summaryrefslogtreecommitdiffstats
path: root/sm
diff options
context:
space:
mode:
authorNIIBE Yutaka <gniibe@fsij.org>2023-07-25 03:04:18 +0200
committerNIIBE Yutaka <gniibe@fsij.org>2023-07-25 03:04:18 +0200
commit95d97615097255a1db1b71eec4df18c171e88df1 (patch)
treeead969dbc9a8433619a0ea8026e96b13f81d5a70 /sm
parentdirmngr: Silence compiler when it's without LDAP. (diff)
downloadgnupg2-95d97615097255a1db1b71eec4df18c171e88df1.tar.xz
gnupg2-95d97615097255a1db1b71eec4df18c171e88df1.zip
sm: Use estream for I/O.
* sm/decrypt.c (gpgsm_decrypt): Use estream for the input. * sm/encrypt.c (gpgsm_encrypt): Likewise. * sm/gpgsm.c (open_read): Remove. (main): Use open_es_fread for gpgsm_import_files. Fix call of gpgsm_encrypt, gpgsm_sign, gpgsm_verify and gpgsm_decrypt. (open_es_fread): Use gnupg_check_special_filename and open_stream_nc. * sm/gpgsm.h: Fix function declarations. * sm/import.c (import_one): Use estream for the input. (reimport_one, gpgsm_import, gpgsm_import_files): Likewise. * sm/server.c (struct server_local_s): Rename MESSAGE_FD to MESSAGE_FP. (close_message_fp): Rename from close_message_fd. (reset_notify): Follow the change of close_message_fp. (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_sign): Follow the change of close_message_fp. Use open_stream_nc to get estream. (cmd_import): Likewise. (cmd_export, cmd_delkeys, gpgsm_server): Follow the change of close_message_fp. (cmd_message): Setup MESSAGE_FP with open_stream_nc. * sm/sign.c (hash_data): Use estream for the input. (hash_and_copy_data): Likewise. (gpgsm_sign): Likewise. * sm/verify.c (hash_data): Use estream_t for FP. (gpgsm_verify): Use estream_t for IN_FP and DATA_FP. -- GnuPG-bug-id: 6592 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'sm')
-rw-r--r--sm/decrypt.c12
-rw-r--r--sm/encrypt.c14
-rw-r--r--sm/gpgsm.c122
-rw-r--r--sm/gpgsm.h13
-rw-r--r--sm/import.c51
-rw-r--r--sm/server.c121
-rw-r--r--sm/sign.c34
-rw-r--r--sm/verify.c41
8 files changed, 203 insertions, 205 deletions
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 62983fe9c..a30eafc55 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -1052,7 +1052,7 @@ decrypt_gcm_filter (void *arg,
/* Perform a decrypt operation. */
int
-gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
+gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp)
{
int rc;
gnupg_ksba_io_t b64reader = NULL;
@@ -1063,7 +1063,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
ksba_stop_reason_t stopreason;
KEYDB_HANDLE kh;
int recp;
- estream_t in_fp = NULL;
struct decrypt_filter_parm_s dfparm;
memset (&dfparm, 0, sizeof dfparm);
@@ -1078,14 +1077,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
goto leave;
}
- in_fp = es_fdopen_nc (in_fd, "rb");
- if (!in_fp)
- {
- rc = gpg_error_from_syserror ();
- log_error ("fdopen() failed: %s\n", strerror (errno));
- goto leave;
- }
-
rc = gnupg_ksba_create_reader
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
@@ -1516,7 +1507,6 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
gnupg_ksba_destroy_reader (b64reader);
gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
- es_fclose (in_fp);
if (dfparm.hd)
gcry_cipher_close (dfparm.hd);
return rc;
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 6e78a0620..923fdfd99 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -574,7 +574,8 @@ encrypt_cb (void *cb_value, char *buffer, size_t count, size_t *nread)
recipients are take from the certificate given in recplist; if this
is NULL it will be encrypted for a default recipient */
int
-gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
+gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, estream_t data_fp,
+ estream_t out_fp)
{
int rc = 0;
gnupg_ksba_io_t b64writer = NULL;
@@ -587,7 +588,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
struct encrypt_cb_parm_s encparm;
DEK dek = NULL;
int recpno;
- estream_t data_fp = NULL;
certlist_t cl;
int count;
int compliant;
@@ -623,15 +623,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
goto leave;
}
- /* Fixme: We should use the unlocked version of the es functions. */
- data_fp = es_fdopen_nc (data_fd, "rb");
- if (!data_fp)
- {
- rc = gpg_error_from_syserror ();
- log_error ("fdopen() failed: %s\n", strerror (errno));
- goto leave;
- }
-
err = ksba_reader_new (&reader);
if (err)
rc = err;
@@ -863,7 +854,6 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
ksba_reader_release (reader);
keydb_release (kh);
xfree (dek);
- es_fclose (data_fp);
xfree (encparm.buffer);
return rc;
}
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 0b69e6d62..20b574377 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -535,7 +535,6 @@ static void set_cmd (enum cmd_and_opt_values *ret_cmd,
enum cmd_and_opt_values new_cmd );
static void emergency_cleanup (void);
-static int open_read (const char *filename);
static estream_t open_es_fread (const char *filename, const char *mode);
static estream_t open_es_fwrite (const char *filename);
static void run_protect_tool (int argc, char **argv);
@@ -1778,7 +1777,7 @@ main ( int argc, char **argv)
{
log_info (_("importing common certificates '%s'\n"),
filelist[0]);
- gpgsm_import_files (&ctrl, 1, filelist, open_read);
+ gpgsm_import_files (&ctrl, 1, filelist, open_es_fread);
}
xfree (filelist[0]);
}
@@ -1916,9 +1915,20 @@ main ( int argc, char **argv)
set_binary (stdin);
if (!argc) /* Source is stdin. */
- err = gpgsm_encrypt (&ctrl, recplist, 0, fp);
+ err = gpgsm_encrypt (&ctrl, recplist, es_stdin, fp);
else if (argc == 1) /* Source is the given file. */
- err = gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
+ {
+ estream_t data_fp = es_fopen (*argv, "rb");
+
+ if (!data_fp)
+ {
+ log_error (_("can't open '%s': %s\n"), *argv,
+ strerror (errno));
+ gpgsm_exit (2);
+ }
+ err = gpgsm_encrypt (&ctrl, recplist, data_fp, fp);
+ es_fclose (data_fp);
+ }
else
wrong_args ("--encrypt [datafile]");
@@ -1937,10 +1947,20 @@ main ( int argc, char **argv)
signing because that is what gpg does.*/
set_binary (stdin);
if (!argc) /* Create from stdin. */
- err = gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp);
+ err = gpgsm_sign (&ctrl, signerlist, es_stdin, detached_sig, fp);
else if (argc == 1) /* From file. */
- err = gpgsm_sign (&ctrl, signerlist,
- open_read (*argv), detached_sig, fp);
+ {
+ estream_t data_fp = es_fopen (*argv, "rb");
+
+ if (!data_fp)
+ {
+ log_error (_("can't open '%s': %s\n"), *argv,
+ strerror (errno));
+ gpgsm_exit (2);
+ }
+ err = gpgsm_sign (&ctrl, signerlist, data_fp, detached_sig, fp);
+ es_fclose (data_fp);
+ }
else
wrong_args ("--sign [datafile]");
@@ -1981,11 +2001,43 @@ main ( int argc, char **argv)
fp = open_es_fwrite (opt.outfile);
if (!argc)
- gpgsm_verify (&ctrl, 0, -1, fp); /* normal signature from stdin */
+ /* normal signature from stdin */
+ gpgsm_verify (&ctrl, es_stdin, NULL, fp);
else if (argc == 1)
- gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */
+ {
+ estream_t in_fp = es_fopen (*argv, "rb");
+
+ if (!in_fp)
+ {
+ log_error (_("can't open '%s': %s\n"), *argv,
+ strerror (errno));
+ gpgsm_exit (2);
+ }
+ gpgsm_verify (&ctrl, in_fp, NULL, fp); /* std signature */
+ es_fclose (in_fp);
+ }
else if (argc == 2) /* detached signature (sig, detached) */
- gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
+ {
+ estream_t in_fp = es_fopen (*argv, "rb");
+ estream_t data_fp = es_fopen (argv[1], "rb");
+
+ if (!in_fp)
+ {
+ log_error (_("can't open '%s': %s\n"), *argv,
+ strerror (errno));
+ gpgsm_exit (2);
+ }
+ if (!data_fp)
+ {
+ log_error (_("can't open '%s': %s\n"), argv[1],
+ strerror (errno));
+ gpgsm_exit (2);
+ }
+
+ gpgsm_verify (&ctrl, in_fp, data_fp, NULL);
+ es_fclose (in_fp);
+ es_fclose (data_fp);
+ }
else
wrong_args ("--verify [signature [detached_data]]");
@@ -1999,9 +2051,19 @@ main ( int argc, char **argv)
set_binary (stdin);
if (!argc)
- err = gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
+ err = gpgsm_decrypt (&ctrl, es_stdin, fp); /* from stdin */
else if (argc == 1)
- err = gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
+ {
+ estream_t data_fp = es_fopen (*argv, "rb");
+ if (!data_fp)
+ {
+ log_error (_("can't open '%s': %s\n"), *argv,
+ strerror (errno));
+ gpgsm_exit (2);
+ }
+ err = gpgsm_decrypt (&ctrl, data_fp, fp); /* from file */
+ es_fclose (data_fp);
+ }
else
wrong_args ("--decrypt [filename]");
@@ -2092,7 +2154,7 @@ main ( int argc, char **argv)
case aImport:
- gpgsm_import_files (&ctrl, argc, argv, open_read);
+ gpgsm_import_files (&ctrl, argc, argv, open_es_fread);
break;
case aExport:
@@ -2293,46 +2355,20 @@ gpgsm_parse_validation_model (const char *model)
}
-
-/* Open the FILENAME for read and return the file descriptor. Stop
- with an error message in case of problems. "-" denotes stdin and
- if special filenames are allowed the given fd is opened instead. */
-static int
-open_read (const char *filename)
-{
- int fd;
-
- if (filename[0] == '-' && !filename[1])
- {
- set_binary (stdin);
- return 0; /* stdin */
- }
- fd = check_special_filename (filename, 0, 0);
- if (fd != -1)
- return fd;
- fd = gnupg_open (filename, O_RDONLY | O_BINARY, 0);
- if (fd == -1)
- {
- log_error (_("can't open '%s': %s\n"), filename, strerror (errno));
- gpgsm_exit (2);
- }
- return fd;
-}
-
/* Same as open_read but return an estream_t. */
static estream_t
open_es_fread (const char *filename, const char *mode)
{
- int fd;
+ gnupg_fd_t fd;
estream_t fp;
if (filename[0] == '-' && !filename[1])
return es_fpopen_nc (stdin, mode);
else
- fd = check_special_filename (filename, 0, 0);
- if (fd != -1)
+ fd = gnupg_check_special_filename (filename);
+ if (fd != GNUPG_INVALID_FD)
{
- fp = es_fdopen_nc (fd, mode);
+ fp = open_stream_nc (fd, mode);
if (!fp)
{
log_error ("es_fdopen(%d) failed: %s\n", FD_DBG (fd),
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index e1aca8bb7..93a80631f 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -426,9 +426,9 @@ gpg_error_t gpgsm_show_certs (ctrl_t ctrl, int nfiles, char **files,
estream_t fp);
/*-- import.c --*/
-int gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode);
+int gpgsm_import (ctrl_t ctrl, estream_t in_fp, int reimport_mode);
int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
- int (*of)(const char *fname));
+ estream_t (*of)(const char *fname, const char *mode));
/*-- export.c --*/
void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream);
@@ -439,23 +439,24 @@ void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream,
int gpgsm_delete (ctrl_t ctrl, strlist_t names);
/*-- verify.c --*/
-int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp);
+int gpgsm_verify (ctrl_t ctrl, estream_t in_fp, estream_t data_fp,
+ estream_t out_fp);
/*-- sign.c --*/
int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
int gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
- int data_fd, int detached, estream_t out_fp);
+ estream_t data_fp, int detached, estream_t out_fp);
/*-- encrypt.c --*/
int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist,
- int in_fd, estream_t out_fp);
+ estream_t in_fp, estream_t out_fp);
/*-- decrypt.c --*/
gpg_error_t ecdh_derive_kek (unsigned char *key, unsigned int keylen,
int hash_algo, const char *wrap_algo_str,
const void *secret, unsigned int secretlen,
const void *ukm, unsigned int ukmlen);
-int gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp);
+int gpgsm_decrypt (ctrl_t ctrl, estream_t in_fp, estream_t out_fp);
/*-- certreqgen.c --*/
int gpgsm_genkey (ctrl_t ctrl, estream_t in_stream, estream_t out_stream);
diff --git a/sm/import.c b/sm/import.c
index 5a193ef52..cd28cfbff 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -37,6 +37,10 @@
#include "../common/membuf.h"
#include "minip12.h"
+#ifndef O_BINARY
+#define O_BINARY 0
+#endif
+
/* The arbitrary limit of one PKCS#12 object. */
#define MAX_P12OBJ_SIZE 128 /*kb*/
@@ -269,25 +273,16 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
static int
-import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
+import_one (ctrl_t ctrl, struct stats_s *stats, estream_t fp)
{
int rc;
gnupg_ksba_io_t b64reader = NULL;
ksba_reader_t reader;
ksba_cert_t cert = NULL;
ksba_cms_t cms = NULL;
- estream_t fp = NULL;
ksba_content_type_t ct;
int any = 0;
- fp = es_fdopen_nc (in_fd, "rb");
- if (!fp)
- {
- rc = gpg_error_from_syserror ();
- log_error ("fdopen() failed: %s\n", strerror (errno));
- goto leave;
- }
-
rc = gnupg_ksba_create_reader
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
@@ -388,7 +383,6 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
ksba_cms_release (cms);
ksba_cert_release (cert);
gnupg_ksba_destroy_reader (b64reader);
- es_fclose (fp);
return rc;
}
@@ -398,10 +392,9 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
fingerprints t re-import. The actual re-import is done by clearing
the ephemeral flag. */
static int
-reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
+reimport_one (ctrl_t ctrl, struct stats_s *stats, estream_t fp)
{
gpg_error_t err = 0;
- estream_t fp = NULL;
char line[100]; /* Sufficient for a fingerprint. */
KEYDB_HANDLE kh;
KEYDB_SEARCH_DESC desc;
@@ -417,14 +410,6 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
}
keydb_set_ephemeral (kh, 1);
- fp = es_fdopen_nc (in_fd, "r");
- if (!fp)
- {
- err = gpg_error_from_syserror ();
- log_error ("es_fdopen(%d) failed: %s\n", in_fd, gpg_strerror (err));
- goto leave;
- }
-
while (es_fgets (line, DIM(line)-1, fp) )
{
if (*line && line[strlen(line)-1] != '\n')
@@ -500,30 +485,29 @@ reimport_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
if (es_ferror (fp))
{
err = gpg_error_from_syserror ();
- log_error ("error reading fd %d: %s\n", in_fd, gpg_strerror (err));
+ log_error ("error reading fp %p: %s\n", fp, gpg_strerror (err));
goto leave;
}
leave:
ksba_cert_release (cert);
keydb_release (kh);
- es_fclose (fp);
return err;
}
int
-gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode)
+gpgsm_import (ctrl_t ctrl, estream_t in_fp, int reimport_mode)
{
int rc;
struct stats_s stats;
memset (&stats, 0, sizeof stats);
if (reimport_mode)
- rc = reimport_one (ctrl, &stats, in_fd);
+ rc = reimport_one (ctrl, &stats, in_fp);
else
- rc = import_one (ctrl, &stats, in_fd);
+ rc = import_one (ctrl, &stats, in_fp);
print_imported_summary (ctrl, &stats);
/* If we never printed an error message do it now so that a command
line invocation will return with an error (log_error keeps a
@@ -536,7 +520,7 @@ gpgsm_import (ctrl_t ctrl, int in_fd, int reimport_mode)
int
gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
- int (*of)(const char *fname))
+ estream_t (*of)(const char *fname, const char *mode))
{
int rc = 0;
struct stats_s stats;
@@ -544,14 +528,19 @@ gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
memset (&stats, 0, sizeof stats);
if (!nfiles)
- rc = import_one (ctrl, &stats, 0);
+ {
+#ifdef HAVE_DOSISH_SYSTEM
+ setmode (0, O_BINARY);
+#endif
+ rc = import_one (ctrl, &stats, es_stdin);
+ }
else
{
for (; nfiles && !rc ; nfiles--, files++)
{
- int fd = of (*files);
- rc = import_one (ctrl, &stats, fd);
- close (fd);
+ estream_t fp = of (*files, "rb");
+ rc = import_one (ctrl, &stats, fp);
+ es_fclose (fp);
if (rc == -1/* legacy*/ || gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
rc = 0;
}
diff --git a/sm/server.c b/sm/server.c
index 693932c2e..3ebf47299 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -43,7 +43,7 @@ static FILE *statusfp;
/* Data used to assuciate an Assuan context with local server data */
struct server_local_s {
assuan_context_t assuan_ctx;
- int message_fd;
+ estream_t message_fp;
int list_internal;
int list_external;
int list_to_output; /* Write keylistings to the output fd. */
@@ -130,12 +130,12 @@ data_line_cookie_close (void *cookie)
static void
-close_message_fd (ctrl_t ctrl)
+close_message_fp (ctrl_t ctrl)
{
- if (ctrl->server_local->message_fd != -1)
+ if (ctrl->server_local->message_fp)
{
- close (ctrl->server_local->message_fd);
- ctrl->server_local->message_fd = -1;
+ es_fclose (ctrl->server_local->message_fp);
+ ctrl->server_local->message_fp = NULL;
}
}
@@ -320,7 +320,7 @@ reset_notify (assuan_context_t ctx, char *line)
gpgsm_release_certlist (ctrl->server_local->signerlist);
ctrl->server_local->recplist = NULL;
ctrl->server_local->signerlist = NULL;
- close_message_fd (ctrl);
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
return 0;
@@ -451,20 +451,25 @@ cmd_encrypt (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
certlist_t cl;
- int inp_fd;
+ gnupg_fd_t inp_fd;
gnupg_fd_t out_fd;
+ estream_t inp_fp;
estream_t out_fp;
int rc;
(void)line;
- inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
- if (inp_fd == -1)
+ inp_fd = assuan_get_input_fd (ctx);
+ if (inp_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
out_fd = assuan_get_output_fd (ctx);
if (out_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+ inp_fp = open_stream_nc (inp_fd, "r");
+ if (!inp_fp)
+ return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
+
out_fp = open_stream_nc (out_fd, "w");
if (!out_fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
@@ -484,13 +489,14 @@ cmd_encrypt (assuan_context_t ctx, char *line)
if (!rc)
rc = gpgsm_encrypt (assuan_get_pointer (ctx),
ctrl->server_local->recplist,
- inp_fd, out_fp);
+ inp_fp, out_fp);
+ es_fclose (inp_fp);
es_fclose (out_fp);
gpgsm_release_certlist (ctrl->server_local->recplist);
ctrl->server_local->recplist = NULL;
- /* Close and reset the fd */
- close_message_fd (ctrl);
+ /* Close and reset the fp and the fds */
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
return rc;
@@ -509,31 +515,37 @@ static gpg_error_t
cmd_decrypt (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
- int inp_fd;
+ gnupg_fd_t inp_fd;
gnupg_fd_t out_fd;
+ estream_t inp_fp;
estream_t out_fp;
int rc;
(void)line;
- inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
- if (inp_fd == -1)
+ inp_fd = assuan_get_input_fd (ctx);
+ if (inp_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
out_fd = assuan_get_output_fd (ctx);
if (out_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
+ inp_fp = open_stream_nc (inp_fd, "r");
+ if (!inp_fp)
+ return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
+
out_fp = open_stream_nc (out_fd, "w");
if (!out_fp)
return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
rc = start_audit_session (ctrl);
if (!rc)
- rc = gpgsm_decrypt (ctrl, inp_fd, out_fp);
+ rc = gpgsm_decrypt (ctrl, inp_fp, out_fp);
+ es_fclose (inp_fp);
es_fclose (out_fp);
/* Close and reset the fds. */
- close_message_fd (ctrl);
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
@@ -555,15 +567,20 @@ cmd_verify (assuan_context_t ctx, char *line)
{
int rc;
ctrl_t ctrl = assuan_get_pointer (ctx);
- int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ gnupg_fd_t fd = assuan_get_input_fd (ctx);
gnupg_fd_t out_fd = assuan_get_output_fd (ctx);
+ estream_t fp = NULL;
estream_t out_fp = NULL;
(void)line;
- if (fd == -1)
+ if (fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
+ fp = open_stream_nc (fd, "r");
+ if (!fp)
+ return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
+
if (out_fd != GNUPG_INVALID_FD)
{
out_fp = open_stream_nc (out_fd, "w");
@@ -573,12 +590,13 @@ cmd_verify (assuan_context_t ctx, char *line)
rc = start_audit_session (ctrl);
if (!rc)
- rc = gpgsm_verify (assuan_get_pointer (ctx), fd,
- ctrl->server_local->message_fd, out_fp);
+ rc = gpgsm_verify (assuan_get_pointer (ctx), fp,
+ ctrl->server_local->message_fp, out_fp);
+ es_fclose (fp);
es_fclose (out_fp);
- /* Close and reset the fd. */
- close_message_fd (ctrl);
+ /* Close and reset the fp and the fd. */
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
@@ -596,14 +614,15 @@ static gpg_error_t
cmd_sign (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
- int inp_fd;
+ gnupg_fd_t inp_fd;
gnupg_fd_t out_fd;
+ estream_t inp_fp;
estream_t out_fp;
int detached;
int rc;
- inp_fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
- if (inp_fd == -1)
+ inp_fd = assuan_get_input_fd (ctx);
+ if (inp_fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
out_fd = assuan_get_output_fd (ctx);
if (out_fd == GNUPG_INVALID_FD)
@@ -611,6 +630,10 @@ cmd_sign (assuan_context_t ctx, char *line)
detached = has_option (line, "--detached");
+ inp_fp = open_stream_nc (inp_fd, "r");
+ if (!inp_fp)
+ return set_error (gpg_err_code_from_syserror (), "fdopen() failed");
+
out_fp = open_stream_nc (out_fd, "w");
if (!out_fp)
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
@@ -618,11 +641,12 @@ cmd_sign (assuan_context_t ctx, char *line)
rc = start_audit_session (ctrl);
if (!rc)
rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist,
- inp_fd, detached, out_fp);
+ inp_fp, detached, out_fp);
+ es_fclose (inp_fp);
es_fclose (out_fp);
- /* close and reset the fd */
- close_message_fd (ctrl);
+ /* close and reset the fp and the fds */
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
@@ -647,18 +671,24 @@ cmd_import (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
int rc;
- int fd = translate_sys2libc_fd (assuan_get_input_fd (ctx), 0);
+ gnupg_fd_t fd = assuan_get_input_fd (ctx);
int reimport = has_option (line, "--re-import");
+ estream_t fp;
(void)line;
- if (fd == -1)
+ if (fd == GNUPG_INVALID_FD)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
- rc = gpgsm_import (assuan_get_pointer (ctx), fd, reimport);
+ fp = open_stream_nc (fd, "r");
+ if (!fp)
+ return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
- /* close and reset the fd */
- close_message_fd (ctrl);
+ rc = gpgsm_import (assuan_get_pointer (ctx), fp, reimport);
+ es_fclose (fp);
+
+ /* close and reset the fp and the fds */
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
@@ -783,8 +813,8 @@ cmd_export (assuan_context_t ctx, char *line)
}
free_strlist (list);
- /* Close and reset the fds. */
- close_message_fd (ctrl);
+ /* Close and reset the fp and the fds. */
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
return 0;
@@ -832,8 +862,8 @@ cmd_delkeys (assuan_context_t ctx, char *line)
rc = gpgsm_delete (ctrl, list);
free_strlist (list);
- /* close and reset the fd */
- close_message_fd (ctrl);
+ /* close and reset the fp and the fds */
+ close_message_fp (ctrl);
assuan_close_input_fd (ctx);
assuan_close_output_fd (ctx);
@@ -867,19 +897,18 @@ static gpg_error_t
cmd_message (assuan_context_t ctx, char *line)
{
int rc;
- gnupg_fd_t sysfd;
- int fd;
+ gnupg_fd_t fd;
+ estream_t fp;
ctrl_t ctrl = assuan_get_pointer (ctx);
- rc = assuan_command_parse_fd (ctx, line, &sysfd);
+ rc = assuan_command_parse_fd (ctx, line, &fd);
if (rc)
return rc;
-
- fd = translate_sys2libc_fd (sysfd, 0);
- if (fd == -1)
+ fp = open_stream_nc (fd, "r");
+ if (!fp)
return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
- ctrl->server_local->message_fd = fd;
+ ctrl->server_local->message_fp = fp;
return 0;
}
@@ -1425,7 +1454,7 @@ gpgsm_server (certlist_t default_recplist)
assuan_set_pointer (ctx, &ctrl);
ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local);
ctrl.server_local->assuan_ctx = ctx;
- ctrl.server_local->message_fd = -1;
+ ctrl.server_local->message_fp = NULL;
ctrl.server_local->list_internal = 1;
ctrl.server_local->list_external = 0;
ctrl.server_local->default_recplist = default_recplist;
diff --git a/sm/sign.c b/sm/sign.c
index 235dac8cb..39ff2b58f 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -40,20 +40,12 @@
/* Hash the data and return if something was hashed. Return -1 on error. */
static int
-hash_data (int fd, gcry_md_hd_t md)
+hash_data (estream_t fp, gcry_md_hd_t md)
{
- estream_t fp;
char buffer[4096];
int nread;
int rc = 0;
- fp = es_fdopen_nc (fd, "rb");
- if (!fp)
- {
- log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
- return -1;
- }
-
do
{
nread = es_fread (buffer, 1, DIM(buffer), fp);
@@ -62,32 +54,22 @@ hash_data (int fd, gcry_md_hd_t md)
while (nread);
if (es_ferror (fp))
{
- log_error ("read error on fd %d: %s\n", fd, strerror (errno));
+ log_error ("read error on fd %p: %s\n", fp, strerror (errno));
rc = -1;
}
- es_fclose (fp);
return rc;
}
static int
-hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
+hash_and_copy_data (estream_t fp, gcry_md_hd_t md, ksba_writer_t writer)
{
gpg_error_t err;
- estream_t fp;
char buffer[4096];
int nread;
int rc = 0;
int any = 0;
- fp = es_fdopen_nc (fd, "rb");
- if (!fp)
- {
- gpg_error_t tmperr = gpg_error_from_syserror ();
- log_error ("fdopen(%d) failed: %s\n", fd, strerror (errno));
- return tmperr;
- }
-
do
{
nread = es_fread (buffer, 1, DIM(buffer), fp);
@@ -107,9 +89,9 @@ hash_and_copy_data (int fd, gcry_md_hd_t md, ksba_writer_t writer)
if (es_ferror (fp))
{
rc = gpg_error_from_syserror ();
- log_error ("read error on fd %d: %s\n", fd, strerror (errno));
+ log_error ("read error on fp %p: %s\n", fp, strerror (errno));
}
- es_fclose (fp);
+
if (!any)
{
/* We can't allow signing an empty message because it does not
@@ -622,7 +604,7 @@ write_detached_signature (ctrl_t ctrl, const void *blob, size_t bloblen,
be used if the value of this argument is NULL. */
int
gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
- int data_fd, int detached, estream_t out_fp)
+ estream_t data_fp, int detached, estream_t out_fp)
{
int i, rc;
gpg_error_t err;
@@ -959,7 +941,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
unsigned char *digest;
size_t digest_len;
- if (!hash_data (data_fd, data_md))
+ if (!hash_data (data_fp, data_md))
audit_log (ctrl->audit, AUDIT_GOT_DATA);
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
{
@@ -1044,7 +1026,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
log_assert (!detached);
- rc = hash_and_copy_data (data_fd, data_md, writer);
+ rc = hash_and_copy_data (data_fp, data_md, writer);
if (rc)
goto leave;
audit_log (ctrl->audit, AUDIT_GOT_DATA);
diff --git a/sm/verify.c b/sm/verify.c
index c7f4492ce..de407bf16 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -53,21 +53,12 @@ strtimestamp_r (ksba_isotime_t atime)
/* Hash the data for a detached signature. Returns 0 on success. */
static gpg_error_t
-hash_data (int fd, gcry_md_hd_t md)
+hash_data (estream_t fp, gcry_md_hd_t md)
{
gpg_error_t err = 0;
- estream_t fp;
char buffer[4096];
int nread;
- fp = es_fdopen_nc (fd, "rb");
- if (!fp)
- {
- err = gpg_error_from_syserror ();
- log_error ("fdopen(%d) failed: %s\n", fd, gpg_strerror (err));
- return err;
- }
-
do
{
nread = es_fread (buffer, 1, DIM(buffer), fp);
@@ -77,20 +68,20 @@ hash_data (int fd, gcry_md_hd_t md)
if (es_ferror (fp))
{
err = gpg_error_from_syserror ();
- log_error ("read error on fd %d: %s\n", fd, gpg_strerror (err));
+ log_error ("read error on fp %p: %s\n", fp, gpg_strerror (err));
}
- es_fclose (fp);
return err;
}
-/* Perform a verify operation. To verify detached signatures, DATA_FD
- must be different than -1. With OUT_FP given and a non-detached
+/* Perform a verify operation. To verify detached signatures, DATA_FP
+ must be different than NULL. With OUT_FP given and a non-detached
signature, the signed material is written to that stream. */
int
-gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
+gpgsm_verify (ctrl_t ctrl, estream_t in_fp, estream_t data_fp,
+ estream_t out_fp)
{
int i, rc;
gnupg_ksba_io_t b64reader = NULL;
@@ -106,7 +97,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
const char *algoid;
int algo;
int is_detached, maybe_detached;
- estream_t in_fp = NULL;
char *p;
audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY);
@@ -114,7 +104,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
/* Although we detect detached signatures during the parsing phase,
* we need to know it earlier and thus accept the caller idea of
* what to verify. */
- maybe_detached = (data_fd != -1);
+ maybe_detached = (data_fp != NULL);
kh = keydb_new (ctrl);
if (!kh)
@@ -125,14 +115,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
- in_fp = es_fdopen_nc (in_fd, "rb");
- if (!in_fp)
- {
- rc = gpg_error_from_syserror ();
- log_error ("fdopen() failed: %s\n", strerror (errno));
- goto leave;
- }
-
rc = gnupg_ksba_create_reader
(&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
| (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
@@ -242,7 +224,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
if (is_detached)
{
- if (data_fd == -1)
+ if (!data_fp)
{
log_info ("detached signature w/o data "
"- assuming certs-only\n");
@@ -250,7 +232,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
else
audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING,
- hash_data (data_fd, data_md));
+ hash_data (data_fp, data_md));
}
else
{
@@ -275,7 +257,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
}
}
- if (data_fd != -1 && !is_detached)
+ if (data_fp && !is_detached)
{
log_error ("data given for a non-detached signature\n");
rc = gpg_error (GPG_ERR_CONFLICT);
@@ -315,7 +297,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA
- && data_fd == -1 && is_detached)
+ && !data_fp && is_detached)
{
log_info ("certs-only message accepted\n");
rc = 0;
@@ -748,7 +730,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
- es_fclose (in_fp);
if (rc)
{
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 03:42:50 +0100