[gmime] Added ENABLE_KEYSERVER_LOOKUPS and flip the logic



commit f1123691ba3110f3c945a3c6cf1a5128d6ab7dc3
Author: Jeffrey Stedfast <jestedfa microsoft com>
Date:   Mon May 21 19:44:18 2018 -0400

    Added ENABLE_KEYSERVER_LOOKUPS and flip the logic
    
    Clients that wish to enable online certificate and/or
    keyserver lookups now need to explicitly enable this
    functionality.
    
    These changes are designed to make it more difficult
    for clients to be susceptible to Efail privacy exploits.

 gmime/gmime-crypto-context.h |   20 ++++++++++++--------
 gmime/gmime-gpgme-utils.c    |    5 ++---
 2 files changed, 14 insertions(+), 11 deletions(-)
---
diff --git a/gmime/gmime-crypto-context.h b/gmime/gmime-crypto-context.h
index 991cc69..5089aea 100644
--- a/gmime/gmime-crypto-context.h
+++ b/gmime/gmime-crypto-context.h
@@ -79,17 +79,19 @@ typedef GMimeCryptoContext * (* GMimeCryptoContextNewFunc) (void);
 /**
  * GMimeDecryptFlags:
  * @GMIME_DECRYPT_NONE: No flags specified.
- * @GMIME_DECRYPT_EXPORT_SESSION_KEY: Export the decryption session-key
- * @GMIME_DECRYPT_DISABLE_ONLINE_CERTIFICATE_CHECKS: Disable CRL and OCSP checks that require network 
lookups.
+ * @GMIME_DECRYPT_EXPORT_SESSION_KEY: Export the decryption session-key.
+ * @GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS: Enable OpenPGP keyserver lookups.
+ * @GMIME_DECRYPT_ENABLE_ONLINE_CERTIFICATE_CHECKS: Enable CRL and OCSP checks that require network lookups.
  *
  * Decryption flags.
  **/
 typedef enum {
-       GMIME_DECRYPT_NONE                              = 0,
-       GMIME_DECRYPT_EXPORT_SESSION_KEY                = 1 << 0,
+       GMIME_DECRYPT_NONE                             = 0,
+       GMIME_DECRYPT_EXPORT_SESSION_KEY               = 1 << 0,
 
        /* Note: these values must stay in sync with GMimeVerifyFlags */
-       GMIME_DECRYPT_DISABLE_ONLINE_CERTIFICATE_CHECKS = 1 << 15
+       GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS         = 1 << 15,
+       GMIME_DECRYPT_ENABLE_ONLINE_CERTIFICATE_CHECKS = 1 << 15
 } GMimeDecryptFlags;
 
 
@@ -115,13 +117,15 @@ typedef enum {
 /**
  * GMimeVerifyFlags:
  * @GMIME_VERIFY_NONE: No flags specified.
- * @GMIME_VERIFY_DISABLE_ONLINE_CERTIFICATE_CHECKS: Disable CRL and OCSP checks that require network lookups.
+ * @GMIME_VERIFY_ENABLE_KEYSERVER_LOOKUPS: Enable OpenPGP keyserver lookups.
+ * @GMIME_VERIFY_ENABLE_ONLINE_CERTIFICATE_CHECKS: Enable CRL and OCSP checks that require network lookups.
  *
  * Signature verification flags.
  **/
 typedef enum {
-       GMIME_VERIFY_NONE                              = 0,
-       GMIME_VERIFY_DISABLE_ONLINE_CERTIFICATE_CHECKS = 1 << 15,
+       GMIME_VERIFY_NONE                             = 0,
+       GMIME_VERIFY_ENABLE_KEYSERVER_LOOKUPS         = 1 << 15,
+       GMIME_VERIFY_ENABLE_ONLINE_CERTIFICATE_CHECKS = 1 << 15
 } GMimeVerifyFlags;
 
 
diff --git a/gmime/gmime-gpgme-utils.c b/gmime/gmime-gpgme-utils.c
index 4866405..6d8ce13 100644
--- a/gmime/gmime-gpgme-utils.c
+++ b/gmime/gmime-gpgme-utils.c
@@ -438,7 +438,7 @@ g_mime_gpgme_verify (gpgme_ctx_t ctx, GMimeVerifyFlags flags, GMimeStream *istre
                return NULL;
        }
        
-       gpgme_set_offline (ctx, (flags & GMIME_VERIFY_DISABLE_ONLINE_CERTIFICATE_CHECKS) == 0);
+       gpgme_set_offline (ctx, (flags & GMIME_VERIFY_ENABLE_ONLINE_CERTIFICATE_CHECKS) == 0);
        
        error = gpgme_op_verify (ctx, sig, signed_text, plain);
        if (signed_text)
@@ -603,8 +603,7 @@ g_mime_gpgme_decrypt (gpgme_ctx_t ctx, GMimeDecryptFlags flags, const char *sess
        
        /* decrypt the input stream */
        if (gpgme_get_protocol (ctx) == GPGME_PROTOCOL_OpenPGP) {
-               /* Note: not currently supported for OpenPGP */
-               /*gpgme_set_offline (ctx, (flags & GMIME_DECRYPT_DISABLE_KEYSERVER_LOOKUPS) == 0);*/
+               gpgme_set_offline (ctx, (flags & GMIME_DECRYPT_ENABLE_KEYSERVER_LOOKUPS) == 0);
                
                error = gpgme_op_decrypt_verify (ctx, input, output);
        } else {


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]