1 /* plaintext.c - process plaintext packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006, 2009, 2010 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #include <sys/types.h>
28 #ifdef HAVE_DOSISH_SYSTEM
29 # include <fcntl.h> /* for setmode() */
43 /* Handle a plaintext packet. If MFX is not NULL, update the MDs
44 * Note: We should have used the filter stuff here, but we have to add
45 * some easy mimic to set a read limit, so we calculate only the bytes
46 * from the plaintext. */
48 handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx,
49 int nooutput, int clearsig)
53 static off_t count = 0;
56 int convert = (pt->mode == 't' || pt->mode == 'u');
61 /* Let people know what the plaintext info is. This allows the
62 receiving program to try and do something different based on the
63 format code (say, recode UTF-8 to local). */
64 if (!nooutput && is_status_enabled ())
68 /* Better make sure that stdout has been flushed in case the
69 output will be written to it. This is to make sure that no
70 not-yet-flushed stuff will be written after the plaintext
72 es_fflush (es_stdout);
74 snprintf (status, sizeof status,
75 "%X %lu ", (byte) pt->mode, (ulong) pt->timestamp);
76 write_status_text_and_buffer (STATUS_PLAINTEXT,
77 status, pt->name, pt->namelen, 0);
81 snprintf (status, sizeof status, "%lu", (ulong) pt->len);
82 write_status_text (STATUS_PLAINTEXT_LENGTH, status);
86 /* Create the filename as C string. */
91 fname = xtrystrdup ("[FP]");
94 err = gpg_error_from_syserror ();
100 fname = xtrystrdup (opt.outfile);
103 err = gpg_error_from_syserror ();
107 else if (pt->namelen == 8 && !memcmp (pt->name, "_CONSOLE", 8))
109 log_info (_("data not saved; use option \"--output\" to save it\n"));
112 else if (!opt.flags.use_embedded_filename)
114 fname = make_outfile_name (iobuf_get_real_fname (pt->buf));
116 fname = ask_outfile_name (pt->name, pt->namelen);
119 err = gpg_error (GPG_ERR_GENERAL); /* Can't create file. */
124 fname = utf8_to_native (pt->name, pt->namelen, 0);
133 else if (iobuf_is_pipe_filename (fname) || !*fname)
135 /* No filename or "-" given; write to stdout. */
141 while (!overwrite_filep (fname))
143 char *tmp = ask_outfile_name (NULL, 0);
147 /* FIXME: Below used to be GPG_ERR_CREATE_FILE */
148 err = gpg_error (GPG_ERR_GENERAL);
157 if (opt.outfp && is_secured_file (es_fileno (opt.outfp)))
159 err = gpg_error (GPG_ERR_EPERM);
160 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
163 else if (fp || nooutput)
165 else if (is_secured_filename (fname))
167 gpg_err_set_errno (EPERM);
168 err = gpg_error_from_syserror ();
169 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
172 else if (!(fp = es_fopen (fname, "wb")))
174 err = gpg_error_from_syserror ();
175 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
178 #else /* __riscos__ */
179 /* If no output filename was given, i.e. we constructed it, convert
180 all '.' in fname to '/' but not vice versa as we don't create
183 for (c = 0; fname[c]; ++c)
191 /* Note: riscos stuff is not expected to wrok anymore. If we
192 want to port it again to riscos we should do most of the suff
193 in estream. FIXME: Consider to remove all riscos special
195 fp = fopen (fname, "wb");
198 log_error (_("error creating '%s': %s\n"), fname, gpg_strerror (err));
199 err = GPG_ERR_CREATE_FILE;
201 log_info ("Do output file and input file have the same name?\n");
205 /* If there's a ,xxx extension in the embedded filename,
206 use that, else check whether the user input (in fname)
207 has a ,xxx appended, then use that in preference */
208 if ((c = riscos_get_filetype_from_string (pt->name, pt->namelen)) != -1)
210 if ((c = riscos_get_filetype_from_string (fname, strlen (fname))) != -1)
212 riscos_set_filetype_by_number (fname, filetype);
214 #endif /* __riscos__ */
218 /* We have an actual length (which might be zero). */
222 log_error ("clearsig encountered while not expected\n");
223 err = gpg_error (GPG_ERR_UNEXPECTED);
227 if (convert) /* Text mode. */
229 for (; pt->len; pt->len--)
231 if ((c = iobuf_get (pt->buf)) == -1)
233 err = gpg_error_from_syserror ();
234 log_error ("problem reading source (%u bytes remaining)\n",
239 gcry_md_putc (mfx->md, c);
240 #ifndef HAVE_DOSISH_SYSTEM
241 if (c == '\r') /* convert to native line ending */
242 continue; /* fixme: this hack might be too simple */
246 if (opt.max_output && (++count) > opt.max_output)
248 log_error ("error writing to '%s': %s\n",
249 fname, "exceeded --max-output limit\n");
250 err = gpg_error (GPG_ERR_TOO_LARGE);
253 else if (es_putc (c, fp) == EOF)
256 err = gpg_error_from_syserror ();
258 err = gpg_error (GPG_ERR_EOF);
259 log_error ("error writing to '%s': %s\n",
260 fname, gpg_strerror (err));
266 else /* Binary mode. */
268 byte *buffer = xmalloc (32768);
271 int len = pt->len > 32768 ? 32768 : pt->len;
272 len = iobuf_read (pt->buf, buffer, len);
275 err = gpg_error_from_syserror ();
276 log_error ("problem reading source (%u bytes remaining)\n",
282 gcry_md_write (mfx->md, buffer, len);
285 if (opt.max_output && (count += len) > opt.max_output)
287 log_error ("error writing to '%s': %s\n",
288 fname, "exceeded --max-output limit\n");
289 err = gpg_error (GPG_ERR_TOO_LARGE);
293 else if (es_fwrite (buffer, 1, len, fp) != len)
295 err = gpg_error_from_syserror ();
296 log_error ("error writing to '%s': %s\n",
297 fname, gpg_strerror (err));
311 while ((c = iobuf_get (pt->buf)) != -1)
314 gcry_md_putc (mfx->md, c);
315 #ifndef HAVE_DOSISH_SYSTEM
316 if (convert && c == '\r')
317 continue; /* fixme: this hack might be too simple */
321 if (opt.max_output && (++count) > opt.max_output)
323 log_error ("Error writing to '%s': %s\n",
324 fname, "exceeded --max-output limit\n");
325 err = gpg_error (GPG_ERR_TOO_LARGE);
328 else if (es_putc (c, fp) == EOF)
331 err = gpg_error_from_syserror ();
333 err = gpg_error (GPG_ERR_EOF);
334 log_error ("error writing to '%s': %s\n",
335 fname, gpg_strerror (err));
346 buffer = xtrymalloc (32768);
349 err = gpg_error_from_syserror ();
355 /* Why do we check for len < 32768:
356 * If we won't, we would practically read 2 EOFs but
357 * the first one has already popped the block_filter
358 * off and therefore we don't catch the boundary.
359 * So, always assume EOF if iobuf_read returns less bytes
361 int len = iobuf_read (pt->buf, buffer, 32768);
367 gcry_md_write (mfx->md, buffer, len);
370 if (opt.max_output && (count += len) > opt.max_output)
372 log_error ("error writing to '%s': %s\n",
373 fname, "exceeded --max-output limit\n");
374 err = gpg_error (GPG_ERR_TOO_LARGE);
378 else if (es_fwrite (buffer, 1, len, fp) != len)
380 err = gpg_error_from_syserror ();
381 log_error ("error writing to '%s': %s\n",
382 fname, gpg_strerror (err));
392 else /* Clear text signature - don't hash the last CR,LF. */
396 while ((c = iobuf_get (pt->buf)) != -1)
400 if (opt.max_output && (++count) > opt.max_output)
402 log_error ("error writing to '%s': %s\n",
403 fname, "exceeded --max-output limit\n");
404 err = gpg_error (GPG_ERR_TOO_LARGE);
407 else if (es_putc (c, fp) == EOF)
409 err = gpg_error_from_syserror ();
410 log_error ("error writing to '%s': %s\n",
411 fname, gpg_strerror (err));
419 gcry_md_putc (mfx->md, '\r');
420 gcry_md_putc (mfx->md, '\n');
430 gcry_md_putc (mfx->md, c);
438 gcry_md_putc (mfx->md, '\r');
444 gcry_md_putc (mfx->md, c);
452 if (fp && fp != es_stdout && fp != opt.outfp && es_fclose (fp))
454 err = gpg_error_from_syserror ();
455 log_error ("error closing '%s': %s\n", fname, gpg_strerror (err));
462 /* Make sure that stdout gets flushed after the plaintext has been
463 handled. This is for extra security as we do a flush anyway
464 before checking the signature. */
465 if (es_fflush (es_stdout))
467 /* We need to check the return code to detect errors like disk
468 full for short plaintexts. See bug#1207. Checking return
469 values is a good idea in any case. */
471 err = gpg_error_from_syserror ();
472 log_error ("error flushing '%s': %s\n", "[stdout]",
476 if (fp && fp != es_stdout && fp != opt.outfp)
484 do_hash (gcry_md_hd_t md, gcry_md_hd_t md2, IOBUF fp, int textmode)
486 text_filter_context_t tfx;
491 memset (&tfx, 0, sizeof tfx);
492 iobuf_push_filter (fp, text_filter, &tfx);
495 { /* work around a strange behaviour in pgp2 */
496 /* It seems that at least PGP5 converts a single CR to a CR,LF too */
498 while ((c = iobuf_get (fp)) != -1)
500 if (c == '\n' && lc == '\r')
501 gcry_md_putc (md2, c);
504 gcry_md_putc (md2, '\r');
505 gcry_md_putc (md2, c);
507 else if (c != '\n' && lc == '\r')
509 gcry_md_putc (md2, '\n');
510 gcry_md_putc (md2, c);
513 gcry_md_putc (md2, c);
516 gcry_md_putc (md, c);
522 while ((c = iobuf_get (fp)) != -1)
525 gcry_md_putc (md, c);
532 * Ask for the detached datafile and calculate the digest from it.
533 * INFILE is the name of the input file.
536 ask_for_detached_datafile (gcry_md_hd_t md, gcry_md_hd_t md2,
537 const char *inname, int textmode)
539 progress_filter_context_t *pfx;
544 pfx = new_progress_context ();
545 fp = open_sigfile (inname, pfx); /* Open default file. */
547 if (!fp && !opt.batch)
550 tty_printf (_("Detached signature.\n"));
556 tty_enable_completion (NULL);
557 name = cpr_get ("detached_signature.filename",
558 _("Please enter name of data file: "));
559 tty_disable_completion ();
561 answer = make_filename (name, (void *) NULL);
566 rc = gpg_error (GPG_ERR_GENERAL); /*G10ERR_READ_FILE */
569 fp = iobuf_open (answer);
570 if (fp && is_secured_file (iobuf_get_fd (fp)))
574 gpg_err_set_errno (EPERM);
576 if (!fp && errno == ENOENT)
578 tty_printf ("No such file, try again or hit enter to quit.\n");
583 rc = gpg_error_from_syserror ();
584 log_error (_("can't open '%s': %s\n"), answer,
595 log_info (_("reading stdin ...\n"));
596 fp = iobuf_open (NULL);
599 do_hash (md, md2, fp, textmode);
604 release_progress_context (pfx);
610 /* Hash the given files and append the hash to hash contexts MD and
611 * MD2. If FILES is NULL, stdin is hashed. */
613 hash_datafiles (gcry_md_hd_t md, gcry_md_hd_t md2, strlist_t files,
614 const char *sigfilename, int textmode)
616 progress_filter_context_t *pfx;
620 pfx = new_progress_context ();
624 /* Check whether we can open the signed material. We avoid
625 trying to open a file if run in batch mode. This assumed
626 data file for a sig file feature is just a convenience thing
627 for the command line and the user needs to read possible
631 fp = open_sigfile (sigfilename, pfx);
634 do_hash (md, md2, fp, textmode);
636 release_progress_context (pfx);
640 log_error (_("no signed data\n"));
641 release_progress_context (pfx);
642 return gpg_error (GPG_ERR_NO_DATA);
646 for (sl = files; sl; sl = sl->next)
648 fp = iobuf_open (sl->d);
649 if (fp && is_secured_file (iobuf_get_fd (fp)))
653 gpg_err_set_errno (EPERM);
657 int rc = gpg_error_from_syserror ();
658 log_error (_("can't open signed data '%s'\n"),
659 print_fname_stdin (sl->d));
660 release_progress_context (pfx);
663 handle_progress (pfx, fp, sl->d);
664 do_hash (md, md2, fp, textmode);
668 release_progress_context (pfx);
673 /* Hash the data from file descriptor DATA_FD and append the hash to hash
674 contexts MD and MD2. */
676 hash_datafile_by_fd (gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd,
679 progress_filter_context_t *pfx = new_progress_context ();
682 if (is_secured_file (data_fd))
685 gpg_err_set_errno (EPERM);
688 fp = iobuf_fdopen_nc (data_fd, "rb");
692 int rc = gpg_error_from_syserror ();
693 log_error (_("can't open signed data fd=%d: %s\n"),
694 data_fd, strerror (errno));
695 release_progress_context (pfx);
699 handle_progress (pfx, fp, NULL);
701 do_hash (md, md2, fp, textmode);
705 release_progress_context (pfx);
710 /* Set up a plaintext packet with the appropriate filename. If there
711 is a --set-filename, use it (it's already UTF8). If there is a
712 regular filename, UTF8-ize it if necessary. If there is no
713 filenames at all, set the field empty. */
716 setup_plaintext_name (const char *filename, IOBUF iobuf)
720 if ((filename && !iobuf_is_pipe_filename (filename))
721 || (opt.set_filename && !iobuf_is_pipe_filename (opt.set_filename)))
725 if (opt.set_filename)
726 s = make_basename (opt.set_filename, iobuf_get_real_fname (iobuf));
727 else if (filename && !opt.flags.utf8_filename)
729 char *tmp = native_to_utf8 (filename);
730 s = make_basename (tmp, iobuf_get_real_fname (iobuf));
734 s = make_basename (filename, iobuf_get_real_fname (iobuf));
736 pt = xmalloc (sizeof *pt + strlen (s) - 1);
737 pt->namelen = strlen (s);
738 memcpy (pt->name, s, pt->namelen);
744 pt = xmalloc (sizeof *pt - 1);
projects / gnupg.git / blob