[git] GnuPG - branch, master, updated. gnupg-2.1.18-89-ge1dfd86
by Werner Koch
cvs at cvs.gnupg.org
Thu Feb 16 17:26:31 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via e1dfd862367cf91b66abe86bd73664409354bb14 (commit)
via 28c31524be84f20b34573c78bd3a94a81e4b1d61 (commit)
via 919e76b407ac557b0f518ec03f3cc59e9e5740c9 (commit)
via 04bfa6fe6597b8ffcec61cbcacdc7eb137444e80 (commit)
via 5c4e67afd6385b48065de6a0f2dd0bfd936ab90b (commit)
from 1af733f37bf6fd55ccac787a7e34c3b3ca002126 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e1dfd862367cf91b66abe86bd73664409354bb14
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 16 17:11:38 2017 +0100
common: Rename remaining symbols in ksba-io-support.
* common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ...
(gnupg_ksba_reader_eof_seen): this. Change all callers.
(gpgsm_destroy_reader): Rename to ...
(gnupg_ksba_destroy_reader): this. Change all callers.
(gpgsm_finish_writer): Rename to ...
(gnupg_ksba_finish_writer): this. Change all callers.
(gpgsm_destroy_writer): Rename to ...
(gnupg_ksba_destroy_writer): this. Change all callers.
* common/ksba-io-support.c (struct base64_context_s): Rename to ...
(gnupg_ksba_io_s): this.
* common/ksba-io-support.h (base64_context_s): Ditto.
(Base64Context): Rename this typedef to ...
(gnupg_ksba_io_t): this. Change all users.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/ksba-io-support.c b/common/ksba-io-support.c
index 48a7ac1..5c7fd22 100644
--- a/common/ksba-io-support.c
+++ b/common/ksba-io-support.c
@@ -101,8 +101,8 @@ struct writer_cb_parm_s
};
-/* context for this module's functions */
-struct base64_context_s {
+/* Context for this module's functions. */
+struct gnupg_ksba_io_s {
union {
struct reader_cb_parm_s rparm;
struct writer_cb_parm_s wparm;
@@ -475,7 +475,7 @@ base64_writer_cb (void *cb_value, const void *buffer, size_t count)
}
-/* This callback is only used in stream mode. Hiowever, we don't
+/* This callback is only used in stream mode. However, we don't
restrict it to this. */
static int
plain_writer_cb (void *cb_value, const void *buffer, size_t count)
@@ -553,7 +553,7 @@ base64_finish_write (struct writer_cb_parm_s *parm)
/* Create a reader for the stream FP. FLAGS can be used to specify
* the expected input encoding.
*
- * The function returns a Base64Context object which must be passed to
+ * The function returns a gnupg_ksba_io_t object which must be passed to
* the gpgme_destroy_reader function. The created ksba_reader_t
* object is stored at R_READER - the caller must not call the
* ksba_reader_release function on.
@@ -571,7 +571,7 @@ base64_finish_write (struct writer_cb_parm_s *parm)
* which in turn has a gight priority than the AUTODETECT flag.
*/
gpg_error_t
-gnupg_ksba_create_reader (Base64Context *ctx,
+gnupg_ksba_create_reader (gnupg_ksba_io_t *ctx,
unsigned int flags, estream_t fp,
ksba_reader_t *r_reader)
{
@@ -624,14 +624,17 @@ gnupg_ksba_create_reader (Base64Context *ctx,
}
+/* Return True if an EOF as been seen. */
int
-gpgsm_reader_eof_seen (Base64Context ctx)
+gnupg_ksba_reader_eof_seen (gnupg_ksba_io_t ctx)
{
return ctx && ctx->u.rparm.eof_seen;
}
+
+/* Destroy a reader object. */
void
-gpgsm_destroy_reader (Base64Context ctx)
+gnupg_ksba_destroy_reader (gnupg_ksba_io_t ctx)
{
if (!ctx)
return;
@@ -647,7 +650,7 @@ gpgsm_destroy_reader (Base64Context ctx)
* and footer lines; if PEM_NAME is NULL the string "CMS OBJECT" is
* used.
*
- * The function returns a Base64Context object which must be passed to
+ * The function returns a gnupg_ksba_io_t object which must be passed to
* the gpgme_destroy_writer function. The created ksba_writer_t
* object is stored at R_WRITER - the caller must not call the
* ksba_reader_release function on it.
@@ -660,7 +663,7 @@ gpgsm_destroy_reader (Base64Context ctx)
*
*/
gpg_error_t
-gnupg_ksba_create_writer (Base64Context *ctx, unsigned int flags,
+gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx, unsigned int flags,
const char *pem_name, estream_t stream,
ksba_writer_t *r_writer)
{
@@ -718,8 +721,10 @@ gnupg_ksba_create_writer (Base64Context *ctx, unsigned int flags,
}
-int
-gpgsm_finish_writer (Base64Context ctx)
+/* Flush a writer. This is for example required to write the padding
+ * or the PEM footer. */
+gpg_error_t
+gnupg_ksba_finish_writer (gnupg_ksba_io_t ctx)
{
struct writer_cb_parm_s *parm;
@@ -735,8 +740,9 @@ gpgsm_finish_writer (Base64Context ctx)
}
+/* Destroy a writer object. */
void
-gpgsm_destroy_writer (Base64Context ctx)
+gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx)
{
if (!ctx)
return;
diff --git a/common/ksba-io-support.h b/common/ksba-io-support.h
index 0f448ec..e33e0ed 100644
--- a/common/ksba-io-support.h
+++ b/common/ksba-io-support.h
@@ -34,31 +34,31 @@
* gnupg_ksba_create_writer. */
#define GNUPG_KSBA_IO_PEM 1 /* X.509 PEM format. */
#define GNUPG_KSBA_IO_BASE64 2 /* Plain Base64 format. */
-#define GNUPG_KSBA_IO_AUTODETECT 4 /* Try toautodeect the format. */
+#define GNUPG_KSBA_IO_AUTODETECT 4 /* Try to autodetect the format. */
#define GNUPG_KSBA_IO_MULTIPEM 8 /* Allow more than one PEM chunk. */
/* Context object. */
-typedef struct base64_context_s *Base64Context;
+typedef struct gnupg_ksba_io_s *gnupg_ksba_io_t;
-gpg_error_t gnupg_ksba_create_reader (Base64Context *ctx,
+gpg_error_t gnupg_ksba_create_reader (gnupg_ksba_io_t *ctx,
unsigned int flags,
estream_t fp,
ksba_reader_t *r_reader);
-int gpgsm_reader_eof_seen (Base64Context ctx);
-void gpgsm_destroy_reader (Base64Context ctx);
+int gnupg_ksba_reader_eof_seen (gnupg_ksba_io_t ctx);
+void gnupg_ksba_destroy_reader (gnupg_ksba_io_t ctx);
-gpg_error_t gnupg_ksba_create_writer (Base64Context *ctx,
+gpg_error_t gnupg_ksba_create_writer (gnupg_ksba_io_t *ctx,
unsigned int flags,
const char *pem_name,
estream_t stream,
ksba_writer_t *r_writer);
-int gpgsm_finish_writer (Base64Context ctx);
-void gpgsm_destroy_writer (Base64Context ctx);
+gpg_error_t gnupg_ksba_finish_writer (gnupg_ksba_io_t ctx);
+void gnupg_ksba_destroy_writer (gnupg_ksba_io_t ctx);
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 2290d3d..fe35ea8 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -737,7 +737,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
if (!outctrl->dryrun)
{
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
int create_cert ;
@@ -756,7 +756,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
rc = create_request (ctrl, para, cardkeyid, public, sigkey, writer);
if (!rc)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
log_error ("write failed: %s\n", gpg_strerror (rc));
else
@@ -766,7 +766,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
create_cert?"":" request");
}
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
}
}
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 35c0b8d..cda4d29 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -243,8 +243,8 @@ int
gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
{
int rc;
- Base64Context b64reader = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_reader_t reader;
ksba_writer_t writer;
ksba_cms_t cms = NULL;
@@ -564,7 +564,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
}
while (stopreason != KSBA_SR_READY);
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -582,8 +582,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
gpg_strerror (rc), gpg_strsource (rc));
}
ksba_cms_release (cms);
- gpgsm_destroy_reader (b64reader);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_reader (b64reader);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
es_fclose (in_fp);
if (dfparm.hd)
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 468f785..3a7d4bb 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -299,7 +299,7 @@ int
gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
{
int rc = 0;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
gpg_error_t err;
ksba_writer_t writer;
ksba_reader_t reader = NULL;
@@ -502,7 +502,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
}
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -513,7 +513,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
leave:
ksba_cms_release (cms);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_reader_release (reader);
keydb_release (kh);
xfree (dek);
diff --git a/sm/export.c b/sm/export.c
index 8e3f2de..d721d52 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -133,7 +133,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
KEYDB_HANDLE hd = NULL;
KEYDB_SEARCH_DESC *desc = NULL;
int ndesc;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
strlist_t sl;
ksba_cert_t cert = NULL;
@@ -284,13 +284,13 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
if (ctrl->create_pem)
{
/* We want one certificate per PEM block */
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
goto leave;
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
b64writer = NULL;
}
}
@@ -302,7 +302,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
else if (b64writer)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -311,7 +311,7 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
}
leave:
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_cert_release (cert);
xfree (desc);
keydb_release (hd);
@@ -331,7 +331,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
gpg_error_t err = 0;
KEYDB_HANDLE hd;
KEYDB_SEARCH_DESC *desc = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
ksba_cert_t cert = NULL;
const unsigned char *image;
@@ -463,13 +463,13 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
if (ctrl->create_pem)
{
/* We want one certificate per PEM block */
- err = gpgsm_finish_writer (b64writer);
+ err = gnupg_ksba_finish_writer (b64writer);
if (err)
{
log_error ("write failed: %s\n", gpg_strerror (err));
goto leave;
}
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
b64writer = NULL;
}
@@ -477,7 +477,7 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
cert = NULL;
leave:
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
ksba_cert_release (cert);
xfree (desc);
keydb_release (hd);
diff --git a/sm/import.c b/sm/import.c
index 2a07108..b284b51 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -272,7 +272,7 @@ static int
import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
{
int rc;
- Base64Context b64reader = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
ksba_reader_t reader;
ksba_cert_t cert = NULL;
ksba_cms_t cms = NULL;
@@ -380,14 +380,14 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
ksba_reader_clear (reader, NULL, NULL);
}
- while (!gpgsm_reader_eof_seen (b64reader));
+ while (!gnupg_ksba_reader_eof_seen (b64reader));
leave:
if (any && gpg_err_code (rc) == GPG_ERR_EOF)
rc = 0;
ksba_cms_release (cms);
ksba_cert_release (cert);
- gpgsm_destroy_reader (b64reader);
+ gnupg_ksba_destroy_reader (b64reader);
es_fclose (fp);
return rc;
}
diff --git a/sm/sign.c b/sm/sign.c
index b5a486c..0ca575b 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -316,7 +316,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
{
int i, rc;
gpg_error_t err;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_writer_t writer;
ksba_cms_t cms = NULL;
ksba_stop_reason_t stopreason;
@@ -763,7 +763,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
}
while (stopreason != KSBA_SR_READY);
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -781,7 +781,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (release_signerlist)
gpgsm_release_certlist (signerlist);
ksba_cms_release (cms);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
return rc;
diff --git a/sm/verify.c b/sm/verify.c
index b80948f..1ac97cb 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -90,8 +90,8 @@ int
gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
{
int i, rc;
- Base64Context b64reader = NULL;
- Base64Context b64writer = NULL;
+ gnupg_ksba_io_t b64reader = NULL;
+ gnupg_ksba_io_t b64writer = NULL;
ksba_reader_t reader;
ksba_writer_t writer = NULL;
ksba_cms_t cms = NULL;
@@ -253,7 +253,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
if (b64writer)
{
- rc = gpgsm_finish_writer (b64writer);
+ rc = gnupg_ksba_finish_writer (b64writer);
if (rc)
{
log_error ("write failed: %s\n", gpg_strerror (rc));
@@ -650,8 +650,8 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
leave:
ksba_cms_release (cms);
- gpgsm_destroy_reader (b64reader);
- gpgsm_destroy_writer (b64writer);
+ gnupg_ksba_destroy_reader (b64reader);
+ gnupg_ksba_destroy_writer (b64writer);
keydb_release (kh);
gcry_md_close (data_md);
es_fclose (in_fp);
commit 28c31524be84f20b34573c78bd3a94a81e4b1d61
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 16 15:16:48 2017 +0100
common: Remove gpgsm dependencies from ksba-io-support.
* common/ksba-io-support.c: Include ksba-io-support.h instead of
../sm/gpgsm.h. Include util.h.
(writer_cb_parm_s): Remove const from 'pem_name'.
(gpgsm_destroy_writer): Free 'pem_name'.
(gpgsm_create_reader): Rename to ...
(gnupg_ksba_create_reader): this. Replace args CTRL and
ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate
FLAGS. Change all callers to pass the FLAGS.
(gpgsm_create_writer): Rename to ...
(gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS.
Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change
all callers to pass the FLAGS and PEM_NAME.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/ksba-io-support.c b/common/ksba-io-support.c
index da7b4d6..48a7ac1 100644
--- a/common/ksba-io-support.c
+++ b/common/ksba-io-support.c
@@ -36,13 +36,12 @@
#include <unistd.h>
#include <time.h>
#include <assert.h>
-
-#include "../sm/gpgsm.h"
-
-
#include <ksba.h>
+#include "util.h"
#include "i18n.h"
+#include "ksba-io-support.h"
+
#ifdef HAVE_DOSISH_SYSTEM
#define LF "\r\n"
@@ -50,6 +49,7 @@
#define LF "\n"
#endif
+
/* Data used by the reader callbacks. */
struct reader_cb_parm_s
{
@@ -87,7 +87,7 @@ struct writer_cb_parm_s
{
estream_t stream; /* Output stream. */
- const char *pem_name;
+ char *pem_name; /* Malloced. */
int wrote_begin;
int did_finish;
@@ -550,18 +550,30 @@ base64_finish_write (struct writer_cb_parm_s *parm)
-/* Create a reader for the given file descriptor. Depending on the
- control information an input decoding is automagically chosen.
- The function returns a Base64Context object which must be passed to
- the gpgme_destroy_reader function. The created KsbaReader object
- is also returned, but the caller must not call the
- ksba_reader_release function on. If ALLOW_MULTI_PEM is true, the
- reader expects that the caller uses ksba_reader_clear after EOF
- until no more objects were found. */
-int
-gpgsm_create_reader (Base64Context *ctx,
- ctrl_t ctrl, estream_t fp, int allow_multi_pem,
- ksba_reader_t *r_reader)
+/* Create a reader for the stream FP. FLAGS can be used to specify
+ * the expected input encoding.
+ *
+ * The function returns a Base64Context object which must be passed to
+ * the gpgme_destroy_reader function. The created ksba_reader_t
+ * object is stored at R_READER - the caller must not call the
+ * ksba_reader_release function on.
+ *
+ * The supported flags are:
+ *
+ * GNUPG_KSBA_IO_PEM - Assume the input is PEM encoded
+ * GNUPG_KSBA_IO_BASE64 - Assume the input is Base64 encoded.
+ * GNUPG_KSBA_IO_AUTODETECT - The reader tries to detect the encoding.
+ * GNUPG_KSBA_IO_MULTIPEM - The reader expects that the caller uses
+ * ksba_reader_clear after EOF until no more
+ * objects were found.
+ *
+ * Note that the PEM flag has a higher priority than the BASE64 flag
+ * which in turn has a gight priority than the AUTODETECT flag.
+ */
+gpg_error_t
+gnupg_ksba_create_reader (Base64Context *ctx,
+ unsigned int flags, estream_t fp,
+ ksba_reader_t *r_reader)
{
int rc;
ksba_reader_t r;
@@ -570,7 +582,7 @@ gpgsm_create_reader (Base64Context *ctx,
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
return out_of_core ();
- (*ctx)->u.rparm.allow_multi_pem = allow_multi_pem;
+ (*ctx)->u.rparm.allow_multi_pem = !!(flags & GNUPG_KSBA_IO_MULTIPEM);
rc = ksba_reader_new (&r);
if (rc)
@@ -580,18 +592,18 @@ gpgsm_create_reader (Base64Context *ctx,
}
(*ctx)->u.rparm.fp = fp;
- if (ctrl->is_pem)
+ if ((flags & GNUPG_KSBA_IO_PEM))
{
(*ctx)->u.rparm.assume_pem = 1;
(*ctx)->u.rparm.assume_base64 = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
}
- else if (ctrl->is_base64)
+ else if ((flags & GNUPG_KSBA_IO_BASE64))
{
(*ctx)->u.rparm.assume_base64 = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
}
- else if (ctrl->autodetect_encoding)
+ else if ((flags & GNUPG_KSBA_IO_AUTODETECT))
{
(*ctx)->u.rparm.autodetect = 1;
rc = ksba_reader_set_cb (r, base64_reader_cb, &(*ctx)->u.rparm);
@@ -630,15 +642,27 @@ gpgsm_destroy_reader (Base64Context ctx)
-/* Create a writer for the given STREAM. Depending on
- the control information an output encoding is automagically
- chosen. The function returns a Base64Context object which must be
- passed to the gpgme_destroy_writer function. The created
- KsbaWriter object is also returned, but the caller must not call
- the ksba_reader_release function on it. */
-int
-gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
- ksba_writer_t *r_writer)
+/* Create a writer for the given STREAM. Depending on FLAGS an output
+ * encoding is chosen. In PEM mode PEM_NAME is used for the header
+ * and footer lines; if PEM_NAME is NULL the string "CMS OBJECT" is
+ * used.
+ *
+ * The function returns a Base64Context object which must be passed to
+ * the gpgme_destroy_writer function. The created ksba_writer_t
+ * object is stored at R_WRITER - the caller must not call the
+ * ksba_reader_release function on it.
+ *
+ * The supported flags are:
+ *
+ * GNUPG_KSBA_IO_PEM - Write output as PEM
+ * GNUPG_KSBA_IO_BASE64 - Write output as plain Base64; note that the PEM
+ * flag overrides this flag.
+ *
+ */
+gpg_error_t
+gnupg_ksba_create_writer (Base64Context *ctx, unsigned int flags,
+ const char *pem_name, estream_t stream,
+ ksba_writer_t *r_writer)
{
int rc;
ksba_writer_t w;
@@ -646,7 +670,7 @@ gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
*r_writer = NULL;
*ctx = xtrycalloc (1, sizeof **ctx);
if (!*ctx)
- return out_of_core ();
+ return gpg_error_from_syserror ();
rc = ksba_writer_new (&w);
if (rc)
@@ -655,12 +679,22 @@ gpgsm_create_writer (Base64Context *ctx, ctrl_t ctrl, estream_t stream,
return rc;
}
- if (ctrl->create_pem || ctrl->create_base64)
+ if ((flags & GNUPG_KSBA_IO_PEM) || (flags & GNUPG_KSBA_IO_BASE64))
{
(*ctx)->u.wparm.stream = stream;
- if (ctrl->create_pem)
- (*ctx)->u.wparm.pem_name = ctrl->pem_name? ctrl->pem_name
- : "CMS OBJECT";
+ if ((flags & GNUPG_KSBA_IO_PEM))
+ {
+ (*ctx)->u.wparm.pem_name = xtrystrdup (pem_name
+ ? pem_name
+ : "CMS OBJECT");
+ if (!(*ctx)->u.wparm.pem_name)
+ {
+ rc = gpg_error_from_syserror ();
+ ksba_writer_release (w);
+ xfree (*ctx); *ctx = NULL;
+ return rc;
+ }
+ }
rc = ksba_writer_set_cb (w, base64_writer_cb, &(*ctx)->u.wparm);
}
else if (stream)
@@ -700,6 +734,7 @@ gpgsm_finish_writer (Base64Context ctx)
return base64_finish_write (parm);
}
+
void
gpgsm_destroy_writer (Base64Context ctx)
{
@@ -707,5 +742,6 @@ gpgsm_destroy_writer (Base64Context ctx)
return;
ksba_writer_release (ctx->u2.writer);
+ xfree (ctx->u.wparm.pem_name);
xfree (ctx);
}
diff --git a/common/ksba-io-support.h b/common/ksba-io-support.h
index 7028686..0f448ec 100644
--- a/common/ksba-io-support.h
+++ b/common/ksba-io-support.h
@@ -30,4 +30,37 @@
#ifndef GNUPG_KSBA_IO_SUPPORT_H
#define GNUPG_KSBA_IO_SUPPORT_H
+/* Flags used with gnupg_ksba_create_reader and
+ * gnupg_ksba_create_writer. */
+#define GNUPG_KSBA_IO_PEM 1 /* X.509 PEM format. */
+#define GNUPG_KSBA_IO_BASE64 2 /* Plain Base64 format. */
+#define GNUPG_KSBA_IO_AUTODETECT 4 /* Try toautodeect the format. */
+#define GNUPG_KSBA_IO_MULTIPEM 8 /* Allow more than one PEM chunk. */
+
+
+/* Context object. */
+typedef struct base64_context_s *Base64Context;
+
+
+
+gpg_error_t gnupg_ksba_create_reader (Base64Context *ctx,
+ unsigned int flags,
+ estream_t fp,
+ ksba_reader_t *r_reader);
+
+int gpgsm_reader_eof_seen (Base64Context ctx);
+void gpgsm_destroy_reader (Base64Context ctx);
+
+gpg_error_t gnupg_ksba_create_writer (Base64Context *ctx,
+ unsigned int flags,
+ const char *pem_name,
+ estream_t stream,
+ ksba_writer_t *r_writer);
+
+int gpgsm_finish_writer (Base64Context ctx);
+void gpgsm_destroy_writer (Base64Context ctx);
+
+
+
+
#endif /*GNUPG_KSBA_IO_SUPPORT_H*/
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 9b4ffc9..2290d3d 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -744,7 +744,11 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para,
create_cert = !!get_parameter_value (para, pSERIAL, 0);
ctrl->pem_name = create_cert? "CERTIFICATE" : "CERTIFICATE REQUEST";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
log_error ("can't create writer: %s\n", gpg_strerror (rc));
else
diff --git a/sm/decrypt.c b/sm/decrypt.c
index a2907f6..35c0b8d 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -274,14 +274,21 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
+ in_fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
goto leave;
}
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 2c664f8..468f785 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -364,7 +364,10 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
encparm.fp = data_fp;
ctrl->pem_name = "ENCRYPTED MESSAGE";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
diff --git a/sm/export.c b/sm/export.c
index a32414e..8e3f2de 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -263,7 +263,10 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
if (!b64writer)
{
ctrl->pem_name = "CERTIFICATE";
- rc = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 :0)),
+ ctrl->pem_name, stream, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
@@ -433,7 +436,10 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
ctrl->pem_name = "PRIVATE KEY";
else
ctrl->pem_name = "RSA PRIVATE KEY";
- err = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
+ err = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, stream, &writer);
if (err)
{
log_error ("can't create writer: %s\n", gpg_strerror (err));
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 76ff327..df96770 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -33,6 +33,7 @@
#include "../common/status.h"
#include "../common/audit.h"
#include "../common/session-env.h"
+#include "../common/ksba-io-support.h"
#define MAX_DIGEST_LEN 64
@@ -205,10 +206,6 @@ struct server_control_s
};
-/* Data structure used in base64.c. */
-typedef struct base64_context_s *Base64Context;
-
-
/* An object to keep a list of certificates. */
struct certlist_s
{
@@ -262,19 +259,6 @@ int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
char *gpgsm_get_certid (ksba_cert_t cert);
-/*-- base64.c --*/
-int gpgsm_create_reader (Base64Context *ctx,
- ctrl_t ctrl, estream_t fp, int allow_multi_pem,
- ksba_reader_t *r_reader);
-int gpgsm_reader_eof_seen (Base64Context ctx);
-void gpgsm_destroy_reader (Base64Context ctx);
-int gpgsm_create_writer (Base64Context *ctx,
- ctrl_t ctrl, estream_t stream,
- ksba_writer_t *r_writer);
-int gpgsm_finish_writer (Base64Context ctx);
-void gpgsm_destroy_writer (Base64Context ctx);
-
-
/*-- certdump.c --*/
void gpgsm_print_serial (estream_t fp, ksba_const_sexp_t p);
void gpgsm_print_time (estream_t fp, ksba_isotime_t t);
diff --git a/sm/import.c b/sm/import.c
index 4a8ecf7..2a07108 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -288,7 +288,12 @@ import_one (ctrl_t ctrl, struct stats_s *stats, int in_fd)
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, fp, 1, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)
+ | GNUPG_KSBA_IO_MULTIPEM),
+ fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
diff --git a/sm/sign.c b/sm/sign.c
index 9153d58..b5a486c 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -340,7 +340,10 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
}
ctrl->pem_name = "SIGNED MESSAGE";
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
diff --git a/sm/verify.c b/sm/verify.c
index a046883..b80948f 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -125,7 +125,11 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
goto leave;
}
- rc = gpgsm_create_reader (&b64reader, ctrl, in_fp, 0, &reader);
+ rc = gnupg_ksba_create_reader
+ (&b64reader, ((ctrl->is_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->is_base64? GNUPG_KSBA_IO_BASE64 : 0)
+ | (ctrl->autodetect_encoding? GNUPG_KSBA_IO_AUTODETECT : 0)),
+ in_fp, &reader);
if (rc)
{
log_error ("can't create reader: %s\n", gpg_strerror (rc));
@@ -134,7 +138,10 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
if (out_fp)
{
- rc = gpgsm_create_writer (&b64writer, ctrl, out_fp, &writer);
+ rc = gnupg_ksba_create_writer
+ (&b64writer, ((ctrl->create_pem? GNUPG_KSBA_IO_PEM : 0)
+ | (ctrl->create_base64? GNUPG_KSBA_IO_BASE64 : 0)),
+ ctrl->pem_name, out_fp, &writer);
if (rc)
{
log_error ("can't create writer: %s\n", gpg_strerror (rc));
commit 919e76b407ac557b0f518ec03f3cc59e9e5740c9
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 16 14:17:43 2017 +0100
common: Change license of ksba-io-support.c
* common/ksba-io-support.c: Change from GPLv3+ to LGPLv3+/GPLv2+.
--
According to the sm/ChangeLog-2011 and the git log all code has been
written by me or g10 Code employees. Also changed the copyright
notices so that the file can be sued separately.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/ksba-io-support.c b/common/ksba-io-support.c
index a47e47b..da7b4d6 100644
--- a/common/ksba-io-support.c
+++ b/common/ksba-io-support.c
@@ -1,14 +1,25 @@
/* kska-io-support.c - Supporting functions for ksba reader and writer
- * Copyright (C) 2001, 2003, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2001-2005, 2007, 2010-2011, 2017 Werner Koch
+ * Copyright (C) 2006 g10 Code GmbH
*
* This file is part of GnuPG.
*
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
*
- * GnuPG is distributed in the hope that it will be useful,
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
commit 04bfa6fe6597b8ffcec61cbcacdc7eb137444e80
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 16 14:07:27 2017 +0100
sm,common: Move ksba reader and writer support to common/.
* sm/base64.c: Rename to ...
* common/ksba-io-support.c: this.
* common/ksba-io-support.h: New.
* common/Makefile.am (common_sources): Add new files.
* sm/Makefile.am (gpgsm_SOURCES): Remove base64.c
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/Makefile.am b/common/Makefile.am
index 72e3fb4..68b8710 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -91,7 +91,9 @@ common_sources = \
exectool.c exectool.h \
server-help.c server-help.h \
name-value.c name-value.h \
- recsel.c recsel.h
+ recsel.c recsel.h \
+ ksba-io-support.c ksba-io-support.h
+
if HAVE_W32_SYSTEM
common_sources += w32-reg.c
diff --git a/sm/base64.c b/common/ksba-io-support.c
similarity index 99%
rename from sm/base64.c
rename to common/ksba-io-support.c
index f3c7def..a47e47b 100644
--- a/sm/base64.c
+++ b/common/ksba-io-support.c
@@ -1,4 +1,4 @@
-/* base64.c
+/* kska-io-support.c - Supporting functions for ksba reader and writer
* Copyright (C) 2001, 2003, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@@ -26,7 +26,7 @@
#include <time.h>
#include <assert.h>
-#include "gpgsm.h"
+#include "../sm/gpgsm.h"
#include <ksba.h>
diff --git a/common/ksba-io-support.h b/common/ksba-io-support.h
new file mode 100644
index 0000000..7028686
--- /dev/null
+++ b/common/ksba-io-support.h
@@ -0,0 +1,33 @@
+/* ksba-io-support.h - Supporting functions for ksba reader and writer
+ * Copyright (C) 2017 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
+ */
+
+#ifndef GNUPG_KSBA_IO_SUPPORT_H
+#define GNUPG_KSBA_IO_SUPPORT_H
+
+#endif /*GNUPG_KSBA_IO_SUPPORT_H*/
diff --git a/sm/Makefile.am b/sm/Makefile.am
index a9c67a8..4cfb246 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -38,7 +38,6 @@ gpgsm_SOURCES = \
call-agent.c \
call-dirmngr.c \
fingerprint.c \
- base64.c \
certlist.c \
certdump.c \
certcheck.c \
commit 5c4e67afd6385b48065de6a0f2dd0bfd936ab90b
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 16 11:51:57 2017 +0100
dirmngr: Prepare certcache for forthcoming changes.
* dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to
'flags.config'. Add 'flags.systrust'.
(total_loaded_certificates): Rename to total_config_certificates.
(put_cert): Rename args for clarity. Set SYSTRUST flag.
(load_certs_from_dir): Make sure put_cert does not set the SYSTRUST
flag.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index d13d80b..d68d503 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -68,8 +68,12 @@ struct cert_item_s
char *subject_dn; /* The malloced subject DN - maybe NULL. */
struct
{
- unsigned int loaded:1; /* It has been explicitly loaded. */
+ unsigned int config:1; /* This has been loaded from the configuration. */
unsigned int trusted:1; /* This is a trusted root certificate. */
+ unsigned int systrust:1;/* The certifciate is trusted because it
+ * is in the system's store of trusted
+ * certificates (i.e. not configured using
+ * GnuPG mechanisms. */
} flags;
};
typedef struct cert_item_s *cert_item_t;
@@ -88,9 +92,9 @@ static npth_rwlock_t cert_cache_lock;
/* Flag to track whether the cache has been initialized. */
static int initialization_done;
-/* Total number of certificates loaded during initialization and
- cached during operation. */
-static unsigned int total_loaded_certificates;
+/* Total number of certificates loaded during initialization
+ * (ie. configured) and extra certifcates cached during operation. */
+static unsigned int total_config_certificates;
static unsigned int total_extra_certificates;
@@ -229,13 +233,20 @@ clean_cache_slot (cert_item_t ci)
/* Put the certificate CERT into the cache. It is assumed that the
- cache is locked while this function is called. If FPR_BUFFER is not
- NULL the fingerprint of the certificate will be stored there.
- FPR_BUFFER neds to point to a buffer of at least 20 bytes. The
- fingerprint will be stored on success or when the function returns
- gpg_err_code(GPG_ERR_DUP_VALUE). */
+ * cache is locked while this function is called.
+ *
+ * FROM_CONFIG indicates that CERT is a permanent certificate and
+ * should stay in the cache. IS_TRUSTED requests that the trusted
+ * flag is set for the certificate; a value of 1 indicates the the
+ * cert is trusted due to GnuPG mechanisms, a value of 2 indicates
+ * that it is trusted because it has been taken from the system's
+ * store of trusted certificates. If FPR_BUFFER is not NULL the
+ * fingerprint of the certificate will be stored there. FPR_BUFFER
+ * needs to point to a buffer of at least 20 bytes. The fingerprint
+ * will be stored on success or when the function returns
+ * GPG_ERR_DUP_VALUE. */
static gpg_error_t
-put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
+put_cert (ksba_cert_t cert, int from_config, int is_trusted, void *fpr_buffer)
{
unsigned char help_fpr_buffer[20], *fpr;
cert_item_t ci;
@@ -243,17 +254,17 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
fpr = fpr_buffer? fpr_buffer : &help_fpr_buffer;
/* If we already reached the caching limit, drop a couple of certs
- from the cache. Our dropping strategy is simple: We keep a
- static index counter and use this to start looking for
- certificates, then we drop 5 percent of the oldest certificates
- starting at that index. For a large cache this is a fair way of
- removing items. An LRU strategy would be better of course.
- Because we append new entries to the head of the list and we want
- to remove old ones first, we need to do this from the tail. The
- implementation is not very efficient but compared to the long
- time it takes to retrieve a certifciate from an external resource
- it seems to be reasonable. */
- if (!is_loaded && total_extra_certificates >= MAX_EXTRA_CACHED_CERTS)
+ * from the cache. Our dropping strategy is simple: We keep a
+ * static index counter and use this to start looking for
+ * certificates, then we drop 5 percent of the oldest certificates
+ * starting at that index. For a large cache this is a fair way of
+ * removing items. An LRU strategy would be better of course.
+ * Because we append new entries to the head of the list and we want
+ * to remove old ones first, we need to do this from the tail. The
+ * implementation is not very efficient but compared to the long
+ * time it takes to retrieve a certificate from an external resource
+ * it seems to be reasonable. */
+ if (!from_config && total_extra_certificates >= MAX_EXTRA_CACHED_CERTS)
{
static int idx;
cert_item_t ci_mark;
@@ -270,7 +281,7 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
{
ci_mark = NULL;
for (ci = cert_cache[i]; ci; ci = ci->next)
- if (ci->cert && !ci->flags.loaded)
+ if (ci->cert && !ci->flags.config)
ci_mark = ci;
if (ci_mark)
{
@@ -316,11 +327,12 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
return gpg_error (GPG_ERR_INV_CERT_OBJ);
}
ci->subject_dn = ksba_cert_get_subject (cert, 0);
- ci->flags.loaded = !!is_loaded;
+ ci->flags.config = !!from_config;
ci->flags.trusted = !!is_trusted;
+ ci->flags.systrust = (is_trusted && is_trusted == 2);
- if (is_loaded)
- total_loaded_certificates++;
+ if (from_config)
+ total_config_certificates++;
else
total_extra_certificates++;
@@ -390,7 +402,7 @@ load_certs_from_dir (const char *dirname, int are_trusted)
continue;
}
- err = put_cert (cert, 1, are_trusted, NULL);
+ err = put_cert (cert, 1, !!are_trusted, NULL);
if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
log_info (_("certificate '%s' already cached\n"), fname);
else if (!err)
@@ -476,7 +488,7 @@ cert_cache_deinit (int full)
}
}
- total_loaded_certificates = 0;
+ total_config_certificates = 0;
total_extra_certificates = 0;
initialization_done = 0;
release_cache_lock ();
@@ -487,7 +499,7 @@ void
cert_cache_print_stats (void)
{
log_info (_("permanently loaded certificates: %u\n"),
- total_loaded_certificates);
+ total_config_certificates);
log_info (_(" runtime cached certificates: %u\n"),
total_extra_certificates);
}
-----------------------------------------------------------------------
Summary of changes:
common/Makefile.am | 4 +-
sm/base64.c => common/ksba-io-support.c | 153 +++++++++++++++++++++-----------
common/ksba-io-support.h | 66 ++++++++++++++
dirmngr/certcache.c | 68 ++++++++------
sm/Makefile.am | 1 -
sm/certreqgen.c | 12 ++-
sm/decrypt.c | 21 +++--
sm/encrypt.c | 11 ++-
sm/export.c | 28 +++---
sm/gpgsm.h | 18 +---
sm/import.c | 13 ++-
sm/sign.c | 11 ++-
sm/verify.c | 21 +++--
13 files changed, 289 insertions(+), 138 deletions(-)
rename sm/base64.c => common/ksba-io-support.c (79%)
create mode 100644 common/ksba-io-support.h
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list