merged into default
authorKrista Grothoff <krista@pep-project.org>
Mon, 20 Feb 2017 15:29:23 +0100
changeset 159403ee060519ff
parent 1589 c6dbfcea6e5a
parent 1593 37d5334bbb66
child 1600 9be501327dfd
merged into default
     1.1 --- a/src/pgp_gpg.c	Mon Feb 20 09:31:58 2017 +0100
     1.2 +++ b/src/pgp_gpg.c	Mon Feb 20 15:29:23 2017 +0100
     1.3 @@ -456,7 +456,56 @@
     1.4              case GPG_ERR_NO_ERROR:
     1.5              {
     1.6                  gpgme_decrypt_result = gpg.gpgme_op_decrypt_result(session->ctx);
     1.7 -                
     1.8 +                /* NOW is when we have to process the decrypt_result, period.
     1.9 +                   it is only valid until the next call on the context. */
    1.10 +                   
    1.11 +                gpgme_key_t key;
    1.12 +                memset(&key,0,sizeof(key));
    1.13 +                stringlist_t* recipient_keylist = new_stringlist(NULL);
    1.14 +                if (!recipient_keylist) {
    1.15 +                    gpg.gpgme_data_release(plain);
    1.16 +                    gpg.gpgme_data_release(cipher);
    1.17 +                    if (recipient_keylist)
    1.18 +                        free_stringlist(recipient_keylist);
    1.19 +                    return PEP_OUT_OF_MEMORY;
    1.20 +                }
    1.21 +               
    1.22 +                if (gpgme_decrypt_result != NULL) {
    1.23 +                    stringlist_t* _keylist = recipient_keylist;
    1.24 +                    for (gpgme_recipient_t r = gpgme_decrypt_result->recipients; r != NULL; r = r->next) {
    1.25 +                        // GPGME may give subkey's fpr instead of primary key's fpr.
    1.26 +                        // Therefore we ask for the primary fingerprint instead
    1.27 +                        // we assume that gpgme_get_key can find key by subkey's fpr
    1.28 +                        gpgme_error = gpg.gpgme_get_key(session->ctx,
    1.29 +                            r->keyid, &key, 0);
    1.30 +                        gpgme_error = _GPGERR(gpgme_error);
    1.31 +                        assert(gpgme_error != GPG_ERR_ENOMEM);
    1.32 +                        if (gpgme_error == GPG_ERR_ENOMEM) {
    1.33 +                            free_stringlist(_keylist);
    1.34 +                            result = PEP_OUT_OF_MEMORY;
    1.35 +                        }
    1.36 +                        // Primary key is given as the first subkey
    1.37 +                        if (gpgme_error == GPG_ERR_NO_ERROR &&
    1.38 +                            key && key->subkeys && key->subkeys->fpr
    1.39 +                            && key->subkeys->fpr[0]) {
    1.40 +                            _keylist = stringlist_add(_keylist, key->subkeys->fpr);
    1.41 + 
    1.42 +                            gpg.gpgme_key_unref(key);
    1.43 + 
    1.44 +                        }
    1.45 +                    }
    1.46 +                    assert(_keylist);
    1.47 +                    if (_keylist == NULL) {
    1.48 +                        free_stringlist(recipient_keylist);
    1.49 +                        if (*keylist)
    1.50 +                            free_stringlist(*keylist);
    1.51 +                        *keylist = NULL;
    1.52 +                        result = PEP_OUT_OF_MEMORY;
    1.53 +                    }
    1.54 +                } /* Ok, so now we have any recipients it was encrypted for
    1.55 +                     in recipient_keylist */
    1.56 +            
    1.57 +                   
    1.58                  gpgme_verify_result_t gpgme_verify_result;
    1.59                  char *_buffer = NULL;
    1.60                  size_t reading;
    1.61 @@ -475,6 +524,8 @@
    1.62                  if (_buffer == NULL) {
    1.63                      gpg.gpgme_data_release(plain);
    1.64                      gpg.gpgme_data_release(cipher);
    1.65 +                    if (recipient_keylist)
    1.66 +                        free_stringlist(recipient_keylist);
    1.67                      return PEP_OUT_OF_MEMORY;
    1.68                  }
    1.69  
    1.70 @@ -494,6 +545,15 @@
    1.71                  assert(gpgme_verify_result);
    1.72                  gpgme_signature = gpgme_verify_result->signatures;
    1.73  
    1.74 +                if (!gpgme_signature) {
    1.75 +                    // try cleartext sig verification
    1.76 +                    gpg.gpgme_op_verify(session->ctx, plain, NULL, plain);
    1.77 +                    gpgme_verify_result =
    1.78 +                        gpg.gpgme_op_verify_result(session->ctx);
    1.79 +                            assert(gpgme_verify_result);
    1.80 +                    gpgme_signature = gpgme_verify_result->signatures;                    
    1.81 +                }
    1.82 +
    1.83                  if (gpgme_signature) {
    1.84                      stringlist_t *k;
    1.85                      _keylist = new_stringlist(NULL);
    1.86 @@ -508,7 +568,8 @@
    1.87  
    1.88                      result = PEP_DECRYPTED_AND_VERIFIED;
    1.89                      gpg.gpgme_check(NULL);
    1.90 -                    do {
    1.91 +                    do { /* get all signers and put them at the front off
    1.92 +                            the keylist (likely only one) */
    1.93                          switch (_GPGERR(gpgme_signature->status)) {
    1.94                          case GPG_ERR_NO_ERROR:
    1.95                          {
    1.96 @@ -542,6 +603,8 @@
    1.97  
    1.98                                  if (k == NULL) {
    1.99                                      free_stringlist(_keylist);
   1.100 +                                    if (recipient_keylist)
   1.101 +                                        free (recipient_keylist);
   1.102                                      gpg.gpgme_data_release(plain);
   1.103                                      gpg.gpgme_data_release(cipher);
   1.104                                      free(_buffer);
   1.105 @@ -565,6 +628,8 @@
   1.106                              k = stringlist_add(k, gpgme_signature->fpr);
   1.107                              if (k == NULL) {
   1.108                                  free_stringlist(_keylist);
   1.109 +                                if (recipient_keylist)
   1.110 +                                    free_stringlist(recipient_keylist);
   1.111                                  gpg.gpgme_data_release(plain);
   1.112                                  gpg.gpgme_data_release(cipher);
   1.113                                  free(_buffer);
   1.114 @@ -592,9 +657,24 @@
   1.115                      *psize = reading;
   1.116                      (*ptext)[*psize] = 0; // safeguard for naive users
   1.117                      *keylist = _keylist;
   1.118 +                    if (recipient_keylist)
   1.119 +                        if (!_keylist)
   1.120 +                            *keylist = new_stringlist(""); // no sig 
   1.121 +                        if (!(*keylist)) {
   1.122 +                            free_stringlist(_keylist);
   1.123 +                            if (recipient_keylist)
   1.124 +                                free_stringlist(recipient_keylist);
   1.125 +                            gpg.gpgme_data_release(plain);
   1.126 +                            gpg.gpgme_data_release(cipher);
   1.127 +                            free(_buffer);
   1.128 +                            return PEP_OUT_OF_MEMORY;
   1.129 +                        }    
   1.130 +                        stringlist_append(*keylist, recipient_keylist);
   1.131                  }
   1.132                  else {
   1.133                      free_stringlist(_keylist);
   1.134 +                    if (recipient_keylist)
   1.135 +                        free_stringlist(recipient_keylist);
   1.136                      free(_buffer);
   1.137                  }
   1.138                  break;
   1.139 @@ -627,45 +707,6 @@
   1.140          result = PEP_DECRYPT_WRONG_FORMAT;
   1.141      }
   1.142  
   1.143 -    if (result != PEP_DECRYPT_WRONG_FORMAT && result != PEP_OUT_OF_MEMORY) {
   1.144 -        gpgme_key_t key;
   1.145 -        memset(&key,0,sizeof(key));
   1.146 -        
   1.147 -        if (gpgme_decrypt_result != NULL) {
   1.148 -            if (!(*keylist))
   1.149 -                *keylist = new_stringlist(""); // no sig
   1.150 -            stringlist_t* _keylist = *keylist;
   1.151 -            for (gpgme_recipient_t r = gpgme_decrypt_result->recipients; r != NULL; r = r->next) {
   1.152 -                // GPGME may give subkey's fpr instead of primary key's fpr.
   1.153 -                // Therefore we ask for the primary fingerprint instead
   1.154 -                // we assume that gpgme_get_key can find key by subkey's fpr
   1.155 -                gpgme_error = gpg.gpgme_get_key(session->ctx,
   1.156 -                    r->keyid, &key, 0);
   1.157 -                gpgme_error = _GPGERR(gpgme_error);
   1.158 -                assert(gpgme_error != GPG_ERR_ENOMEM);
   1.159 -                if (gpgme_error == GPG_ERR_ENOMEM) {
   1.160 -                    free_stringlist(_keylist);
   1.161 -                    result = PEP_OUT_OF_MEMORY;
   1.162 -                }
   1.163 -                // Primary key is given as the first subkey
   1.164 -                if (gpgme_error == GPG_ERR_NO_ERROR &&
   1.165 -                    key && key->subkeys && key->subkeys->fpr
   1.166 -                    && key->subkeys->fpr[0]) {
   1.167 -                    _keylist = stringlist_add(_keylist, key->subkeys->fpr);
   1.168 -
   1.169 -                    gpg.gpgme_key_unref(key);
   1.170 -
   1.171 -                }
   1.172 -            }
   1.173 -            assert(_keylist);
   1.174 -            if (_keylist == NULL) {
   1.175 -                free_stringlist(*keylist);
   1.176 -                *keylist = NULL;
   1.177 -                result = PEP_OUT_OF_MEMORY;
   1.178 -            }
   1.179 -        }
   1.180 -    }
   1.181 -
   1.182      gpg.gpgme_data_release(plain);
   1.183      gpg.gpgme_data_release(cipher);
   1.184      return result;
     2.1 --- a/test/least_common_denom_color_test.cc	Mon Feb 20 09:31:58 2017 +0100
     2.2 +++ b/test/least_common_denom_color_test.cc	Mon Feb 20 15:29:23 2017 +0100
     2.3 @@ -74,10 +74,12 @@
     2.4      pEp_identity * recip1 = new_identity("banmeonce@kgrothoff.org", NULL, "TOFU_banemeonce@kgrothoff.org", "Ban Me Once");    
     2.5      recip1->me = false;    
     2.6      status = update_identity(session, recip1);
     2.7 +    key_reset_trust(session, recip1);
     2.8      
     2.9      pEp_identity * recip2 = new_identity("banmetwice@kgrothoff.org", NULL, "TOFU_banemetwice@kgrothoff.org", "Ban Me Twice");    
    2.10      recip2->me = false;    
    2.11      status = update_identity(session, recip2);
    2.12 +    key_reset_trust(session, recip2);
    2.13          
    2.14      ifstream infile(mailfile);
    2.15      string mailtext;