* gpgsm.c, gpgsm.h: Add local_user.

* sign.c (gpgsm_get_default_cert): New. (get_default_signer): Use the new function if local_user is not set otherwise used that value. * encrypt.c (get_default_recipient): Removed. (gpgsm_encrypt): Use gpgsm_get_default_cert. * verify.c (gpgsm_verify): Better error text for a bad signature found by comparing the hashs.
2025-05-24 16:43:28 +02:00 · 2002-03-05 15:56:46 +00:00 · 2002-03-05 15:56:46 +00:00 · c8454f792d
commit c8454f792d
parent dfda938ee9
9 changed files with 96 additions and 55 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,15 @@
 2002-03-05  Werner Koch  <wk@gnupg.org>
 	* gpgsm.c, gpgsm.h: Add local_user.
 	* sign.c (gpgsm_get_default_cert): New.
 	(get_default_signer): Use the new function if local_user is not
 	set otherwise used that value.
 	* encrypt.c (get_default_recipient): Removed.
 	(gpgsm_encrypt): Use gpgsm_get_default_cert.
 	* verify.c (gpgsm_verify): Better error text for a bad signature
 	found by comparing the hashs.
 2002-02-27  Werner Koch  <wk@gnupg.org>
 	* call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -204,14 +204,15 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
    }
  p = ksba_cert_get_public_key (cert);
  if (DBG_X509)
    log_debug ("public key: %s\n", p);
  n = gcry_sexp_canon_len (p, 0, NULL, NULL);
  if (!n)
    {
      log_error ("libksba did not return a proper S-Exp\n");
      return GNUPG_Bug;
    }
  if (DBG_X509)
    log_printhex ("public key: ", p, n);
  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
  if (rc)
    {
@ -256,7 +257,7 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
                           r_sigval, &siglen);
  xfree (grip);
  /* FIXME: we should check that the returned S-Exp is valid fits int
-     siglen.  It ould probaly be a good idea to scan and print it
+     siglen.  It ould probably be a good idea to scan and print it
     again to make this sure and be sure that we have canoncical
     encoding */
  return rc;
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@ -58,45 +58,6 @@ struct encrypt_cb_parm_s {
 };
 static KsbaCert
 get_default_recipient (void)
 {
  const char key[] =
    "/CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Düsseldorf,C=DE";
  KEYDB_SEARCH_DESC desc;
  KsbaCert cert = NULL;
  KEYDB_HANDLE kh = NULL;
  int rc;
  rc = keydb_classify_name (key, &desc);
  if (rc)
    {
      log_error ("failed to find recipient: %s\n", gnupg_strerror (rc));
      return NULL;
    }
  kh = keydb_new (0);
  if (!kh)
    return NULL;
  rc = keydb_search (kh, &desc, 1);
  if (rc)
    {
      log_debug ("failed to find default certificate: rc=%d\n", rc);
    }
  else 
    {
      rc = keydb_get_cert (kh, &cert);
      if (rc)
        {
          log_debug ("failed to get cert: rc=%d\n", rc);
        }
    }
  keydb_release (kh);
  return cert;
 }
@ -417,8 +378,8 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
     STATUS_NO_RECP */
  if (!recplist)
    {
-      help_recplist.cert = get_default_recipient ();
+      rc = gpgsm_get_default_cert (&help_recplist.cert);
-      if (!help_recplist.cert)
+      if (rc)
        {
          log_error ("no default recipient found\n");
          rc = seterr (General_Error);
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -875,6 +875,7 @@ main ( int argc, char **argv)
        case oTextmode: /*fixme:opt.textmode=1;*/  break;
        case oUser: /* store the local users */
          opt.local_user = pargs.r.ret_str;
          add_to_strlist ( &locusr, pargs.r.ret_str);
          break;
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -58,6 +58,8 @@ struct {
  char *def_recipient;    /* userID of the default recipient */
  int def_recipient_self; /* The default recipient is the default key */
  char *local_user;       /* NULL or argument to -u */
  int always_trust;       /* Trust the given keys even if there is no
                             valid certification path */
  int skip_verify;        /* do not check signatures on data */
@ -189,6 +191,7 @@ int gpgsm_import (CTRL ctrl, int in_fd);
 int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp);
 /*-- sign.c --*/
 int gpgsm_get_default_cert (KsbaCert *r_cert);
 int gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp);
 /*-- encrypt.c --*/
--- a/sm/keydb.c
+++ b/sm/keydb.c
@ -1197,4 +1197,3 @@ keydb_store_cert (KsbaCert cert)
 }
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -233,7 +233,7 @@ gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
  int have_secret;
 #warning there is no key selection yet
-  /* We must take care of qouting here */
+  /* We must take care of quoting here */
  hd = keydb_new (0);
  if (!hd)
    rc = GNUPG_General_Error;
--- a/sm/sign.c
+++ b/sm/sign.c
@ -61,19 +61,84 @@ hash_data (int fd, GCRY_MD_HD md)
 }
 /* Get the default certificate which is defined as the first one our
   keyDB retruns and has a secret key available */
 int
 gpgsm_get_default_cert (KsbaCert *r_cert)
 {
  KEYDB_HANDLE hd;
  KsbaCert cert = NULL;
  int rc;
  char *p;
  hd = keydb_new (0);
  if (!hd)
    return GNUPG_General_Error;
  rc = keydb_search_first (hd);
  if (rc)
    {
      keydb_release (hd);
      return rc;
    }
  do
    {
      rc = keydb_get_cert (hd, &cert);
      if (rc) 
        {
          log_error ("keydb_get_cert failed: %s\n", gnupg_strerror (rc));
          keydb_release (hd);
          return rc;
        }
      p = gpgsm_get_keygrip_hexstring (cert);
      if (p)
        {
          if (!gpgsm_agent_havekey (p))
            {
              xfree (p);
              keydb_release (hd);
              *r_cert = cert;
              return 0; /* got it */
            }
          xfree (p);
        }
      ksba_cert_release (cert); 
      cert = NULL;
    }
  while (!(rc = keydb_search_next (hd)));
  if (rc && rc != -1)
    log_error ("keydb_search_next failed: %s\n", gnupg_strerror (rc));
  ksba_cert_release (cert);
  keydb_release (hd);
  return rc;
 }
 static KsbaCert
 get_default_signer (void)
 {
  //  const char key[] = "1.2.840.113549.1.9.1=#7472757374407765622E6465#,CN=WEB.DE TrustCenter,OU=TrustCenter,O=WEB.DE AG,L=D-76227 Karlsruhe,C=DE";
  const char key[] =
    "/CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Düsseldorf,C=DE";
  KEYDB_SEARCH_DESC desc;
  KsbaCert cert = NULL;
  KEYDB_HANDLE kh = NULL;
  int rc;
-  rc = keydb_classify_name (key, &desc);
+  if (!opt.local_user)
    {
      rc = gpgsm_get_default_cert (&cert);
      if (rc)
        {
          if (rc != -1)
            log_debug ("failed to find default certificate: %s\n",
                       gnupg_strerror (rc));
          return NULL;
        }
      return cert;
    }
  rc = keydb_classify_name (opt.local_user, &desc);
  if (rc)
    {
      log_error ("failed to find default signer: %s\n", gnupg_strerror (rc));
@ -103,6 +168,7 @@ get_default_signer (void)
 }
 /* Depending on the options in CTRL add the certificate CERT as well as
   other certificate up in the chain to the Root-CA to the CMS
   object. */
--- a/sm/verify.c
+++ b/sm/verify.c
@ -328,8 +328,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
               || gcry_md_get_algo_dlen (algo) != msgdigestlen
               || !s || memcmp (s, msgdigest, msgdigestlen) )
            {
-              log_error ("message digest attribute does not "
+              log_error ("invalid signature: message digest attribute "
-                         "match calculated one\n");
+                         "does not match calculated one\n");
              gpgsm_status (ctrl, STATUS_BADSIG, NULL);
              goto next_signer; 
            }
@ -424,5 +424,3 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
    fclose (fp);
  return rc;
 }
`@ -1197,4 +1197,3 @@ keydb_store_cert (KsbaCert cert)`
	`}`	`}`