[svn] dirmngr - r289 - trunk/src

svn author marcus cvs at cvs.gnupg.org
Thu Feb 14 16:41:34 CET 2008 

Author: marcus
Date: 2008-02-14 16:41:33 +0100 (Thu, 14 Feb 2008)
New Revision: 289

Modified:
   trunk/src/ChangeLog
   trunk/src/crlcache.c
Log:
2008-02-14  Marcus Brinkmann  <marcus at g10code.de>

	* crlcache.c (finish_sig_check): Undo last change.
	(finish_sig_check): Close md.
	(abort_sig_check): New function.
	(crl_parse_insert): Use abort_sig_check to clean up.


Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2008-02-14 14:16:49 UTC (rev 288)
+++ trunk/src/ChangeLog	2008-02-14 15:41:33 UTC (rev 289)
@@ -1,5 +1,10 @@
-2008-02-14  root  <marcus at g10code.de>
+2008-02-14  Marcus Brinkmann  <marcus at g10code.de>
 
+	* crlcache.c (finish_sig_check): Undo last change.
+	(finish_sig_check): Close md.
+	(abort_sig_check): New function.
+	(crl_parse_insert): Use abort_sig_check to clean up.
+
 	* crlcache.c (crl_cache_insert): Clean up CDB on error.
 
 2008-02-13  Marcus Brinkmann  <marcus at g10code.de>

Modified: trunk/src/crlcache.c
===================================================================
--- trunk/src/crlcache.c	2008-02-14 14:16:49 UTC (rev 288)
+++ trunk/src/crlcache.c	2008-02-14 15:41:33 UTC (rev 289)
@@ -1452,7 +1452,7 @@
    should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
    signature does not verify or any other error code. CRL is the CRL
    object we are working on, MD the hash context and ISSUER_CERT the
-   certificate of the CRL issuer. */
+   certificate of the CRL issuer.  This function closes MD.  */
 static gpg_error_t
 finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
                   ksba_cert_t issuer_cert)
@@ -1465,9 +1465,8 @@
   gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
   int i;
 
+  /* This also stops debugging on the MD.  */
   gcry_md_final (md);
-  if (DBG_HASHING)
-    gcry_md_debug (md, NULL);
 
   /* Get and convert the signature value. */
   sigval = ksba_crl_get_sig_val (crl);
@@ -1530,11 +1529,21 @@
   gcry_sexp_release (s_sig);
   gcry_sexp_release (s_hash);
   gcry_sexp_release (s_pkey);
-  
+  gcry_md_close (md);
+
   return err;
 }
 
 
+/* Call this to match a start_sig_check that can not be completed
+   normally.  */
+static void
+abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
+{
+  gcry_md_close (md);
+}
+
+
 /* Workhorse of the CRL loading machinery.  The CRL is read using the
    CRL object and stored in the data base file DB with the name FNAME
    (only used for printing error messages).  That DB should be a
@@ -1721,6 +1730,8 @@
                            gpg_strerror (err));
                 goto failure;
               }
+	    md = NULL;
+
             err = validate_cert_chain (ctrl, crlissuer_cert,
                                        NULL, VALIDATE_MODE_CRL_RECURSIVE);
             if (err)
@@ -1745,6 +1756,8 @@
 
 
  failure:
+  if (md)
+    abort_sig_check (crl, md);
   ksba_cert_release (crlissuer_cert);
   return err;
 }

More information about the Gnupg-commits mailing list