diff options
Diffstat (limited to 'sm/verify.c')
| -rw-r--r-- | sm/verify.c | 41 |
1 files changed, 11 insertions, 30 deletions
diff --git a/sm/verify.c b/sm/verify.c index 1f5c1d378..9c012596d 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -53,21 +53,12 @@ strtimestamp_r (ksba_isotime_t atime) /* Hash the data for a detached signature. Returns 0 on success. */ static gpg_error_t -hash_data (int fd, gcry_md_hd_t md) +hash_data (estream_t fp, gcry_md_hd_t md) { gpg_error_t err = 0; - estream_t fp; char buffer[4096]; int nread; - fp = es_fdopen_nc (fd, "rb"); - if (!fp) - { - err = gpg_error_from_syserror (); - log_error ("fdopen(%d) failed: %s\n", fd, gpg_strerror (err)); - return err; - } - do { nread = es_fread (buffer, 1, DIM(buffer), fp); @@ -77,20 +68,20 @@ hash_data (int fd, gcry_md_hd_t md) if (es_ferror (fp)) { err = gpg_error_from_syserror (); - log_error ("read error on fd %d: %s\n", fd, gpg_strerror (err)); + log_error ("read error on fp %p: %s\n", fp, gpg_strerror (err)); } - es_fclose (fp); return err; } -/* Perform a verify operation. To verify detached signatures, DATA_FD - must be different than -1. With OUT_FP given and a non-detached +/* Perform a verify operation. To verify detached signatures, DATA_FP + must be different than NULL. With OUT_FP given and a non-detached signature, the signed material is written to that stream. */ int -gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) +gpgsm_verify (ctrl_t ctrl, estream_t in_fp, estream_t data_fp, + estream_t out_fp) { int i, rc; gnupg_ksba_io_t b64reader = NULL; @@ -106,7 +97,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) const char *algoid; int algo; int is_detached, maybe_detached; - estream_t in_fp = NULL; char *p; audit_set_type (ctrl->audit, AUDIT_TYPE_VERIFY); @@ -114,7 +104,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) /* Although we detect detached signatures during the parsing phase, * we need to know it earlier and thus accept the caller idea of * what to verify. */ - maybe_detached = (data_fd != -1); + maybe_detached = (data_fp != NULL); kh = keydb_new (ctrl); if (!kh) @@ -125,14 +115,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) } - in_fp = es_fdopen_nc (in_fd, "rb"); - if (!in_fp) - { - rc = gpg_error_from_syserror (); - log_error ("fdopen() failed: %s\n", strerror (errno)); - goto leave; - } - rc = gnupg_ksba_create_reader (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0) | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0) @@ -242,7 +224,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) } if (is_detached) { - if (data_fd == -1) + if (!data_fp) { log_info ("detached signature w/o data " "- assuming certs-only\n"); @@ -250,7 +232,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) } else audit_log_ok (ctrl->audit, AUDIT_DATA_HASHING, - hash_data (data_fd, data_md)); + hash_data (data_fp, data_md)); } else { @@ -275,7 +257,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) } } - if (data_fd != -1 && !is_detached) + if (data_fp && !is_detached) { log_error ("data given for a non-detached signature\n"); rc = gpg_error (GPG_ERR_CONFLICT); @@ -315,7 +297,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) rc = ksba_cms_get_issuer_serial (cms, signer, &issuer, &serial); if (!signer && gpg_err_code (rc) == GPG_ERR_NO_DATA - && data_fd == -1 && is_detached) + && !data_fp && is_detached) { log_info ("certs-only message accepted\n"); rc = 0; @@ -748,7 +730,6 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp) gnupg_ksba_destroy_writer (b64writer); keydb_release (kh); gcry_md_close (data_md); - es_fclose (in_fp); if (rc) { |