diff options
author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:19 +0900 |
---|---|---|
committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:19 +0900 |
commit | d9787447fe6a57e39113b60305b4ab672b9ba897 (patch) | |
tree | 6c925adf6340a1a5ab43d9048ca4b27eae819cd6 /sm | |
parent | f77eedfaad1525168ca8593a3eb43ef157cd2891 (diff) | |
download | gpg2-d9787447fe6a57e39113b60305b4ab672b9ba897.tar.gz gpg2-d9787447fe6a57e39113b60305b4ab672b9ba897.tar.bz2 gpg2-d9787447fe6a57e39113b60305b4ab672b9ba897.zip |
Imported Upstream version 2.1.19upstream/2.1.19
Diffstat (limited to 'sm')
-rw-r--r-- | sm/Makefile.am | 1 | ||||
-rw-r--r-- | sm/base64.c | 700 | ||||
-rw-r--r-- | sm/call-dirmngr.c | 2 | ||||
-rw-r--r-- | sm/certchain.c | 2 | ||||
-rw-r--r-- | sm/certdump.c | 4 | ||||
-rw-r--r-- | sm/certlist.c | 2 | ||||
-rw-r--r-- | sm/certreqgen-ui.c | 24 | ||||
-rw-r--r-- | sm/certreqgen.c | 12 | ||||
-rw-r--r-- | sm/decrypt.c | 21 | ||||
-rw-r--r-- | sm/encrypt.c | 11 | ||||
-rw-r--r-- | sm/export.c | 28 | ||||
-rw-r--r-- | sm/gpgsm.h | 18 | ||||
-rw-r--r-- | sm/import.c | 13 | ||||
-rw-r--r-- | sm/keydb.c | 2 | ||||
-rw-r--r-- | sm/keylist.c | 2 | ||||
-rw-r--r-- | sm/sign.c | 11 | ||||
-rw-r--r-- | sm/verify.c | 21 |
17 files changed, 94 insertions, 780 deletions
diff --git a/sm/Makefile.am b/sm/Makefile.am index a9c67a8..4cfb246 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -38,7 +38,6 @@ gpgsm_SOURCES = \ call-agent.c \ call-dirmngr.c \ fingerprint.c \ - base64.c \ certlist.c \ certdump.c \ certcheck.c \ diff --git a/sm/base64.c b/sm/base64.c deleted file mode 100644 index f3c7def..0000000 --- a/sm/base64.c +++ /dev/null @@ -1,700 +0,0 @@ -/* base64.c - * Copyright (C) 2001, 2003, 2010 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see <https://www.gnu.org/licenses/>. - */ - -#include <config.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <unistd.h> -#include <time.h> -#include <assert.h> - -#include "gpgsm.h" - - -#include <ksba.h> - -#include "i18n.h" - -#ifdef HAVE_DOSISH_SYSTEM - #define LF "\r\n" -#else - #define LF "\n" -#endif - -/* Data used by the reader callbacks. */ -struct reader_cb_parm_s -{ - estream_t fp; - - unsigned char line[1024]; - int linelen; - int readpos; - int have_lf; - unsigned long line_counter; - - int allow_multi_pem; /* Allow processing of multiple PEM objects. */ - int autodetect; /* Try to detect the input encoding. */ - int assume_pem; /* Assume input encoding is PEM. */ - int assume_base64; /* Assume input is base64 encoded. */ - - int identified; - int is_pem; - int is_base64; - int stop_seen; - int might_be_smime; - - int eof_seen; - - struct { - int idx; - unsigned char val; - int stop_seen; - } base64; -}; - - -/* Data used by the writer callbacks. */ -struct writer_cb_parm_s -{ - estream_t stream; /* Output stream. */ - - const char *pem_name; - - int wrote_begin; - int did_finish; - - struct { - int idx; - int quad_count; - unsigned char radbuf[4]; - } base64; - -}; - - -/* context for this module's functions */ -struct base64_context_s { - union { - struct reader_cb_parm_s rparm; - struct writer_cb_parm_s wparm; - } u; - - union { - ksba_reader_t reader; - ksba_writer_t writer; - } u2; -}; - - -/* The base-64 character list */ -static char bintoasc[64] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789+/"; -/* The reverse base-64 list */ -static unsigned char asctobin[256] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, - 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, - 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff -}; - - -static int -has_only_base64 (const unsigned char *line, int linelen) -{ - if (linelen < 20) - return 0; - for (; linelen; line++, linelen--) - { - if (*line == '\n' || (linelen > 1 && *line == '\r' && line[1] == '\n')) - break; - if ( !strchr (bintoasc, *line) ) - return 0; - } - return 1; /* yes */ -} - -static int -is_empty_line (const unsigned char *line, int linelen) -{ - if (linelen >= 2 && *line == '\r' && line[1] == '\n') - return 1; - if (linelen >= 1 && *line == '\n') - return 1; - return 0; -} - - -static int -base64_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread) -{ - struct reader_cb_parm_s *parm = cb_value; - size_t n; - int c, c2; - - *nread = 0; - if (!buffer) - return -1; /* not supported */ - - next: - if (!parm->linelen) - { - /* read an entire line or up to the size of the buffer */ - parm->line_counter++; - parm->have_lf = 0; - for (n=0; n < DIM(parm->line);) - { - c = es_getc (parm->fp); - if (c == EOF) - { - parm->eof_seen = 1; - if (es_ferror (parm->fp)) - return -1; - break; - } - parm->line[n++] = c; - if (c == '\n') - { - parm->have_lf = 1; - /* Fixme: we need to skip overlong lines while detecting - the dashed lines */ - break; - } - } - parm->linelen = n; - if (!n) - return -1; /* eof */ - parm->readpos = 0; - } - - if (!parm->identified) - { - if (!parm->autodetect) - { - if (parm->assume_pem) - { - /* wait for the header line */ - parm->linelen = parm->readpos = 0; - if (!parm->have_lf - || strncmp ((char*)parm->line, "-----BEGIN ", 11) - || !strncmp ((char*)parm->line+11, "PGP ", 4)) - goto next; - parm->is_pem = 1; - } - else if (parm->assume_base64) - parm->is_base64 = 1; - } - else if (parm->line_counter == 1 && !parm->have_lf) - { - /* first line too long - assume DER encoding */ - parm->is_pem = 0; - } - else if (parm->line_counter == 1 && parm->linelen && *parm->line == 0x30) - { - /* the very first byte does pretty much look like a SEQUENCE tag*/ - parm->is_pem = 0; - } - else if ( parm->have_lf - && !strncmp ((char*)parm->line, "-----BEGIN ", 11) - && strncmp ((char *)parm->line+11, "PGP ", 4) ) - { - /* Fixme: we must only compare if the line really starts at - the beginning */ - parm->is_pem = 1; - parm->linelen = parm->readpos = 0; - } - else if ( parm->have_lf && parm->line_counter == 1 - && parm->linelen >= 13 - && !ascii_memcasecmp (parm->line, "Content-Type:", 13)) - { /* might be a S/MIME body */ - parm->might_be_smime = 1; - parm->linelen = parm->readpos = 0; - goto next; - } - else if (parm->might_be_smime == 1 - && is_empty_line (parm->line, parm->linelen)) - { - parm->might_be_smime = 2; - parm->linelen = parm->readpos = 0; - goto next; - } - else if (parm->might_be_smime == 2) - { - parm->might_be_smime = 0; - if ( !has_only_base64 (parm->line, parm->linelen)) - { - parm->linelen = parm->readpos = 0; - goto next; - } - parm->is_pem = 1; - } - else - { - parm->linelen = parm->readpos = 0; - goto next; - } - parm->identified = 1; - parm->base64.stop_seen = 0; - parm->base64.idx = 0; - } - - - n = 0; - if (parm->is_pem || parm->is_base64) - { - if (parm->is_pem && parm->have_lf - && !strncmp ((char*)parm->line, "-----END ", 9)) - { - parm->identified = 0; - parm->linelen = parm->readpos = 0; - - /* If the caller want to read multiple PEM objects from one - file, we have to reset our internal state and return a - EOF immediately. The caller is the expected to use - ksba_reader_clear to clear the EOF condition and continue - to read. If we don't want to do that we just return 0 - bytes which will force the ksba_reader to skip until - EOF. */ - if (parm->allow_multi_pem) - { - parm->identified = 0; - parm->autodetect = 0; - parm->assume_pem = 1; - parm->stop_seen = 0; - return -1; /* Send EOF now. */ - } - } - else if (parm->stop_seen) - { /* skip the rest of the line */ - parm->linelen = parm->readpos = 0; - } - else - { - int idx = parm->base64.idx; - unsigned char val = parm->base64.val; - - while (n < count && parm->readpos < parm->linelen ) - { - c = parm->line[parm->readpos++]; - if (c == '\n' || c == ' ' || c == '\r' || c == '\t') - continue; - if (c == '=') - { /* pad character: stop */ - if (idx == 1) - buffer[n++] = val; - parm->stop_seen = 1; - break; - } - if( (c = asctobin[(c2=c)]) == 255 ) - { - log_error (_("invalid radix64 character %02x skipped\n"), - c2); - continue; - } - switch (idx) - { - case 0: - val = c << 2; - break; - case 1: - val |= (c>>4)&3; - buffer[n++] = val; - val = (c<<4)&0xf0; - break; - case 2: - val |= (c>>2)&15; - buffer[n++] = val; - val = (c<<6)&0xc0; - break; - case 3: - val |= c&0x3f; - buffer[n++] = val; - break; - } - idx = (idx+1) % 4; - } - if (parm->readpos == parm->linelen) - parm->linelen = parm->readpos = 0; - - parm->base64.idx = idx; - parm->base64.val = val; - } - } - else - { /* DER encoded */ - while (n < count && parm->readpos < parm->linelen) - buffer[n++] = parm->line[parm->readpos++]; - if (parm->readpos == parm->linelen) - parm->linelen = parm->readpos = 0; - } - - *nread = n; - return 0; -} - - - -static int -simple_reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread) -{ - struct reader_cb_parm_s *parm = cb_value; - size_t n; - int c = 0; - - *nread = 0; - if (!buffer) - return -1; /* not supported */ - - for (n=0; n < count; n++) - { - c = es_getc (parm->fp); - if (c == EOF) - { - parm->eof_seen = 1; - if (es_ferror (parm->fp)) - return -1; - if (n) - break; /* Return what we have before an EOF. */ - return -1; - } - *(byte *)buffer++ = c; - } - - *nread = n; - return 0; -} - - - - -static int -base64_writer_cb (void *cb_value, const void *buffer, size_t count) -{ - struct writer_cb_parm_s *parm = cb_value; - unsigned char radbuf[4]; - int i, c, idx, quad_count; - const unsigned char *p; - estream_t stream = parm->stream; - - if (!count) - return 0; - - if (!parm->wrote_begin) - { - if (parm->pem_name) - { - es_fputs ("-----BEGIN ", stream); - es_fputs (parm->pem_name, stream); - es_fputs ("-----\n", stream); - } - parm->wrote_begin = 1; - parm->base64.idx = 0; - parm->base64.quad_count = 0; - } - - idx = parm->base64.idx; - quad_count = parm->base64.quad_count; - for (i=0; i < idx; i++) - radbuf[i] = parm->base64.radbuf[i]; - - for (p=buffer; count; p++, count--) - { - radbuf[idx++] = *p; - if (idx > 2) - { - idx = 0; - c = bintoasc[(*radbuf >> 2) & 077]; - es_putc (c, stream); - c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077]; - es_putc (c, stream); - c = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077]; - es_putc (c, stream); - c = bintoasc[radbuf[2]&077]; - es_putc (c, stream); - if (++quad_count >= (64/4)) - { - es_fputs (LF, stream); - quad_count = 0; - } - } - } - for (i=0; i < idx; i++) - parm->base64.radbuf[i] = radbuf[i]; - parm->base64.idx = idx; - parm->base64.quad_count = quad_count; - - return es_ferror (stream)? gpg_error_from_syserror () : 0; -} - - -/* This callback is only used in stream mode. Hiowever, we don't - restrict it to this. */ -static int -plain_writer_cb (void *cb_value, const void *buffer, size_t count) -{ - struct writer_cb_parm_s *parm = cb_value; - estream_t stream = parm->stream; - - if (!count) - return 0; - - es_write (stream, buffer, count, NULL); - - return es_ferror (stream)? gpg_error_from_syserror () : 0; -} - - -static int -base64_finish_write (struct writer_cb_parm_s *parm) -{ - unsigned char *radbuf; - int c, idx, quad_count; - estream_t stream = parm->stream; - - if (!parm->wrote_begin) - return 0; /* Nothing written or we are not called in base-64 mode. */ - - /* flush the base64 encoding */ - idx = parm->base64.idx; - quad_count = parm->base64.quad_count; - if (idx) - { - radbuf = parm->base64.radbuf; - - c = bintoasc[(*radbuf>>2)&077]; - es_putc (c, stream); - if (idx == 1) - { - c = bintoasc[((*radbuf << 4) & 060) & 077]; - es_putc (c, stream); - es_putc ('=', stream); - es_putc ('=', stream); - } - else - { - c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077]; - es_putc (c, stream); - c = bintoasc[((radbuf[1] << 2) & 074) & 077]; - es_putc (c, stream); - es_putc ('=', stream); - - } - if (++quad_count >= (64/4)) - { - es_fputs (LF, stream); - quad_count = 0; - } - } - - if (quad_count) - es_fputs (LF, stream); - - if (parm->pem_name) - { - es_fputs ("-----END ", stream); - es_fputs (parm->pem_name, stream); - es_fputs ("-----\n", stream); - } - - return es_ferror (stream)? gpg_error_from_syserror () : 0; -} - - - - -/* Create a reader for the given file descriptor. Depending on the - control information an input decoding is automagically chosen. - The function returns a Base64Context object which must be passed to - the gpgme_destroy_reader function. The created KsbaReader object - is also returned, but the caller must not call the - ksba_reader_release function on. If ALLOW_MULTI_PEM is true, the - reader expects that the caller uses ksba_reader_clear after EOF - until no more objects were found. */ -int -gpgsm_create_reader (Base64Context *ctx, - ctrl_t ctrl, estream_t fp, int allow_multi_pem, - ksba_reader_t *r_reader) -{ - int rc; - ksba_reader_t r; - - *r_reader = NULL; - *ctx = xtrycalloc (1, sizeof **ctx); - if (!*ctx) - return out_of_core (); - (*ctx)->u.rparm.allow_multi_pem = allow_multi_pem; - - rc = ksba_reader_new (&r); - if (rc) - { - xfree (*ctx); *ctx = NULL; - return rc; - } - - (*ctx)->u.rparm.fp = fp; - if (ctrl->is_pem) - { - (*ctx)->u.rparm.assume_pem = 1; - (*ctx)->u.rparm.assume_base64 = 1; - rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm); - } - else if (ctrl->is_base64) - { - (*ctx)->u.rparm.assume_base64 = 1; - rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm); - } - else if (ctrl->autodetect_encoding) - { - (*ctx)->u.rparm.autodetect = 1; - rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm); - } - else - rc = ksba_reader_set_cb (r, simple_reader_cb, &(*ctx)->u.rparm); - - if (rc) - { - ksba_reader_release (r); - xfree (*ctx); *ctx = NULL; - return rc; - } - - (*ctx)->u2.reader = r; - *r_reader = r; - return 0; -} - - -int -gpgsm_reader_eof_seen (Base64Context ctx) -{ - return ctx && ctx->u.rparm.eof_seen; -} - -void -gpgsm_destroy_reader (Base64Context ctx) -{ - if (!ctx) - return; - - ksba_reader_release (ctx->u2.reader); - xfree (ctx); -} - - - -/* Create a writer for the given STREAM. Depending on - the control information an output encoding is automagically - chosen. The function returns a Base64Context object which must be - passed to the gpgme_destroy_writer function. The created - KsbaWriter object is also returned, but the caller must not call - the ksba_reader_release function on it. */ -int -gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream, - ksba_writer_t *r_writer) -{ - int rc; - ksba_writer_t w; - - *r_writer = NULL; - *ctx = xtrycalloc (1, sizeof **ctx); - if (!*ctx) - return out_of_core (); - - rc = ksba_writer_new (&w); - if (rc) - { - xfree (*ctx); *ctx = NULL; - return rc; - } - - if (ctrl->create_pem || ctrl->create_base64) - { - (*ctx)->u.wparm.stream = stream; - if (ctrl->create_pem) - (*ctx)->u.wparm.pem_name = ctrl->pem_name? ctrl->pem_name - : "CMS OBJECT"; - rc = ksba_writer_set_cb (w, base64_writer_cb, &(*ctx)->u.wparm); - } - else if (stream) - { - (*ctx)->u.wparm.stream = stream; - rc = ksba_writer_set_cb (w, plain_writer_cb, &(*ctx)->u.wparm); - } - else - rc = gpg_error (GPG_ERR_INV_ARG); - - if (rc) - { - ksba_writer_release (w); - xfree (*ctx); *ctx = NULL; - return rc; - } - - (*ctx)->u2.writer = w; - *r_writer = w; - return 0; -} - - -int -gpgsm_finish_writer (Base64Context ctx) -{ - struct writer_cb_parm_s *parm; - - if (!ctx) - return gpg_error (GPG_ERR_INV_VALUE); - parm = &ctx->u.wparm; - if (parm->did_finish) - return 0; /* Already done. */ - parm->did_finish = 1; - if (!parm->stream) - return 0; /* Callback was not used. */ - return base64_finish_write (parm); -} - -void -gpgsm_destroy_writer (Base64Context ctx) -{ - if (!ctx) - return; - - ksba_writer_release (ctx->u2.writer); - xfree (ctx); -} diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index d025063..45303e8 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -430,7 +430,7 @@ inq_certificate (void *opaque, const char *line) } -/* Take a 20 byte hexencoded string and put it into the the provided +/* Take a 20 byte hexencoded string and put it into the provided 20 byte buffer FPR in binary format. */ static int unhexify_fpr (const char *hexstr, unsigned char *fpr) diff --git a/sm/certchain.c b/sm/certchain.c index 083c3ad..b3e8656 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -2120,7 +2120,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen) } /* If this is a German signature law issued certificate, we store - additional additional information. */ + additional information. */ if (!gpgsm_is_in_qualified_list (NULL, array[depth-1], country) && !strcmp (country, "de")) { diff --git a/sm/certdump.c b/sm/certdump.c index e47251e..bd37da4 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -1,5 +1,5 @@ /* certdump.c - Dump a certificate for debugging - * Copyright (C) 2001, 2004, 2007 Free Software Foundation, Inc. + * Copyright (C) 2001-2010, 2014-2015 g10 Code GmbH * * This file is part of GnuPG. * @@ -492,7 +492,7 @@ print_dn_part (estream_t stream, { /* Forward to the last multi-valued RDN, so that we can print them all in reverse in the correct order. Note - that this overrides the the standard sequence but that + that this overrides the standard sequence but that seems to a reasonable thing to do with multi-valued RDNs. */ while (dn->multivalued && dn[1].key) diff --git a/sm/certlist.c b/sm/certlist.c index 7baec65..bfc35ce 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -336,7 +336,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, { if (!first_subject) { - /* Save the the subject and the issuer for key usage + /* Save the subject and the issuer for key usage and ambiguous name tests. */ first_subject = ksba_cert_get_subject (cert, 0); first_issuer = ksba_cert_get_issuer (cert, 0); diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index ece8668..b50d338 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -95,7 +95,7 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip) gpg_error_t err; ksba_sexp_t public; size_t publiclen; - const char *algostr; + int algo; if (hexgrip[0] == '&') hexgrip++; @@ -105,21 +105,17 @@ check_keygrip (ctrl_t ctrl, const char *hexgrip) return NULL; publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL); - get_pk_algo_from_canon_sexp (public, publiclen, &algostr); + algo = get_pk_algo_from_canon_sexp (public, publiclen); xfree (public); - if (!algostr) - return NULL; - else if (!strcmp (algostr, "rsa")) - return "RSA"; - else if (!strcmp (algostr, "dsa")) - return "DSA"; - else if (!strcmp (algostr, "elg")) - return "ELG"; - else if (!strcmp (algostr, "ecdsa")) - return "ECDSA"; - else - return NULL; + switch (algo) + { + case GCRY_PK_RSA: return "RSA"; + case GCRY_PK_DSA: return "DSA"; + case GCRY_PK_ELG: return "ELG"; + case GCRY_PK_EDDSA: return "ECDSA"; + default: return NULL; + } } diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 9b4ffc9..fe35ea8 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -737,14 +737,18 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, if (!outctrl->dryrun) { - Base64Context b64writer = NULL; + gnupg_ksba_io_t b64writer = NULL; ksba_writer_t writer; int create_cert ; create_cert = !!get_parameter_value (para, pSERIAL, 0); ctrl->pem_name = create_cert? "CERTIFICATE" : "CERTIFICATE REQUEST"; - rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer); + + rc = gnupg_ksba_create_writer + (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), + ctrl->pem_name, out_fp, &writer); if (rc) log_error ("can't create writer: %s\n", gpg_strerror (rc)); else @@ -752,7 +756,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, rc = create_request (ctrl, para, cardkeyid, public, sigkey, writer); if (!rc) { - rc = gpgsm_finish_writer (b64writer); + rc = gnupg_ksba_finish_writer (b64writer); if (rc) log_error ("write failed: %s\n", gpg_strerror (rc)); else @@ -762,7 +766,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, create_cert?"":" request"); } } - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_writer (b64writer); } } diff --git a/sm/decrypt.c b/sm/decrypt.c index a2907f6..cda4d29 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -243,8 +243,8 @@ int gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) { int rc; - Base64Context b64reader = NULL; - Base64Context b64writer = NULL; + gnupg_ksba_io_t b64reader = NULL; + gnupg_ksba_io_t b64writer = NULL; ksba_reader_t reader; ksba_writer_t writer; ksba_cms_t cms = NULL; @@ -274,14 +274,21 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) goto leave; } - rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader); + rc = gnupg_ksba_create_reader + (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0) + | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)), + in_fp, &reader); if (rc) { log_error ("can't create reader: %s\n", gpg_strerror (rc)); goto leave; } - rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer); + rc = gnupg_ksba_create_writer + (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), + ctrl->pem_name, out_fp, &writer); if (rc) { log_error ("can't create writer: %s\n", gpg_strerror (rc)); @@ -557,7 +564,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) } while (stopreason != KSBA_SR_READY); - rc = gpgsm_finish_writer (b64writer); + rc = gnupg_ksba_finish_writer (b64writer); if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); @@ -575,8 +582,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) gpg_strerror (rc), gpg_strsource (rc)); } ksba_cms_release (cms); - gpgsm_destroy_reader (b64reader); - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_reader (b64reader); + gnupg_ksba_destroy_writer (b64writer); keydb_release (kh); es_fclose (in_fp); if (dfparm.hd) diff --git a/sm/encrypt.c b/sm/encrypt.c index 2c664f8..3a7d4bb 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -299,7 +299,7 @@ int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) { int rc = 0; - Base64Context b64writer = NULL; + gnupg_ksba_io_t b64writer = NULL; gpg_error_t err; ksba_writer_t writer; ksba_reader_t reader = NULL; @@ -364,7 +364,10 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) encparm.fp = data_fp; ctrl->pem_name = "ENCRYPTED MESSAGE"; - rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer); + rc = gnupg_ksba_create_writer + (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), + ctrl->pem_name, out_fp, &writer); if (rc) { log_error ("can't create writer: %s\n", gpg_strerror (rc)); @@ -499,7 +502,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) } - rc = gpgsm_finish_writer (b64writer); + rc = gnupg_ksba_finish_writer (b64writer); if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); @@ -510,7 +513,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) leave: ksba_cms_release (cms); - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_writer (b64writer); ksba_reader_release (reader); keydb_release (kh); xfree (dek); diff --git a/sm/export.c b/sm/export.c index a32414e..d721d52 100644 --- a/sm/export.c +++ b/sm/export.c @@ -133,7 +133,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) KEYDB_HANDLE hd = NULL; KEYDB_SEARCH_DESC *desc = NULL; int ndesc; - Base64Context b64writer = NULL; + gnupg_ksba_io_t b64writer = NULL; ksba_writer_t writer; strlist_t sl; ksba_cert_t cert = NULL; @@ -263,7 +263,10 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) if (!b64writer) { ctrl->pem_name = "CERTIFICATE"; - rc = gpgsm_create_writer (&b64writer, ctrl, stream, &writer); + rc = gnupg_ksba_create_writer + (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 :0)), + ctrl->pem_name, stream, &writer); if (rc) { log_error ("can't create writer: %s\n", gpg_strerror (rc)); @@ -281,13 +284,13 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) if (ctrl->create_pem) { /* We want one certificate per PEM block */ - rc = gpgsm_finish_writer (b64writer); + rc = gnupg_ksba_finish_writer (b64writer); if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); goto leave; } - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_writer (b64writer); b64writer = NULL; } } @@ -299,7 +302,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) log_error ("keydb_search failed: %s\n", gpg_strerror (rc)); else if (b64writer) { - rc = gpgsm_finish_writer (b64writer); + rc = gnupg_ksba_finish_writer (b64writer); if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); @@ -308,7 +311,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream) } leave: - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_writer (b64writer); ksba_cert_release (cert); xfree (desc); keydb_release (hd); @@ -328,7 +331,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode) gpg_error_t err = 0; KEYDB_HANDLE hd; KEYDB_SEARCH_DESC *desc = NULL; - Base64Context b64writer = NULL; + gnupg_ksba_io_t b64writer = NULL; ksba_writer_t writer; ksba_cert_t cert = NULL; const unsigned char *image; @@ -433,7 +436,10 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode) ctrl->pem_name = "PRIVATE KEY"; else ctrl->pem_name = "RSA PRIVATE KEY"; - err = gpgsm_create_writer (&b64writer, ctrl, stream, &writer); + err = gnupg_ksba_create_writer + (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), + ctrl->pem_name, stream, &writer); if (err) { log_error ("can't create writer: %s\n", gpg_strerror (err)); @@ -457,13 +463,13 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode) if (ctrl->create_pem) { /* We want one certificate per PEM block */ - err = gpgsm_finish_writer (b64writer); + err = gnupg_ksba_finish_writer (b64writer); if (err) { log_error ("write failed: %s\n", gpg_strerror (err)); goto leave; } - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_writer (b64writer); b64writer = NULL; } @@ -471,7 +477,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode) cert = NULL; leave: - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_writer (b64writer); ksba_cert_release (cert); xfree (desc); keydb_release (hd); @@ -33,6 +33,7 @@ #include "../common/status.h" #include "../common/audit.h" #include "../common/session-env.h" +#include "../common/ksba-io-support.h" #define MAX_DIGEST_LEN 64 @@ -205,10 +206,6 @@ struct server_control_s }; -/* Data structure used in base64.c. */ -typedef struct base64_context_s *Base64Context; - - /* An object to keep a list of certificates. */ struct certlist_s { @@ -262,19 +259,6 @@ int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits); char *gpgsm_get_certid (ksba_cert_t cert); -/*-- base64.c --*/ -int gpgsm_create_reader (Base64Context *ctx, - ctrl_t ctrl, estream_t fp, int allow_multi_pem, - ksba_reader_t *r_reader); -int gpgsm_reader_eof_seen (Base64Context ctx); -void gpgsm_destroy_reader (Base64Context ctx); -int gpgsm_create_writer (Base64Context *ctx, - ctrl_t ctrl, estream_t stream, - ksba_writer_t *r_writer); -int gpgsm_finish_writer (Base64Context ctx); -void gpgsm_destroy_writer (Base64Context ctx); - - /*-- certdump.c --*/ void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p); void gpgsm_print_time (estream_t fp, ksba_isotime_t t); diff --git a/sm/import.c b/sm/import.c index 4a8ecf7..b284b51 100644 --- a/sm/import.c +++ b/sm/import.c @@ -272,7 +272,7 @@ static int import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd) { int rc; - Base64Context b64reader = NULL; + gnupg_ksba_io_t b64reader = NULL; ksba_reader_t reader; ksba_cert_t cert = NULL; ksba_cms_t cms = NULL; @@ -288,7 +288,12 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd) goto leave; } - rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader); + rc = gnupg_ksba_create_reader + (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0) + | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0) + | GNUPG_KSBA_IO_MULTIPEM), + fp, &reader); if (rc) { log_error ("can't create reader: %s\n", gpg_strerror (rc)); @@ -375,14 +380,14 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd) ksba_reader_clear (reader, NULL, NULL); } - while (!gpgsm_reader_eof_seen (b64reader)); + while (!gnupg_ksba_reader_eof_seen (b64reader)); leave: if (any && gpg_err_code (rc) == GPG_ERR_EOF) rc = 0; ksba_cms_release (cms); ksba_cert_release (cert); - gpgsm_destroy_reader (b64reader); + gnupg_ksba_destroy_reader (b64reader); es_fclose (fp); return rc; } @@ -265,7 +265,7 @@ keydb_add_resource (ctrl_t ctrl, const char *url, int force, int *auto_created) /* Do we have an URL? gnupg-kbx:filename := this is a plain keybox - filename := See what is is, but create as plain keybox. + filename := See what it is, but create as plain keybox. */ if (strlen (resname) > 10) { diff --git a/sm/keylist.c b/sm/keylist.c index 88a9c4f..6db42e3 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -1280,7 +1280,7 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, } -/* Same as standard mode mode list all certifying certs too. */ +/* Same as standard mode list all certifying certs too. */ static void list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd, ksba_cert_t cert, int raw_mode, @@ -316,7 +316,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, { int i, rc; gpg_error_t err; - Base64Context b64writer = NULL; + gnupg_ksba_io_t b64writer = NULL; ksba_writer_t writer; ksba_cms_t cms = NULL; ksba_stop_reason_t stopreason; @@ -340,7 +340,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } ctrl->pem_name = "SIGNED MESSAGE"; - rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer); + rc = gnupg_ksba_create_writer + (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), + ctrl->pem_name, out_fp, &writer); if (rc) { log_error ("can't create writer: %s\n", gpg_strerror (rc)); @@ -760,7 +763,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, } while (stopreason != KSBA_SR_READY); - rc = gpgsm_finish_writer (b64writer); + rc = gnupg_ksba_finish_writer (b64writer); if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); @@ -778,7 +781,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, if (release_signerlist) gpgsm_release_certlist (signerlist); ksba_cms_release (cms); - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_writer (b64writer); keydb_release (kh); gcry_md_close (data_md); return rc; diff --git a/sm/verify.c b/sm/verify.c index a046883..1ac97cb 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -90,8 +90,8 @@ int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) { int i, rc; - Base64Context b64reader = NULL; - Base64Context b64writer = NULL; + gnupg_ksba_io_t b64reader = NULL; + gnupg_ksba_io_t b64writer = NULL; ksba_reader_t reader; ksba_writer_t writer = NULL; ksba_cms_t cms = NULL; @@ -125,7 +125,11 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) goto leave; } - rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader); + rc = gnupg_ksba_create_reader + (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0) + | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)), + in_fp, &reader); if (rc) { log_error ("can't create reader: %s\n", gpg_strerror (rc)); @@ -134,7 +138,10 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) if (out_fp) { - rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer); + rc = gnupg_ksba_create_writer + (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0) + | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)), + ctrl->pem_name, out_fp, &writer); if (rc) { log_error ("can't create writer: %s\n", gpg_strerror (rc)); @@ -246,7 +253,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) if (b64writer) { - rc = gpgsm_finish_writer (b64writer); + rc = gnupg_ksba_finish_writer (b64writer); if (rc) { log_error ("write failed: %s\n", gpg_strerror (rc)); @@ -643,8 +650,8 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) leave: ksba_cms_release (cms); - gpgsm_destroy_reader (b64reader); - gpgsm_destroy_writer (b64writer); + gnupg_ksba_destroy_reader (b64reader); + gnupg_ksba_destroy_writer (b64writer); keydb_release (kh); gcry_md_close (data_md); es_fclose (in_fp); |