4 files changed, 53 insertions, 52 deletions

diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index ce977413d..1b4692c13 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1981,11 +1981,23 @@ main ( int argc, char **argv)
           fp = open_es_fwrite (opt.outfile);
 
         if (!argc)
-          gpgsm_verify (&ctrl, 0, -1, fp); /* normal signature from stdin */
+          gpgsm_verify (&ctrl, 0, NULL, fp); /* normal signature from stdin */
         else if (argc == 1)
-          gpgsm_verify (&ctrl, open_read (*argv), -1, fp); /* std signature */
+          gpgsm_verify (&ctrl, open_read (*argv), NULL, fp); /* std signature */
         else if (argc == 2) /* detached signature (sig, detached) */
-          gpgsm_verify (&ctrl, open_read (*argv), open_read (argv[1]), NULL);
+          {
+            estream_t data_fp = es_fopen (argv[1], "rb");
+
+            if (!data_fp)
+              {
+                log_error (_("can't open '%s': %s\n"), argv[1],
+                           strerror (errno));
+                gpgsm_exit (2);
+              }
+
+            gpgsm_verify (&ctrl, open_read (*argv), data_fp, NULL);
+            es_fclose (data_fp);
+          }
         else
           wrong_args ("--verify [signature [detached_data]]");
 
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index e1aca8bb7..71bb3bd71 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -439,7 +439,7 @@ void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream,
 int gpgsm_delete (ctrl_t ctrl, strlist_t names);
 
 /*-- verify.c --*/
-int gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp);
+int gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp);
 
 /*-- sign.c --*/
 int gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert);
diff --git a/sm/server.c b/sm/server.c
index 934d3764d..3e012f1e6 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -43,7 +43,7 @@ static FILE *statusfp;
 /* Data used to assuciate an Assuan context with local server data */
 struct server_local_s {
   assuan_context_t assuan_ctx;
-  int message_fd;
+  estream_t message_fp;
   int list_internal;
   int list_external;
   int list_to_output;           /* Write keylistings to the output fd. */
@@ -130,12 +130,12 @@ data_line_cookie_close (void *cookie)
 
 
 static void
-close_message_fd (ctrl_t ctrl)
+close_message_fp (ctrl_t ctrl)
 {
-  if (ctrl->server_local->message_fd != -1)
+  if (ctrl->server_local->message_fp)
     {
-      close (ctrl->server_local->message_fd);
-      ctrl->server_local->message_fd = -1;
+      es_fclose (ctrl->server_local->message_fp);
+      ctrl->server_local->message_fp = NULL;
     }
 }
 
@@ -320,7 +320,7 @@ reset_notify (assuan_context_t ctx, char *line)
   gpgsm_release_certlist (ctrl->server_local->signerlist);
   ctrl->server_local->recplist = NULL;
   ctrl->server_local->signerlist = NULL;
-  close_message_fd (ctrl);
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
   return 0;
@@ -489,8 +489,8 @@ cmd_encrypt (assuan_context_t ctx, char *line)
 
   gpgsm_release_certlist (ctrl->server_local->recplist);
   ctrl->server_local->recplist = NULL;
-  /* Close and reset the fd */
-  close_message_fd (ctrl);
+  /* Close and reset the fp and the fds */
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
   return rc;
@@ -533,7 +533,7 @@ cmd_decrypt (assuan_context_t ctx, char *line)
   es_fclose (out_fp);
 
   /* Close and reset the fds. */
-  close_message_fd (ctrl);
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
 
@@ -574,11 +574,11 @@ cmd_verify (assuan_context_t ctx, char *line)
   rc = start_audit_session (ctrl);
   if (!rc)
     rc = gpgsm_verify (assuan_get_pointer (ctx), fd,
-                       ctrl->server_local->message_fd, out_fp);
+                       ctrl->server_local->message_fp, out_fp);
   es_fclose (out_fp);
 
-  /* Close and reset the fd.  */
-  close_message_fd (ctrl);
+  /* Close and reset the fp and the fd.  */
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
 
@@ -621,8 +621,8 @@ cmd_sign (assuan_context_t ctx, char *line)
                      inp_fd, detached, out_fp);
   es_fclose (out_fp);
 
-  /* close and reset the fd */
-  close_message_fd (ctrl);
+  /* close and reset the fp and the fds */
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
 
@@ -657,8 +657,8 @@ cmd_import (assuan_context_t ctx, char *line)
 
   rc = gpgsm_import (assuan_get_pointer (ctx), fd, reimport);
 
-  /* close and reset the fd */
-  close_message_fd (ctrl);
+  /* close and reset the fp and the fds */
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
 
@@ -783,8 +783,8 @@ cmd_export (assuan_context_t ctx, char *line)
     }
 
   free_strlist (list);
-  /* Close and reset the fds. */
-  close_message_fd (ctrl);
+  /* Close and reset the fp and the fds. */
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
   return 0;
@@ -832,8 +832,8 @@ cmd_delkeys (assuan_context_t ctx, char *line)
   rc = gpgsm_delete (ctrl, list);
   free_strlist (list);
 
-  /* close and reset the fd */
-  close_message_fd (ctrl);
+  /* close and reset the fp and the fds */
+  close_message_fp (ctrl);
   assuan_close_input_fd (ctx);
   assuan_close_output_fd (ctx);
 
@@ -867,19 +867,18 @@ static gpg_error_t
 cmd_message (assuan_context_t ctx, char *line)
 {
   int rc;
-  gnupg_fd_t sysfd;
-  int fd;
+  gnupg_fd_t fd;
+  estream_t fp;
   ctrl_t ctrl = assuan_get_pointer (ctx);
 
-  rc = assuan_command_parse_fd (ctx, line, &sysfd);
+  rc = assuan_command_parse_fd (ctx, line, &fd);
   if (rc)
     return rc;
 
-
-  fd = translate_sys2libc_fd (sysfd, 0);
-  if (fd == -1)
+  fp = open_stream_nc (fd, "rb");
+  if (!fp)
     return set_error (GPG_ERR_ASS_NO_INPUT, NULL);
-  ctrl->server_local->message_fd = fd;
+  ctrl->server_local->message_fp = fp;
   return 0;
 }
 
@@ -1425,7 +1424,7 @@ gpgsm_server (certlist_t default_recplist)
   assuan_set_pointer (ctx, &ctrl);
   ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local);
   ctrl.server_local->assuan_ctx = ctx;
-  ctrl.server_local->message_fd = -1;
+  ctrl.server_local->message_fp = NULL;
   ctrl.server_local->list_internal = 1;
   ctrl.server_local->list_external = 0;
   ctrl.server_local->default_recplist = default_recplist;
diff --git a/sm/verify.c b/sm/verify.c
index c7f4492ce..3d246d030 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -53,21 +53,12 @@ strtimestamp_r (ksba_isotime_t atime)
 
 /* Hash the data for a detached signature.  Returns 0 on success.  */
 static gpg_error_t
-hash_data (int fd, gcry_md_hd_t md)
+hash_data (estream_t fp, gcry_md_hd_t md)
 {
   gpg_error_t err = 0;
-  estream_t fp;
   char buffer[4096];
   int nread;
 
-  fp = es_fdopen_nc (fd, "rb");
-  if (!fp)
-    {
-      err = gpg_error_from_syserror ();
-      log_error ("fdopen(%d) failed: %s\n", fd, gpg_strerror (err));
-      return err;
-    }
-
   do
     {
       nread = es_fread (buffer, 1, DIM(buffer), fp);
@@ -77,20 +68,19 @@ hash_data (int fd, gcry_md_hd_t md)
   if (es_ferror (fp))
     {
       err = gpg_error_from_syserror ();
-      log_error ("read error on fd %d: %s\n", fd, gpg_strerror (err));
+      log_error ("read error on fp %p: %s\n", fp, gpg_strerror (err));
     }
-  es_fclose (fp);
   return err;
 }
 
 
 
 
-/* Perform a verify operation.  To verify detached signatures, DATA_FD
-   must be different than -1.  With OUT_FP given and a non-detached
+/* Perform a verify operation.  To verify detached signatures, DATA_FP
+   must be different than NULL.  With OUT_FP given and a non-detached
    signature, the signed material is written to that stream.  */
 int
-gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
+gpgsm_verify (ctrl_t ctrl, int in_fd, estream_t data_fp, estream_t out_fp)
 {
   int i, rc;
   gnupg_ksba_io_t b64reader = NULL;
@@ -114,7 +104,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
   /* Although we detect detached signatures during the parsing phase,
    * we need to know it earlier and thus accept the caller idea of
    * what to verify.  */
-  maybe_detached = (data_fd != -1);
+  maybe_detached = (data_fp != NULL);
 
   kh = keydb_new (ctrl);
   if (!kh)
@@ -242,7 +232,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
             }
           if (is_detached)
             {
-              if (data_fd == -1)
+              if (!data_fp)
                 {
                   log_info ("detached signature w/o data "
                             "- assuming certs-only\n");
@@ -250,7 +240,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
                 }
               else
                 audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING,
-                              hash_data (data_fd, data_md));
+                              hash_data (data_fp, data_md));
             }
           else
             {
@@ -275,7 +265,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
         }
     }
 
-  if (data_fd != -1 && !is_detached)
+  if (data_fp && !is_detached)
     {
       log_error ("data given for a non-detached signature\n");
       rc = gpg_error (GPG_ERR_CONFLICT);
@@ -315,7 +305,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
 
       rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial);
       if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA
-          && data_fd == -1 && is_detached)
+          && !data_fp && is_detached)
         {
           log_info ("certs-only message accepted\n");
           rc = 0;