diff options
Diffstat (limited to 'sm')
-rw-r--r-- | sm/base64.c | 4 | ||||
-rw-r--r-- | sm/call-agent.c | 4 | ||||
-rw-r--r-- | sm/call-dirmngr.c | 2 | ||||
-rw-r--r-- | sm/certchain.c | 4 | ||||
-rw-r--r-- | sm/certdump.c | 4 | ||||
-rw-r--r-- | sm/certreqgen.c | 77 | ||||
-rw-r--r-- | sm/gpgsm.c | 6 | ||||
-rw-r--r-- | sm/import.c | 2 | ||||
-rw-r--r-- | sm/keydb.c | 2 | ||||
-rw-r--r-- | sm/minip12.c | 6 | ||||
-rw-r--r-- | sm/qualified.c | 2 | ||||
-rw-r--r-- | sm/server.c | 10 |
12 files changed, 69 insertions, 54 deletions
diff --git a/sm/base64.c b/sm/base64.c index 4a67d61..43781ab 100644 --- a/sm/base64.c +++ b/sm/base64.c @@ -540,7 +540,7 @@ base64_finish_write (struct writer_cb_parm_s *parm) /* Create a reader for the given file descriptor. Depending on the - control information an input decoding is automagically choosen. + control information an input decoding is automagically chosen. The function returns a Base64Context object which must be passed to the gpgme_destroy_reader function. The created KsbaReader object is also returned, but the caller must not call the @@ -621,7 +621,7 @@ gpgsm_destroy_reader (Base64Context ctx) /* Create a writer for the given STREAM. Depending on the control information an output encoding is automagically - choosen. The function returns a Base64Context object which must be + chosen. The function returns a Base64Context object which must be passed to the gpgme_destroy_writer function. The created KsbaWriter object is also returned, but the caller must not call the ksba_reader_release function on it. */ diff --git a/sm/call-agent.c b/sm/call-agent.c index 4b2ec33..c1457b6 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -578,7 +578,7 @@ store_serialno (const char *line) } -/* Callback for the gpgsm_agent_serialno fucntion. */ +/* Callback for the gpgsm_agent_serialno function. */ static gpg_error_t scd_serialno_status_cb (void *opaque, const char *line) { @@ -630,7 +630,7 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno) -/* Callback for the gpgsm_agent_serialno fucntion. */ +/* Callback for the gpgsm_agent_serialno function. */ static gpg_error_t scd_keypairinfo_status_cb (void *opaque, const char *line) { diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index bfb80fb..b06397f 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -239,7 +239,7 @@ start_dirmngr (ctrl_t ctrl) dirmngr_ctx_locked = 1; err = start_dirmngr_ext (ctrl, &dirmngr_ctx); - /* We do not check ERR but the existance of a context because the + /* We do not check ERR but the existence of a context because the error might come from a failed command send to the dirmngr. Fixme: Why don't we close the drimngr context if we encountered an error in prepare_dirmngr? */ diff --git a/sm/certchain.c b/sm/certchain.c index 579ca9e..d43147e 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -1784,7 +1784,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, /* Note that it is possible for the last certificate in the chain (i.e. our target certificate) that it has not yet been stored in the keybox and thus the flag can't be set. - We ignore this error becuase it will later be stored + We ignore this error because it will later be stored anyway. */ err = keydb_set_cert_flags (ci->cert, 1, KEYBOX_FLAG_BLOB, 0, KEYBOX_FLAG_BLOB_EPHEMERAL, 0); @@ -2079,7 +2079,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen) until we have found the root. Because we are only interested in German Bundesnetzagentur (former RegTP) derived certificates 3 levels are enough. (The German signature law demands a 3 tier - hierachy; thus there is only one CA between the EE and the Root + hierarchy; thus there is only one CA between the EE and the Root CA.) */ memset (&array, 0, sizeof array); diff --git a/sm/certdump.c b/sm/certdump.c index f32a27c..0cc492a 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -652,7 +652,7 @@ struct format_name_cookie }; /* The writer function for the memory stream. */ -static ssize_t +static gpgrt_ssize_t format_name_writer (void *cookie, const void *buffer, size_t size) { struct format_name_cookie *c = cookie; @@ -696,7 +696,7 @@ format_name_writer (void *cookie, const void *buffer, size_t size) c->len += size; p[c->len] = 0; /* Terminate string. */ - return (ssize_t)size; + return (gpgrt_ssize_t)size; } diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 0774591..2c6550c 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -917,38 +917,53 @@ create_request (ctrl_t ctrl, /* Set key usage flags. */ use = get_parameter_uint (para, pKEYUSAGE); - if (use == GCRY_PK_USAGE_SIGN) + if (use) { - /* For signing only we encode the bits: - KSBA_KEYUSAGE_DIGITAL_SIGNATURE - KSBA_KEYUSAGE_NON_REPUDIATION */ - err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, - "\x03\x02\x06\xC0", 4); - } - else if (use == GCRY_PK_USAGE_ENCR) - { - /* For encrypt only we encode the bits: - KSBA_KEYUSAGE_KEY_ENCIPHERMENT - KSBA_KEYUSAGE_DATA_ENCIPHERMENT */ - err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, - "\x03\x02\x04\x30", 4); - } - else if (use == GCRY_PK_USAGE_CERT) - { - /* For certify only we encode the bits: - KSBA_KEYUSAGE_KEY_CERT_SIGN - KSBA_KEYUSAGE_CRL_SIGN */ - err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, - "\x03\x02\x01\x06", 4); - } - else - err = 0; /* Both or none given: don't request one. */ - if (err) - { - log_error ("error setting the key usage: %s\n", - gpg_strerror (err)); - rc = err; - goto leave; + unsigned int mask, pos; + unsigned char der[4]; + + der[0] = 0x03; + der[1] = 0x02; + der[2] = 0; + der[3] = 0; + if ((use & GCRY_PK_USAGE_SIGN)) + { + /* For signing only we encode the bits: + KSBA_KEYUSAGE_DIGITAL_SIGNATURE + KSBA_KEYUSAGE_NON_REPUDIATION = 0b11 -> 0b11000000 */ + der[3] |= 0xc0; + } + if ((use & GCRY_PK_USAGE_ENCR)) + { + /* For encrypt only we encode the bits: + KSBA_KEYUSAGE_KEY_ENCIPHERMENT + KSBA_KEYUSAGE_DATA_ENCIPHERMENT = 0b1100 -> 0b00110000 */ + der[3] |= 0x30; + } + if ((use & GCRY_PK_USAGE_CERT)) + { + /* For certify only we encode the bits: + KSBA_KEYUSAGE_KEY_CERT_SIGN + KSBA_KEYUSAGE_CRL_SIGN = 0b1100000 -> 0b00000110 */ + der[3] |= 0x06; + } + + /* Count number of unused bits. */ + for (mask=1, pos=0; pos < 8 * sizeof mask; pos++, mask <<= 1) + { + if ((der[3] & mask)) + break; + der[2]++; + } + + err = ksba_certreq_add_extension (cr, oidstr_keyUsage, 1, der, 4); + if (err) + { + log_error ("error setting the key usage: %s\n", + gpg_strerror (err)); + rc = err; + goto leave; + } } @@ -214,7 +214,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aExport, "export", N_("export certificates")), /* We use -raw and not -p1 for pkcs#1 secret key export so that it - won't accidently be used in case -p12 was intended. */ + won't accidentally be used in case -p12 was intended. */ ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"), ARGPARSE_c (aExportSecretKeyP8, "export-secret-key-p8", "@"), ARGPARSE_c (aExportSecretKeyRaw, "export-secret-key-raw", "@"), @@ -1487,7 +1487,7 @@ main ( int argc, char **argv) log_info (_("WARNING: program may create a core file!\n")); /* if (opt.qualsig_approval && !opt.quiet) */ -/* log_info (_("This software has offically been approved to " */ +/* log_info (_("This software has officially been approved to " */ /* "create and verify\n" */ /* "qualified signatures according to German law.\n")); */ @@ -1524,7 +1524,7 @@ main ( int argc, char **argv) set_debug (); - /* Although we alwasy use gpgsm_exit, we better install a regualr + /* Although we always use gpgsm_exit, we better install a regualr exit handler so that at least the secure memory gets wiped out. */ if (atexit (emergency_cleanup)) diff --git a/sm/import.c b/sm/import.c index 3635525..b2ad839 100644 --- a/sm/import.c +++ b/sm/import.c @@ -747,7 +747,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats) goto leave; } - /* GnuPG 2.0.4 accidently created binary P12 files with the string + /* GnuPG 2.0.4 accidentally created binary P12 files with the string "The passphrase is %s encoded.\n\n" prepended to the ASN.1 data. We fix that here. */ if (p12buflen > 29 && !memcmp (p12buffer, "The passphrase is ", 18)) @@ -478,7 +478,7 @@ keydb_get_resource_name (KEYDB_HANDLE hd) return s? s: ""; } -/* Switch the handle into ephemeral mode and return the orginal value. */ +/* Switch the handle into ephemeral mode and return the original value. */ int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes) { diff --git a/sm/minip12.c b/sm/minip12.c index c70de8a..0e94753 100644 --- a/sm/minip12.c +++ b/sm/minip12.c @@ -273,7 +273,7 @@ parse_tag (unsigned char const **buffer, size_t *size, struct tag_info *ti) -- two bytes in INPUT. Create a new buffer with the content of that octet string. INPUT - is the orginal buffer with a length as stored at LENGTH. Returns + is the original buffer with a length as stored at LENGTH. Returns NULL on error or a new malloced buffer with the length of this new buffer stored at LENGTH and the number of bytes parsed from input are added to the value stored at INPUT_CONSUMED. INPUT_CONSUMED is @@ -679,7 +679,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length, unsigned char *plain = NULL; int bad_pass = 0; unsigned char *cram_buffer = NULL; - size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */ + size_t consumed = 0; /* Number of bytes consumed from the original buffer. */ int is_3des = 0; int is_pbes2 = 0; gcry_mpi_t *result = NULL; @@ -1193,7 +1193,7 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset, gcry_mpi_t *result = NULL; int result_count, i; unsigned char *cram_buffer = NULL; - size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */ + size_t consumed = 0; /* Number of bytes consumed from the original buffer. */ int is_pbes2 = 0; where = "start"; diff --git a/sm/qualified.c b/sm/qualified.c index 56f537e..bae03a4 100644 --- a/sm/qualified.c +++ b/sm/qualified.c @@ -184,7 +184,7 @@ gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert, char *country) /* We know that CERT is a qualified certificate. Ask the user for consent to actually create a signature using this certificate. - Returns: 0 for yes, GPG_ERR_CANCEL for no or any otehr error + Returns: 0 for yes, GPG_ERR_CANCEL for no or any other error code. */ gpg_error_t gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert) diff --git a/sm/server.c b/sm/server.c index cdf4a6e..f0512ef 100644 --- a/sm/server.c +++ b/sm/server.c @@ -55,8 +55,8 @@ struct server_local_s { /* Cookie definition for assuan data line output. */ -static ssize_t data_line_cookie_write (void *cookie, - const void *buffer, size_t size); +static gpgrt_ssize_t data_line_cookie_write (void *cookie, + const void *buffer, size_t size); static int data_line_cookie_close (void *cookie); static es_cookie_io_functions_t data_line_cookie_functions = { @@ -129,7 +129,7 @@ has_option (const char *line, const char *name) /* A write handler used by es_fopencookie to write assuan data lines. */ -static ssize_t +static gpgrt_ssize_t data_line_cookie_write (void *cookie, const void *buffer, size_t size) { assuan_context_t ctx = cookie; @@ -140,7 +140,7 @@ data_line_cookie_write (void *cookie, const void *buffer, size_t size) return -1; } - return size; + return (gpgrt_ssize_t)size; } static int @@ -425,7 +425,7 @@ static const char hlp_signer[] = "used, the signing will then not be done for this key. If the policy\n" "is not to sign at all if not all signer keys are valid, the client\n" "has to take care of this. All SIGNER commands are cumulative until\n" - "a RESET but they are *not* reset by an SIGN command becuase it can\n" + "a RESET but they are *not* reset by an SIGN command because it can\n" "be expected that set of signers are used for more than one sign\n" "operation."; static gpg_error_t |