[gmime] Fixed gpg verify logic (and simplified pkcs7 verify logic)
- From: Jeffrey Stedfast <fejj src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gmime] Fixed gpg verify logic (and simplified pkcs7 verify logic)
- Date: Fri, 10 Mar 2017 15:19:14 +0000 (UTC)
commit 267a4cb223ed08417836c3b20a137a7859fafcaf
Author: Jeffrey Stedfast <jestedfa microsoft com>
Date: Fri Mar 10 10:02:20 2017 -0500
Fixed gpg verify logic (and simplified pkcs7 verify logic)
gmime/gmime-gpg-context.c | 67 ++++++++++++++++++++----------------------
gmime/gmime-pkcs7-context.c | 18 ++++--------
2 files changed, 38 insertions(+), 47 deletions(-)
---
diff --git a/gmime/gmime-gpg-context.c b/gmime/gmime-gpg-context.c
index ec14f60..57e00d8 100644
--- a/gmime/gmime-gpg-context.c
+++ b/gmime/gmime-gpg-context.c
@@ -368,57 +368,54 @@ gpg_verify (GMimeCryptoContext *context, GMimeVerifyFlags flags, GMimeStream *is
{
#ifdef ENABLE_CRYPTO
GMimeGpgContext *gpg = (GMimeGpgContext *) context;
- gpgme_data_t message, signature, plaintext;
+ gpgme_data_t sig, signed_text, plain;
gpgme_error_t error;
- if ((error = gpgme_data_new_from_cbs (&message, &gpg_stream_funcs, istream)) != GPG_ERR_NO_ERROR) {
- g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream: %s"),
gpgme_strerror (error));
- return NULL;
- }
-
- /* if @sigstream is non-NULL, then it is a detached signature */
if (sigstream != NULL) {
- if ((error = gpgme_data_new_from_cbs (&signature, &gpg_stream_funcs, sigstream)) !=
GPG_ERR_NO_ERROR) {
+ /* if @sigstream is non-NULL, then it is a detached signature */
+ if ((error = gpgme_data_new_from_cbs (&signed_text, &pkcs7_stream_funcs, istream)) !=
GPG_ERR_NO_ERROR) {
+ g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream: %s"),
gpgme_strerror (error));
+ return NULL;
+ }
+
+ if ((error = gpgme_data_new_from_cbs (&sig, &pkcs7_stream_funcs, sigstream)) !=
GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open signature stream: %s"),
gpgme_strerror (error));
- gpgme_data_release (message);
+ gpgme_data_release (signed_text);
return NULL;
}
- } else {
- signature = NULL;
- }
-
- /* if @ostream is non-NULL, then we are expected to write the extracted plaintext to it */
- if (ostream != NULL) {
- if ((error = gpgme_data_new_from_cbs (&plaintext, &gpg_stream_funcs, ostream)) !=
GPG_ERR_NO_ERROR) {
+
+ plain = NULL;
+ } else if (ostream != NULL) {
+ /* if @ostream is non-NULL, then we are expected to write the extracted plaintext to it */
+ if ((error = gpgme_data_new_from_cbs (&sig, &pkcs7_stream_funcs, istream)) !=
GPG_ERR_NO_ERROR) {
+ g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open input stream: %s"),
gpgme_strerror (error));
+ return NULL;
+ }
+
+ if ((error = gpgme_data_new_from_cbs (&plain, &pkcs7_stream_funcs, ostream)) !=
GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not open output stream: %s"),
gpgme_strerror (error));
- if (signature)
- gpgme_data_release (signature);
- gpgme_data_release (message);
+ gpgme_data_release (sig);
return NULL;
}
+
+ signed_text = NULL;
} else {
- plaintext = NULL;
+ g_set_error_literal (err, GMIME_GPGME_ERROR, error, _("Missing signature stream or output
stream"));
+ return NULL;
}
- if ((error = gpgme_op_verify (gpg->ctx, signature, message, plaintext)) != GPG_ERR_NO_ERROR) {
+ error = gpgme_op_verify (gpg->ctx, signature, message, plaintext);
+ if (signed_text)
+ gpgme_data_release (signed_text);
+ if (plain)
+ gpgme_data_release (plain);
+ gpgme_data_release (sig);
+
+ if (error != GPG_ERR_NO_ERROR) {
g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not verify gpg signature: %s"),
gpgme_strerror (error));
- if (plaintext)
- gpgme_data_release (plaintext);
- if (signature)
- gpgme_data_release (signature);
- gpgme_data_release (message);
return NULL;
}
- if (plaintext)
- gpgme_data_release (plaintext);
-
- if (signature)
- gpgme_data_release (signature);
-
- if (message)
- gpgme_data_release (message);
-
/* get/return the gpg signatures */
return g_mime_gpgme_get_signatures (gpg->ctx, TRUE);
#else
diff --git a/gmime/gmime-pkcs7-context.c b/gmime/gmime-pkcs7-context.c
index 44a8e77..f7fbf1a 100644
--- a/gmime/gmime-pkcs7-context.c
+++ b/gmime/gmime-pkcs7-context.c
@@ -486,24 +486,18 @@ pkcs7_verify (GMimeCryptoContext *context, GMimeVerifyFlags flags, GMimeStream *
return NULL;
}
- if ((error = gpgme_op_verify (pkcs7->ctx, sig, signed_text, plain)) != GPG_ERR_NO_ERROR) {
- g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not verify pkcs7 signature: %s"),
gpgme_strerror (error));
- if (signed_text)
- gpgme_data_release (signed_text);
- if (plain)
- gpgme_data_release (plain);
- gpgme_data_release (sig);
- return NULL;
- }
-
+ error = gpgme_op_verify (pkcs7->ctx, sig, signed_text, plain);
if (signed_text)
gpgme_data_release (signed_text);
-
if (plain)
gpgme_data_release (plain);
-
gpgme_data_release (sig);
+ if (error != GPG_ERR_NO_ERROR) {
+ g_set_error (err, GMIME_GPGME_ERROR, error, _("Could not verify pkcs7 signature: %s"),
gpgme_strerror (error));
+ return NULL;
+ }
+
/* get/return the pkcs7 signatures */
return g_mime_gpgme_get_signatures (pkcs7->ctx, TRUE);
#else
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
