* keydb.c - key database dispatcher
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -103,7 +103,7 @@ keydb_add_resource (const char *url, int force, int secret)
else if (strchr (resname, ':')) else if (strchr (resname, ':'))
{ {
log_error ("invalid key resource URL `%s'\n", url ); log_error ("invalid key resource URL `%s'\n", url );
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
#endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */ #endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
@ -150,14 +150,14 @@ keydb_add_resource (const char *url, int force, int secret)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
log_error ("unknown type of key resource `%s'\n", url ); log_error ("unknown type of key resource `%s'\n", url );
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
case KEYDB_RESOURCE_TYPE_KEYBOX: case KEYDB_RESOURCE_TYPE_KEYBOX:
fp = fopen (filename, "rb"); fp = fopen (filename, "rb");
if (!fp && !force) if (!fp && !force)
{ {
rc = GNUPG_File_Open_Error; rc = gpg_error (gpg_err_code_from_errno (errno));
goto leave; goto leave;
} }
@ -175,7 +175,7 @@ keydb_add_resource (const char *url, int force, int secret)
terminated, so that on the next invocation can terminated, so that on the next invocation can
read the options file in on startup */ read the options file in on startup */
try_make_homedir (filename); try_make_homedir (filename);
rc = GNUPG_File_Open_Error; rc = gpg_error (GPG_ERR_FILE_OPEN_ERROR);
*last_slash_in_filename = DIRSEP_C; *last_slash_in_filename = DIRSEP_C;
goto leave; goto leave;
} }
@ -185,9 +185,9 @@ keydb_add_resource (const char *url, int force, int secret)
fp = fopen (filename, "w"); fp = fopen (filename, "w");
if (!fp) if (!fp)
{ {
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error (_("error creating keybox `%s': %s\n"), log_error (_("error creating keybox `%s': %s\n"),
filename, strerror(errno)); filename, strerror(errno));
rc = GNUPG_File_Create_Error;
goto leave; goto leave;
} }
@ -204,7 +204,7 @@ keydb_add_resource (const char *url, int force, int secret)
if (!token) if (!token)
; /* already registered - ignore it */ ; /* already registered - ignore it */
else if (used_resources >= MAX_KEYDB_RESOURCES) else if (used_resources >= MAX_KEYDB_RESOURCES)
rc = GNUPG_Resource_Limit; rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
else else
{ {
all_resources[used_resources].type = rt; all_resources[used_resources].type = rt;
@ -223,7 +223,7 @@ keydb_add_resource (const char *url, int force, int secret)
break; break;
default: default:
log_error ("resource type of `%s' not supported\n", url); log_error ("resource type of `%s' not supported\n", url);
rc = GNUPG_Not_Supported; rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave; goto leave;
} }
@ -562,7 +562,7 @@ keydb_get_cert (KEYDB_HANDLE hd, KsbaCert *r_cert)
int rc = 0; int rc = 0;
if (!hd) if (!hd)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
@ -570,7 +570,7 @@ keydb_get_cert (KEYDB_HANDLE hd, KsbaCert *r_cert)
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error; /* oops */ rc = gpg_error (GPG_ERR_GENERAL); /* oops */
break; break;
case KEYDB_RESOURCE_TYPE_KEYBOX: case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert); rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
@ -591,7 +591,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, KsbaCert cert)
char digest[20]; char digest[20];
if (!hd) if (!hd)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
if (opt.dry_run) if (opt.dry_run)
return 0; return 0;
@ -601,7 +601,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, KsbaCert cert)
else if ( hd->current >= 0 && hd->current < hd->used) else if ( hd->current >= 0 && hd->current < hd->used)
idx = hd->current; idx = hd->current;
else else
return GNUPG_General_Error; return gpg_error (GPG_ERR_GENERAL);
rc = lock_all (hd); rc = lock_all (hd);
if (rc) if (rc)
@ -612,7 +612,7 @@ keydb_insert_cert (KEYDB_HANDLE hd, KsbaCert cert)
switch (hd->active[idx].type) switch (hd->active[idx].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
break; break;
case KEYDB_RESOURCE_TYPE_KEYBOX: case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest); rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
@ -633,7 +633,7 @@ keydb_update_cert (KEYDB_HANDLE hd, KsbaCert cert)
char digest[20]; char digest[20];
if (!hd) if (!hd)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
@ -650,7 +650,7 @@ keydb_update_cert (KEYDB_HANDLE hd, KsbaCert cert)
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error; /* oops */ rc = gpg_error (GPG_ERR_GENERAL); /* oops */
break; break;
case KEYDB_RESOURCE_TYPE_KEYBOX: case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest); rc = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest);
@ -671,7 +671,7 @@ keydb_delete (KEYDB_HANDLE hd)
int rc = -1; int rc = -1;
if (!hd) if (!hd)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
if ( hd->found < 0 || hd->found >= hd->used) if ( hd->found < 0 || hd->found >= hd->used)
return -1; /* nothing found */ return -1; /* nothing found */
@ -686,7 +686,7 @@ keydb_delete (KEYDB_HANDLE hd)
switch (hd->active[hd->found].type) switch (hd->active[hd->found].type)
{ {
case KEYDB_RESOURCE_TYPE_NONE: case KEYDB_RESOURCE_TYPE_NONE:
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
break; break;
case KEYDB_RESOURCE_TYPE_KEYBOX: case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_delete (hd->active[hd->found].u.kr); rc = keybox_delete (hd->active[hd->found].u.kr);
@ -710,7 +710,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
int rc; int rc;
if (!hd) if (!hd)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
rc = keydb_search_reset (hd); /* this does reset hd->current */ rc = keydb_search_reset (hd); /* this does reset hd->current */
if (rc) if (rc)
@ -770,7 +770,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
int i, rc = 0; int i, rc = 0;
if (!hd) if (!hd)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
hd->current = 0; hd->current = 0;
hd->found = -1; hd->found = -1;
@ -800,7 +800,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
int rc = -1; int rc = -1;
if (!hd) if (!hd)
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
while (rc == -1 && hd->current >= 0 && hd->current < hd->used) while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
{ {
@ -891,12 +891,12 @@ keydb_search_issuer_sn (KEYDB_HANDLE hd,
desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN; desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
s = serial; s = serial;
if (*s !='(') if (*s !='(')
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
s++; s++;
for (desc.snlen = 0; digitp (s); s++) for (desc.snlen = 0; digitp (s); s++)
desc.snlen = 10*desc.snlen + atoi_1 (s); desc.snlen = 10*desc.snlen + atoi_1 (s);
if (*s !=':') if (*s !=':')
return GNUPG_Invalid_Value; return gpg_error (GPG_ERR_INVALID_VALUE);
desc.sn = s+1; desc.sn = s+1;
desc.u.name = issuer; desc.u.name = issuer;
rc = keydb_search (hd, &desc, 1); rc = keydb_search (hd, &desc, 1);
@ -1209,7 +1209,7 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
desc = &dummy_desc; desc = &dummy_desc;
if (!classify_user_id (name, desc, &dummy)) if (!classify_user_id (name, desc, &dummy))
return GNUPG_Invalid_Name; return gpg_error (GPG_ERR_INV_NAME);
return 0; return 0;
} }
@ -1231,14 +1231,14 @@ keydb_store_cert (KsbaCert cert, int ephemeral, int *existed)
if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL)) if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
{ {
log_error (_("failed to get the fingerprint\n")); log_error (_("failed to get the fingerprint\n"));
return GNUPG_General_Error; return gpg_error (GPG_ERR_GENERAL);
} }
kh = keydb_new (0); kh = keydb_new (0);
if (!kh) if (!kh)
{ {
log_error (_("failed to allocate keyDB handle\n")); log_error (_("failed to allocate keyDB handle\n"));
return GNUPG_Out_Of_Core; return gpg_error (GPG_ERR_ENOMEM);;
} }
if (ephemeral) if (ephemeral)

51
sm/server.c
View File

@ -245,18 +245,21 @@ cmd_recipient (ASSUAN_CONTEXT ctx, char *line)
rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist); rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist);
if (rc) if (rc)
gpgsm_status2 (ctrl, STATUS_INV_RECP, {
rc == -1? "1": gpg_err_code_t r = gpg_err_code (rc);
rc == GNUPG_No_Public_Key? "1": gpgsm_status2 (ctrl, STATUS_INV_RECP,
rc == GNUPG_Ambiguous_Name? "2": r == -1? "1":
rc == GNUPG_Wrong_Key_Usage? "3": r == GPG_ERR_NO_PUBKEY? "1":
rc == GNUPG_Certificate_Revoked? "4": r == GPG_ERR_AMBIGUOUS_NAME? "2":
rc == GNUPG_Certificate_Expired? "5": r == GPG_ERR_WRONG_KEY_USAGE? "3":
rc == GNUPG_No_CRL_Known? "6": r == GPG_ERR_CERT_REVOKED? "4":
rc == GNUPG_CRL_Too_Old? "7": r == GPG_ERR_CERT_EXPIRED? "5":
rc == GNUPG_No_Policy_Match? "8": r == GPG_ERR_NO_CRL_KNOWN? "6":
r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8":
"0", "0",
line, NULL); line, NULL);
}
return map_to_assuan_status (rc); return map_to_assuan_status (rc);
} }
@ -285,20 +288,22 @@ cmd_signer (ASSUAN_CONTEXT ctx, char *line)
rc = gpgsm_add_to_certlist (ctrl, line, 1, &ctrl->server_local->signerlist); rc = gpgsm_add_to_certlist (ctrl, line, 1, &ctrl->server_local->signerlist);
if (rc) if (rc)
gpgsm_status2 (ctrl, STATUS_INV_RECP, {
rc == -1? "1": gpg_err_code_t r = gpg_err_code (rc);
rc == GNUPG_No_Public_Key? "1": gpgsm_status2 (ctrl, STATUS_INV_RECP,
rc == GNUPG_Ambiguous_Name? "2": r == -1? "1":
rc == GNUPG_Wrong_Key_Usage? "3": r == GPG_ERR_NO_PUBKEY? "1":
rc == GNUPG_Certificate_Revoked? "4": r == GPG_ERR_AMBIGUOUS_NAME? "2":
rc == GNUPG_Certificate_Expired? "5": r == GPG_ERR_WRONG_KEY_USAGE? "3":
rc == GNUPG_No_CRL_Known? "6": r == GPG_ERR_CERT_REVOKED? "4":
rc == GNUPG_CRL_Too_Old? "7": r == GPG_ERR_CERT_EXPIRED? "5":
rc == GNUPG_No_Policy_Match? "8": r == GPG_ERR_NO_CRL_KNOWN? "6":
rc == GNUPG_No_Secret_Key? "9": r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8":
r == GPG_ERR_NO_SECKEY? "9":
"0", "0",
line, NULL); line, NULL);
}
return map_to_assuan_status (rc); return map_to_assuan_status (rc);
} }

29
sm/sign.c
View File

@ -1,5 +1,5 @@
/* sign.c - Sign a message /* sign.c - Sign a message
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -73,8 +73,9 @@ hash_and_copy_data (int fd, GCRY_MD_HD md, KsbaWriter writer)
fp = fdopen ( dup (fd), "rb"); fp = fdopen ( dup (fd), "rb");
if (!fp) if (!fp)
{ {
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno)); log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
return GNUPG_File_Open_Error; return tmperr;
} }
do do
@ -95,8 +96,8 @@ hash_and_copy_data (int fd, GCRY_MD_HD md, KsbaWriter writer)
while (nread && !rc); while (nread && !rc);
if (ferror (fp)) if (ferror (fp))
{ {
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("read error on fd %d: %s\n", fd, strerror (errno)); log_error ("read error on fd %d: %s\n", fd, strerror (errno));
rc = GNUPG_Read_Error;
} }
fclose (fp); fclose (fp);
if (!any) if (!any)
@ -106,7 +107,7 @@ hash_and_copy_data (int fd, GCRY_MD_HD md, KsbaWriter writer)
already written the tag for data and now expects an octet already written the tag for data and now expects an octet
string but an octet string of zeize 0 is illegal. */ string but an octet string of zeize 0 is illegal. */
log_error ("cannot sign an empty message\n"); log_error ("cannot sign an empty message\n");
rc = GNUPG_No_Data; rc = gpg_error (GPG_ERR_NO_DATA);
} }
if (!rc) if (!rc)
{ {
@ -134,7 +135,7 @@ gpgsm_get_default_cert (KsbaCert *r_cert)
hd = keydb_new (0); hd = keydb_new (0);
if (!hd) if (!hd)
return GNUPG_General_Error; return gpg_error (GPG_ERR_GENERAL);
rc = keydb_search_first (hd); rc = keydb_search_first (hd);
if (rc) if (rc)
{ {
@ -313,7 +314,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (!kh) if (!kh)
{ {
log_error (_("failed to allocated keyDB handle\n")); log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
@ -328,7 +329,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
cms = ksba_cms_new (); cms = ksba_cms_new ();
if (!cms) if (!cms)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -360,13 +361,13 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (!cert) if (!cert)
{ {
log_error ("no default signer found\n"); log_error ("no default signer found\n");
rc = seterr (General_Error); rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
signerlist = xtrycalloc (1, sizeof *signerlist); signerlist = xtrycalloc (1, sizeof *signerlist);
if (!signerlist) if (!signerlist)
{ {
rc = GNUPG_Out_Of_Core; rc = OUT_OF_CORE (errno);
ksba_cert_release (cert); ksba_cert_release (cert);
goto leave; goto leave;
} }
@ -424,7 +425,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (!algo) if (!algo)
{ {
log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?"); log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
rc = GNUPG_Bug; rc = gpg_error (GPG_ERR_BUG);
goto leave; goto leave;
} }
gcry_md_enable (data_md, algo); gcry_md_enable (data_md, algo);
@ -446,7 +447,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if ( !digest || !digest_len) if ( !digest || !digest_len)
{ {
log_error ("problem getting the hash of the data\n"); log_error ("problem getting the hash of the data\n");
rc = GNUPG_Bug; rc = gpg_error (GPG_ERR_BUG);
goto leave; goto leave;
} }
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
@ -505,7 +506,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if ( !digest || !digest_len) if ( !digest || !digest_len)
{ {
log_error ("problem getting the hash of the data\n"); log_error ("problem getting the hash of the data\n");
rc = GNUPG_Bug; rc = gpg_error (GPG_ERR_BUG);
goto leave; goto leave;
} }
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++) for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
@ -574,7 +575,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
fpr = gpgsm_get_fingerprint_hexstring (cl->cert, GCRY_MD_SHA1); fpr = gpgsm_get_fingerprint_hexstring (cl->cert, GCRY_MD_SHA1);
if (!fpr) if (!fpr)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
gcry_md_close (md); gcry_md_close (md);
goto leave; goto leave;
} }
@ -587,7 +588,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
xfree (fpr); xfree (fpr);
if (rc < 0) if (rc < 0)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
gcry_md_close (md); gcry_md_close (md);
goto leave; goto leave;
} }

22
sm/verify.c
View File

@ -1,5 +1,5 @@
/* verify.c - Verify a messages signature /* verify.c - Verify a messages signature
* Copyright (C) 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -114,7 +114,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (!kh) if (!kh)
{ {
log_error (_("failed to allocated keyDB handle\n")); log_error (_("failed to allocated keyDB handle\n"));
rc = GNUPG_General_Error; rc = gpg_error (GPG_ERR_GENERAL);
goto leave; goto leave;
} }
@ -122,8 +122,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
fp = fdopen ( dup (in_fd), "rb"); fp = fdopen ( dup (in_fd), "rb");
if (!fp) if (!fp)
{ {
rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno)); log_error ("fdopen() failed: %s\n", strerror (errno));
rc = seterr (IO_Error);
goto leave; goto leave;
} }
@ -147,7 +147,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
cms = ksba_cms_new (); cms = ksba_cms_new ();
if (!cms) if (!cms)
{ {
rc = seterr (Out_Of_Core); rc = gpg_error (GPG_ERR_ENOMEM);
goto leave; goto leave;
} }
@ -233,7 +233,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (data_fd != -1 && !is_detached) if (data_fd != -1 && !is_detached)
{ {
log_error ("data given for a non-detached signature\n"); log_error ("data given for a non-detached signature\n");
rc = GNUPG_Conflict; rc = gpg_error (GPG_ERR_CONFLICT);
goto leave; goto leave;
} }
@ -360,7 +360,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (rc == -1) if (rc == -1)
{ {
log_error ("certificate not found\n"); log_error ("certificate not found\n");
rc = GNUPG_No_Public_Key; rc = gpg_error (GPG_ERR_NO_PUBKEY);
} }
else else
log_error ("failed to find the certificate: %s\n", log_error ("failed to find the certificate: %s\n",
@ -457,7 +457,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (DBG_X509) if (DBG_X509)
log_debug ("signature okay - checking certs\n"); log_debug ("signature okay - checking certs\n");
rc = gpgsm_validate_chain (ctrl, cert, &keyexptime); rc = gpgsm_validate_chain (ctrl, cert, &keyexptime);
if (rc == GNUPG_Certificate_Expired) if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
{ {
gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL); gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);
rc = 0; rc = 0;
@ -482,10 +482,10 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
if (rc) /* of validate_chain */ if (rc) /* of validate_chain */
{ {
log_error ("invalid certification chain: %s\n", gnupg_strerror (rc)); log_error ("invalid certification chain: %s\n", gnupg_strerror (rc));
if (rc == GNUPG_Bad_Certificate_Chain if (gpg_err_code (rc) == GPG_ERR_BAD_CERT_CHAIN
|| rc == GNUPG_Bad_Certificate || gpg_err_code (rc) == GPG_ERR_BAD_CERT
|| rc == GNUPG_Bad_CA_Certificate || gpg_err_code (rc) == GPG_ERR_BAD_CA_CERT
|| rc == GNUPG_Certificate_Revoked) || gpg_err_code (rc) == GPG_ERR_CERT_REVOKED)
gpgsm_status (ctrl, STATUS_TRUST_NEVER, gnupg_error_token (rc)); gpgsm_status (ctrl, STATUS_TRUST_NEVER, gnupg_error_token (rc));
else else
gpgsm_status (ctrl, STATUS_TRUST_UNDEFINED, gnupg_error_token (rc)); gpgsm_status (ctrl, STATUS_TRUST_UNDEFINED, gnupg_error_token (rc));