security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

* decrypt.c (gpgsm_decrypt): Allow multiple recipients.

Browse Source
This commit is contained in:
Werner Koch 2002-03-13 10:19:50 +00:00
parent 1f6d901db6
commit c6736b6435
4 changed files with 33 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sm/ChangeLog
View File

@ -1,5 +1,11 @@
2002-03-13 Werner Koch <wk@gnupg.org>
* decrypt.c (gpgsm_decrypt): Allow multiple recipients.
2002-03-12 Werner Koch <wk@gnupg.org> 2002-03-12 Werner Koch <wk@gnupg.org>
* certpath.c (check_cert_policy): Print the policy list.
* verify.c (gpgsm_verify): Detect certs-only message. * verify.c (gpgsm_verify): Detect certs-only message.
2002-03-11 Werner Koch <wk@gnupg.org> 2002-03-11 Werner Koch <wk@gnupg.org>

5
sm/certchain.c
View File

@ -100,10 +100,13 @@ check_cert_policy (KsbaCert cert)
return map_ksba_err (err); return map_ksba_err (err);
/* STRING is a line delimited list of certifiate policies as stored /* STRING is a line delimited list of certifiate policies as stored
in the certificate. The line itself is colon delimted where the in the certificate. The line itself is colon delimited where the
first field is the OID of the policy and the second field either first field is the OID of the policy and the second field either
N or C for normal or critical extension */ N or C for normal or critical extension */
if (opt.verbose > 1)
log_info ("certificate's policy list: %s\n", policies);
/* The check is very minimal but won't give false positives */ /* The check is very minimal but won't give false positives */
any_critical = !!strstr (policies, ":C"); any_critical = !!strstr (policies, ":C");

5
sm/certpath.c
View File

@ -100,10 +100,13 @@ check_cert_policy (KsbaCert cert)
return map_ksba_err (err); return map_ksba_err (err);
/* STRING is a line delimited list of certifiate policies as stored /* STRING is a line delimited list of certifiate policies as stored
in the certificate. The line itself is colon delimted where the in the certificate. The line itself is colon delimited where the
first field is the OID of the policy and the second field either first field is the OID of the policy and the second field either
N or C for normal or critical extension */ N or C for normal or critical extension */
if (opt.verbose > 1)
log_info ("certificate's policy list: %s\n", policies);
/* The check is very minimal but won't give false positives */ /* The check is very minimal but won't give false positives */
any_critical = !!strstr (policies, ":C"); any_critical = !!strstr (policies, ":C");

31
sm/decrypt.c
View File

@ -312,6 +312,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
{ {
int algo, mode; int algo, mode;
const char *algoid; const char *algoid;
int any_key = 0;
algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/); algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/);
algo = gcry_cipher_map_name (algoid); algo = gcry_cipher_map_name (algoid);
@ -339,7 +340,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
goto leave; goto leave;
} }
for (recp=0; recp < 1; recp++) for (recp=0; !any_key; recp++)
{ {
char *issuer; char *issuer;
KsbaSexp serial; KsbaSexp serial;
@ -347,6 +348,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
char *hexkeygrip = NULL; char *hexkeygrip = NULL;
err = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial); err = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
if (err == -1 && recp)
break; /* no more recipients */
if (err) if (err)
log_error ("recp %d - error getting info: %s\n", log_error ("recp %d - error getting info: %s\n",
recp, ksba_strerror (err)); recp, ksba_strerror (err));
@ -364,7 +367,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
rc = keydb_search_issuer_sn (kh, issuer, serial); rc = keydb_search_issuer_sn (kh, issuer, serial);
if (rc) if (rc)
{ {
log_debug ("failed to find the certificate: %s\n", log_error ("failed to find the certificate: %s\n",
gnupg_strerror(rc)); gnupg_strerror(rc));
goto oops; goto oops;
} }
@ -372,8 +375,9 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
rc = keydb_get_cert (kh, &cert); rc = keydb_get_cert (kh, &cert);
if (rc) if (rc)
{ {
log_debug ("failed to get cert: %s\n", gnupg_strerror (rc)); log_error ("failed to get cert: %s\n", gnupg_strerror (rc));
goto oops; } goto oops;
}
hexkeygrip = gpgsm_get_keygrip_hexstring (cert); hexkeygrip = gpgsm_get_keygrip_hexstring (cert);
@ -383,31 +387,34 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
ksba_cert_release (cert); ksba_cert_release (cert);
} }
enc_val = ksba_cms_get_enc_val (cms, recp); if (!hexkeygrip)
if (!enc_val) ;
else if (!(enc_val = ksba_cms_get_enc_val (cms, recp)))
log_error ("recp %d - error getting encrypted session key\n", log_error ("recp %d - error getting encrypted session key\n",
recp); recp);
else else
{ {
rc = prepare_decryption (hexkeygrip, enc_val, rc = prepare_decryption (hexkeygrip, enc_val, &dfparm);
&dfparm);
xfree (enc_val); xfree (enc_val);
if (rc) if (rc)
{ {
/* fixme: as soon as we support multiple recipients, we log_debug ("decrypting session key failed: %s\n",
should just set a flag and try the next recipient */
log_error ("decrypting session key failed: %s\n",
gnupg_strerror (rc)); gnupg_strerror (rc));
goto leave;
} }
else else
{ /* setup the bulk decrypter */ { /* setup the bulk decrypter */
any_key = 1;
ksba_writer_set_filter (writer, ksba_writer_set_filter (writer,
decrypt_filter, decrypt_filter,
&dfparm); &dfparm);
} }
} }
} }
if (!any_key)
{
rc = GNUPG_No_Secret_Key;
goto leave;
}
} }
else if (stopreason == KSBA_SR_END_DATA) else if (stopreason == KSBA_SR_END_DATA)
{ {