diff options
| author | Werner Koch <wk@gnupg.org> | 2002-08-09 20:12:22 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2002-08-09 20:12:22 +0200 |
| commit | 850a4d5214f8179710ab0c9ea7b67973b175e7b2 (patch) | |
| tree | 10f8aa8340cebda8ac8476475e4d622ba3c3d950 /sm/certcheck.c | |
| parent | * card.c (card_get_serial_and_stamp): Use the tokeinfo serial (diff) | |
| download | gnupg2-850a4d5214f8179710ab0c9ea7b67973b175e7b2.tar.xz gnupg2-850a4d5214f8179710ab0c9ea7b67973b175e7b2.zip | |
* gpgsm.c (emergency_cleanup): New.
(main): Initialize the signal handler.
* sign.c (gpgsm_sign): Reset the hash context for subsequent
signers and release it at the end.
Diffstat (limited to 'sm/certcheck.c')
| -rw-r--r-- | sm/certcheck.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/sm/certcheck.c b/sm/certcheck.c index 612a3d2d6..4700fe723 100644 --- a/sm/certcheck.c +++ b/sm/certcheck.c @@ -138,12 +138,16 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert) if (!n) { log_error ("libksba did not return a proper S-Exp\n"); + gcry_md_close (md); + ksba_free (p); return GNUPG_Bug; } rc = gcry_sexp_sscan ( &s_sig, NULL, p, n); + ksba_free (p); if (rc) { log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); + gcry_md_close (md); return map_gcry_err (rc); } @@ -152,29 +156,42 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert) if (!n) { log_error ("libksba did not return a proper S-Exp\n"); + gcry_md_close (md); + ksba_free (p); + gcry_sexp_release (s_sig); return GNUPG_Bug; } rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n); + ksba_free (p); if (rc) { log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); + gcry_md_close (md); + gcry_sexp_release (s_sig); return map_gcry_err (rc); } rc = do_encode_md (md, algo, gcry_pk_get_nbits (s_pkey), &frame); if (rc) { - /* fixme: clean up some things */ + gcry_md_close (md); + gcry_sexp_release (s_sig); + gcry_sexp_release (s_pkey); return rc; } + /* put hash into the S-Exp s_hash */ if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) ) BUG (); - + gcry_mpi_release (frame); rc = gcry_pk_verify (s_sig, s_hash, s_pkey); if (DBG_CRYPTO) log_debug ("gcry_pk_verify: %s\n", gcry_strerror (rc)); + gcry_md_close (md); + gcry_sexp_release (s_sig); + gcry_sexp_release (s_hash); + gcry_sexp_release (s_pkey); return map_gcry_err (rc); } @@ -208,15 +225,19 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval, if (!n) { log_error ("libksba did not return a proper S-Exp\n"); + ksba_free (p); + gcry_sexp_release (s_sig); return GNUPG_Bug; } if (DBG_X509) log_printhex ("public key: ", p, n); rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n); + ksba_free (p); if (rc) { log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); + gcry_sexp_release (s_sig); return map_gcry_err (rc); } @@ -224,17 +245,22 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval, rc = do_encode_md (md, algo, gcry_pk_get_nbits (s_pkey), &frame); if (rc) { - /* fixme: clean up some things */ + gcry_sexp_release (s_sig); + gcry_sexp_release (s_pkey); return rc; } /* put hash into the S-Exp s_hash */ if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) ) BUG (); - + gcry_mpi_release (frame); + rc = gcry_pk_verify (s_sig, s_hash, s_pkey); if (DBG_CRYPTO) log_debug ("gcry_pk_verify: %s\n", gcry_strerror (rc)); + gcry_sexp_release (s_sig); + gcry_sexp_release (s_hash); + gcry_sexp_release (s_sig); return map_gcry_err (rc); } |