* decrypt.c (gpgsm_decrypt): Allow multiple recipients.

2025-01-03 12:11:33 +01:00 · 2002-03-13 10:19:50 +00:00 · 2002-03-13 10:19:50 +00:00 · c6736b6435
commit c6736b6435
parent 1f6d901db6
4 changed files with 33 additions and 14 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,5 +1,11 @@
+2002-03-13  Werner Koch  <wk@gnupg.org>
+
+	* decrypt.c (gpgsm_decrypt): Allow multiple recipients.
+
 2002-03-12  Werner Koch  <wk@gnupg.org>

+	* certpath.c (check_cert_policy): Print the policy list.
+
 	* verify.c (gpgsm_verify): Detect certs-only message.

 2002-03-11  Werner Koch  <wk@gnupg.org>
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -100,10 +100,13 @@ check_cert_policy (KsbaCert cert)
    return map_ksba_err (err);

  /* STRING is a line delimited list of certifiate policies as stored
-     in the certificate.  The line itself is colon delimted where the
+     in the certificate.  The line itself is colon delimited where the
     first field is the OID of the policy and the second field either
     N or C for normal or critical extension */

+  if (opt.verbose > 1)
+    log_info ("certificate's policy list: %s\n", policies);
+
  /* The check is very minimal but won't give false positives */
  any_critical = !!strstr (policies, ":C");

--- a/sm/certpath.c
+++ b/sm/certpath.c
@ -100,10 +100,13 @@ check_cert_policy (KsbaCert cert)
    return map_ksba_err (err);

  /* STRING is a line delimited list of certifiate policies as stored
-     in the certificate.  The line itself is colon delimted where the
+     in the certificate.  The line itself is colon delimited where the
     first field is the OID of the policy and the second field either
     N or C for normal or critical extension */

+  if (opt.verbose > 1)
+    log_info ("certificate's policy list: %s\n", policies);
+
  /* The check is very minimal but won't give false positives */
  any_critical = !!strstr (policies, ":C");

--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -312,6 +312,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
        {
          int algo, mode;
          const char *algoid;
+          int any_key = 0;
          
          algoid = ksba_cms_get_content_oid (cms, 2/* encryption algo*/);
          algo = gcry_cipher_map_name (algoid);
@ -339,7 +340,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
              goto leave;
            }
          
-          for (recp=0; recp < 1; recp++)
+          for (recp=0; !any_key; recp++)
            {
              char *issuer;
              KsbaSexp serial;
@ -347,6 +348,8 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
              char *hexkeygrip = NULL;

              err = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
+              if (err == -1 && recp)
+                break; /* no more recipients */
              if (err)
                log_error ("recp %d - error getting info: %s\n",
                           recp, ksba_strerror (err));
@ -364,7 +367,7 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
                  rc = keydb_search_issuer_sn (kh, issuer, serial);
                  if (rc)
                    {
-                      log_debug ("failed to find the certificate: %s\n",
+                      log_error ("failed to find the certificate: %s\n",
                                 gnupg_strerror(rc));
                      goto oops;
                    }
@ -372,8 +375,9 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
                  rc = keydb_get_cert (kh, &cert);
                  if (rc)
                    {
-                      log_debug ("failed to get cert: %s\n", gnupg_strerror (rc));
-                      goto oops;                    }
+                      log_error ("failed to get cert: %s\n", gnupg_strerror (rc));
+                      goto oops;     
+                    }

                  hexkeygrip = gpgsm_get_keygrip_hexstring (cert);

@ -383,31 +387,34 @@ gpgsm_decrypt (CTRL ctrl, int in_fd, FILE *out_fp)
                  ksba_cert_release (cert);
                }

-              enc_val = ksba_cms_get_enc_val (cms, recp);
-              if (!enc_val)
+              if (!hexkeygrip)
+                ;
+              else if (!(enc_val = ksba_cms_get_enc_val (cms, recp)))
                log_error ("recp %d - error getting encrypted session key\n",
                           recp);
              else
                {
-                  rc = prepare_decryption (hexkeygrip, enc_val,
-                                           &dfparm);
+                  rc = prepare_decryption (hexkeygrip, enc_val, &dfparm);
                  xfree (enc_val);
                  if (rc)
                    {
-                      /* fixme: as soon as we support multiple recipients, we 
-                         should just set a flag and try the next recipient */
-                      log_error ("decrypting session key failed: %s\n",
+                      log_debug ("decrypting session key failed: %s\n",
                                 gnupg_strerror (rc));
-                      goto leave;
                    }
                  else
                    { /* setup the bulk decrypter */
+                      any_key = 1;
                      ksba_writer_set_filter (writer,
                                              decrypt_filter,
                                              &dfparm);
                    }
                }
            }
+          if (!any_key)
+            {
+              rc = GNUPG_No_Secret_Key;
+              goto leave;
+            }
        }
      else if (stopreason == KSBA_SR_END_DATA)
        {