[gmime/gmime-2-4] Signature verification w/o writing to disk
- From: Jeffrey Stedfast <fejj src gnome org>
- To: commits-list gnome org
- Cc: 
- Subject: [gmime/gmime-2-4] Signature verification w/o writing to disk
- Date: Fri, 19 Nov 2010 16:24:16 +0000 (UTC)
commit d4c13f29c300d89eed609a3824b14f2ba262bd8c
Author: Jeffrey Stedfast <fejj gnome org>
Date:   Fri Nov 19 11:23:39 2010 -0500
    Signature verification w/o writing to disk
    
    2010-11-19  Jeffrey Stedfast  <fejj novell com>
    
    	Fixes bug #635152
    
    	* gmime/gmime-gpg-context.c (GpgCtx): No longer has a sigfile
    	member. Instead contains a sigstream and passwd_fd is now
    renamed
    	to secret_fd and used for both sending gpg the user's passwd as
    	well as for sending gpg the digital signature when verifying.
    	(gpg_ctx_new): Updated for the new struct members.
    	(gpg_ctx_set_sigstream): Replaces gpg_ctx_set_sigfile().
    	(gpg_ctx_free): Updated for the new struct members.
    	(gpg_ctx_get_argv): Modify our --verify command-line so that we
    	can pas gpg the digital signature without first writing it to
    	disk. Also modified to return char** instead of a GPtrArray to
    	simplify things.
    	(gpg_ctx_op_start): Modified to also create more pipes in VERIFY
    	mode.
    	(gpg_ctx_op_step): Modified to stream the digital signature to
    	gpg.
    	(gpg_verify): Don't write the digital signature to disk -
    instead,
    	we now stream it directly to gpg.
 ChangeLog                 |   22 +++
 gmime/gmime-gpg-context.c |  352 ++++++++++++++++++++++-----------------------
 2 files changed, 194 insertions(+), 180 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index e8b6363..b9407c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+2010-11-19  Jeffrey Stedfast  <fejj novell com>
+
+	Fixes bug #635152
+
+	* gmime/gmime-gpg-context.c (GpgCtx): No longer has a sigfile
+	member. Instead contains a sigstream and passwd_fd is now renamed
+	to secret_fd and used for both sending gpg the user's passwd as
+	well as for sending gpg the digital signature when verifying.
+	(gpg_ctx_new): Updated for the new struct members.
+	(gpg_ctx_set_sigstream): Replaces gpg_ctx_set_sigfile().
+	(gpg_ctx_free): Updated for the new struct members.
+	(gpg_ctx_get_argv): Modify our --verify command-line so that we
+	can pas gpg the digital signature without first writing it to
+	disk. Also modified to return char** instead of a GPtrArray to
+	simplify things.
+	(gpg_ctx_op_start): Modified to also create more pipes in VERIFY
+	mode.
+	(gpg_ctx_op_step): Modified to stream the digital signature to
+	gpg.
+	(gpg_verify): Don't write the digital signature to disk - instead,
+	we now stream it directly to gpg.
+
 2010-10-13  Jeffrey Stedfast  <fejj novell com>
 
 	* README: Bumped version
diff --git a/gmime/gmime-gpg-context.c b/gmime/gmime-gpg-context.c
index 20e0678..4d07740 100644
--- a/gmime/gmime-gpg-context.c
+++ b/gmime/gmime-gpg-context.c
@@ -261,7 +261,6 @@ struct _GpgCtx {
 	
 	char *path;
 	char *userid;
-	char *sigfile;
 	GPtrArray *recipients;
 	GMimeCipherHash hash;
 	
@@ -269,7 +268,7 @@ struct _GpgCtx {
 	int stdout_fd;
 	int stderr_fd;
 	int status_fd;
-	int passwd_fd;  /* only needed for sign/decrypt */
+	int secret_fd;  /* used for sign/decrypt/verify */
 	
 	/* status-fd buffer */
 	char *statusbuf;
@@ -279,6 +278,7 @@ struct _GpgCtx {
 	char *need_id;
 	char *passwd;
 	
+	GMimeStream *sigstream;
 	GMimeStream *istream;
 	GMimeStream *ostream;
 	
@@ -335,7 +335,6 @@ gpg_ctx_new (GMimeSession *session, const char *path)
 	
 	gpg->path = g_strdup (path);
 	gpg->userid = NULL;
-	gpg->sigfile = NULL;
 	gpg->recipients = NULL;
 	gpg->hash = GMIME_CIPHER_HASH_DEFAULT;
 	gpg->always_trust = FALSE;
@@ -345,7 +344,7 @@ gpg_ctx_new (GMimeSession *session, const char *path)
 	gpg->stdout_fd = -1;
 	gpg->stderr_fd = -1;
 	gpg->status_fd = -1;
-	gpg->passwd_fd = -1;
+	gpg->secret_fd = -1;
 	
 	gpg->statusbuf = g_malloc (128);
 	gpg->statusptr = gpg->statusbuf;
@@ -367,6 +366,7 @@ gpg_ctx_new (GMimeSession *session, const char *path)
 	gpg->signers = NULL;
 	gpg->signer = (GMimeSigner *) &gpg->signers;
 	
+	gpg->sigstream = NULL;
 	gpg->istream = NULL;
 	gpg->ostream = NULL;
 	
@@ -437,13 +437,6 @@ gpg_ctx_add_recipient (struct _GpgCtx *gpg, const char *keyid)
 }
 
 static void
-gpg_ctx_set_sigfile (struct _GpgCtx *gpg, const char *sigfile)
-{
-	g_free (gpg->sigfile);
-	gpg->sigfile = g_strdup (sigfile);
-}
-
-static void
 gpg_ctx_set_armor (struct _GpgCtx *gpg, gboolean armor)
 {
 	gpg->armor = armor;
@@ -468,6 +461,15 @@ gpg_ctx_set_ostream (struct _GpgCtx *gpg, GMimeStream *ostream)
 	gpg->seen_eof1 = FALSE;
 }
 
+static void
+gpg_ctx_set_sigstream (struct _GpgCtx *gpg, GMimeStream *sigstream)
+{
+	g_object_ref (sigstream);
+	if (gpg->sigstream)
+		g_object_unref (gpg->sigstream);
+	gpg->sigstream = sigstream;
+}
+
 static const char *
 gpg_ctx_get_diagnostics (struct _GpgCtx *gpg)
 {
@@ -495,8 +497,6 @@ gpg_ctx_free (struct _GpgCtx *gpg)
 	
 	g_free (gpg->userid);
 	
-	g_free (gpg->sigfile);
-	
 	if (gpg->recipients) {
 		for (i = 0; i < gpg->recipients->len; i++)
 			g_free (gpg->recipients->pdata[i]);
@@ -512,8 +512,8 @@ gpg_ctx_free (struct _GpgCtx *gpg)
 		close (gpg->stderr_fd);
 	if (gpg->status_fd != -1)
 		close (gpg->status_fd);
-	if (gpg->passwd_fd != -1)
-		close (gpg->passwd_fd);
+	if (gpg->secret_fd != -1)
+		close (gpg->secret_fd);
 	
 	g_free (gpg->statusbuf);
 	
@@ -524,6 +524,9 @@ gpg_ctx_free (struct _GpgCtx *gpg)
 		g_free (gpg->passwd);
 	}
 	
+	if (gpg->sigstream)
+		g_object_unref (gpg->sigstream);
+	
 	if (gpg->istream)
 		g_object_unref (gpg->istream);
 	
@@ -569,118 +572,134 @@ gpg_hash_str (GMimeCipherHash hash)
 	}
 }
 
-static GPtrArray *
-gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, char **sfd, int passwd_fd, char **pfd)
+static char **
+gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, int secret_fd, char ***strv)
 {
 	const char *hash_str;
-	GPtrArray *argv;
-	char *buf;
+	char **argv, *buf;
+	GPtrArray *args;
+	int v = 0;
 	guint i;
 	
-	argv = g_ptr_array_new ();
-	g_ptr_array_add (argv, "gpg");
+	*strv = g_new (char *, 3);
+	
+	args = g_ptr_array_new ();
+	g_ptr_array_add (args, "gpg");
 	
-	g_ptr_array_add (argv, "--verbose");
-	g_ptr_array_add (argv, "--no-secmem-warning");
-	g_ptr_array_add (argv, "--no-greeting");
-	g_ptr_array_add (argv, "--no-tty");
-	if (passwd_fd == -1) {
+	g_ptr_array_add (args, "--verbose");
+	g_ptr_array_add (args, "--no-secmem-warning");
+	g_ptr_array_add (args, "--no-greeting");
+	g_ptr_array_add (args, "--no-tty");
+	
+	if (!gpg->need_passwd) {
 		/* only use batch mode if we don't intend on using the
-                   interactive --command-fd option */
-		g_ptr_array_add (argv, "--batch");
-		g_ptr_array_add (argv, "--yes");
+                   interactive --command-fd option to send it the
+                   user's password */
+		g_ptr_array_add (args, "--batch");
+		g_ptr_array_add (args, "--yes");
 	}
 	
-	g_ptr_array_add (argv, "--charset=UTF-8");
+	g_ptr_array_add (args, "--charset=UTF-8");
 	
-	*sfd = buf = g_strdup_printf ("--status-fd=%d", status_fd);
-	g_ptr_array_add (argv, buf);
+	(*strv)[v++] = buf = g_strdup_printf ("--status-fd=%d", status_fd);
+	g_ptr_array_add (args, buf);
 	
-	if (passwd_fd != -1) {
-		*pfd = buf = g_strdup_printf ("--command-fd=%d", passwd_fd);
-		g_ptr_array_add (argv, buf);
+	if (gpg->need_passwd) {
+		(*strv)[v++] = buf = g_strdup_printf ("--command-fd=%d", secret_fd);
+		g_ptr_array_add (args, buf);
 	}
 	
 	switch (gpg->mode) {
 	case GPG_CTX_MODE_SIGN:
-		g_ptr_array_add (argv, "--sign");
-		g_ptr_array_add (argv, "--detach");
+		g_ptr_array_add (args, "--sign");
+		g_ptr_array_add (args, "--detach");
 		if (gpg->armor)
-			g_ptr_array_add (argv, "--armor");
+			g_ptr_array_add (args, "--armor");
 		hash_str = gpg_hash_str (gpg->hash);
 		if (hash_str)
-			g_ptr_array_add (argv, (char *) hash_str);
+			g_ptr_array_add (args, (char *) hash_str);
 		if (gpg->userid) {
-			g_ptr_array_add (argv, "-u");
-			g_ptr_array_add (argv, (char *) gpg->userid);
+			g_ptr_array_add (args, "-u");
+			g_ptr_array_add (args, (char *) gpg->userid);
 		}
-		g_ptr_array_add (argv, "--output");
-		g_ptr_array_add (argv, "-");
+		g_ptr_array_add (args, "--output");
+		g_ptr_array_add (args, "-");
 		break;
 	case GPG_CTX_MODE_VERIFY:
 		if (!g_mime_session_is_online (gpg->session)) {
 			/* this is a deprecated flag to gpg since 1.0.7 */
-			/*g_ptr_array_add (argv, "--no-auto-key-retrieve");*/
-			g_ptr_array_add (argv, "--keyserver-options");
-			g_ptr_array_add (argv, "no-auto-key-retrieve");
+			/*g_ptr_array_add (args, "--no-auto-key-retrieve");*/
+			g_ptr_array_add (args, "--keyserver-options");
+			g_ptr_array_add (args, "no-auto-key-retrieve");
 		}
-		g_ptr_array_add (argv, "--verify");
-		if (gpg->sigfile)
-			g_ptr_array_add (argv, gpg->sigfile);
-		g_ptr_array_add (argv, "-");
+		
+		g_ptr_array_add (args, "--enable-special-filenames");
+		g_ptr_array_add (args, "--verify");
+		g_ptr_array_add (args, "--");
+		
+		/* signature stream must come first */
+		(*strv)[v++] = buf = g_strdup_printf ("-&%d", secret_fd);
+		g_ptr_array_add (args, buf);
+		
+		/* followed by the content stream (in this case, stdin) */
+		g_ptr_array_add (args, "-");
 		break;
 	case GPG_CTX_MODE_SIGN_ENCRYPT:
-		g_ptr_array_add (argv,  "--sign");
+		g_ptr_array_add (args, "--sign");
 		
 		/* fall thru... */
 	case GPG_CTX_MODE_ENCRYPT:
-		g_ptr_array_add (argv,  "--encrypt");
+		g_ptr_array_add (args, "--encrypt");
 		
 		if (gpg->armor)
-			g_ptr_array_add (argv, "--armor");
+			g_ptr_array_add (args, "--armor");
 		
 		if (gpg->always_trust)
-			g_ptr_array_add (argv, "--always-trust");
+			g_ptr_array_add (args, "--always-trust");
 		
 		if (gpg->userid) {
-			g_ptr_array_add (argv, "-u");
-			g_ptr_array_add (argv, (char *) gpg->userid);
+			g_ptr_array_add (args, "-u");
+			g_ptr_array_add (args, (char *) gpg->userid);
 		}
 		
 		if (gpg->recipients) {
 			for (i = 0; i < gpg->recipients->len; i++) {
-				g_ptr_array_add (argv, "-r");
-				g_ptr_array_add (argv, gpg->recipients->pdata[i]);
+				g_ptr_array_add (args, "-r");
+				g_ptr_array_add (args, gpg->recipients->pdata[i]);
 			}
 		}
-		g_ptr_array_add (argv, "--output");
-		g_ptr_array_add (argv, "-");
+		g_ptr_array_add (args, "--output");
+		g_ptr_array_add (args, "-");
 		break;
 	case GPG_CTX_MODE_DECRYPT:
-		g_ptr_array_add (argv, "--decrypt");
-		g_ptr_array_add (argv, "--output");
-		g_ptr_array_add (argv, "-");
+		g_ptr_array_add (args, "--decrypt");
+		g_ptr_array_add (args, "--output");
+		g_ptr_array_add (args, "-");
 		break;
 	case GPG_CTX_MODE_IMPORT:
-		g_ptr_array_add (argv, "--import");
-		g_ptr_array_add (argv, "-");
+		g_ptr_array_add (args, "--import");
+		g_ptr_array_add (args, "-");
 		break;
 	case GPG_CTX_MODE_EXPORT:
 		if (gpg->armor)
-			g_ptr_array_add (argv, "--armor");
-		g_ptr_array_add (argv, "--export");
+			g_ptr_array_add (args, "--armor");
+		g_ptr_array_add (args, "--export");
 		for (i = 0; i < gpg->recipients->len; i++)
-			g_ptr_array_add (argv, gpg->recipients->pdata[i]);
+			g_ptr_array_add (args, gpg->recipients->pdata[i]);
 		break;
 	}
 	
 #if d(!)0
-	for (i = 0; i < argv->len; i++)
-		printf ("%s ", (char *) argv->pdata[i]);
+	for (i = 0; i < args->len; i++)
+		printf ("%s ", (char *) args->pdata[i]);
 	printf ("\n");
 #endif
 	
-	g_ptr_array_add (argv, NULL);
+	g_ptr_array_add (args, NULL);
+	(*strv)[v] = NULL;
+	
+	argv = (char **) args->pdata;
+	g_ptr_array_free (args, FALSE);
 	
 	return argv;
 }
@@ -688,28 +707,27 @@ gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, char **sfd, int passwd_fd,
 static int
 gpg_ctx_op_start (struct _GpgCtx *gpg)
 {
-	char *status_fd = NULL, *passwd_fd = NULL;
 	int i, maxfd, errnosave, fds[10];
-	GPtrArray *argv;
+	char **argv, **strv = NULL;
 	int flags;
 	
 	for (i = 0; i < 10; i++)
 		fds[i] = -1;
 	
-	maxfd = gpg->need_passwd ? 10 : 8;
+	maxfd = (gpg->need_passwd || gpg->sigstream) ? 10 : 8;
 	for (i = 0; i < maxfd; i += 2) {
 		if (pipe (fds + i) == -1)
 			goto exception;
 	}
 	
-	argv = gpg_ctx_get_argv (gpg, fds[7], &status_fd, fds[8], &passwd_fd);
+	argv = gpg_ctx_get_argv (gpg, fds[7], fds[8], &strv);
 	
 	if (!(gpg->pid = fork ())) {
 		/* child process */
 		
-		if ((dup2 (fds[0], STDIN_FILENO) < 0 ) ||
-		    (dup2 (fds[3], STDOUT_FILENO) < 0 ) ||
-		    (dup2 (fds[5], STDERR_FILENO) < 0 )) {
+		if ((dup2 (fds[0], STDIN_FILENO) < 0) ||
+		    (dup2 (fds[3], STDOUT_FILENO) < 0) ||
+		    (dup2 (fds[5], STDERR_FILENO) < 0)) {
 			_exit (255);
 		}
 		
@@ -726,20 +744,18 @@ gpg_ctx_op_start (struct _GpgCtx *gpg)
 		}
 		
 		/* run gpg */
-		execvp (gpg->path, (char **) argv->pdata);
+		execvp (gpg->path, argv);
 		_exit (255);
 	} else if (gpg->pid < 0) {
-		g_ptr_array_free (argv, TRUE);
-		g_free (status_fd);
-		g_free (passwd_fd);
+		g_strfreev (strv);
+		g_free (argv);
 		goto exception;
 	}
 	
-	g_ptr_array_free (argv, TRUE);
-	g_free (status_fd);
-	g_free (passwd_fd);
-	
 	/* Parent */
+	g_strfreev (strv);
+	g_free (argv);
+	
 	close (fds[0]);
 	gpg->stdin_fd = fds[1];
 	gpg->stdout_fd = fds[2];
@@ -748,11 +764,12 @@ gpg_ctx_op_start (struct _GpgCtx *gpg)
 	close (fds[5]);
 	gpg->status_fd = fds[6];
 	close (fds[7]);
-	if (gpg->need_passwd) {
+	
+	if (fds[8] != -1) {
+		flags = (flags = fcntl (fds[9], F_GETFL)) == -1 ? O_WRONLY : flags;
+		fcntl (fds[9], F_SETFL, flags | O_NONBLOCK);
+		gpg->secret_fd = fds[9];
 		close (fds[8]);
-		gpg->passwd_fd = fds[9];
-		flags = (flags = fcntl (gpg->passwd_fd, F_GETFL)) == -1 ? O_WRONLY : flags;
-		fcntl (gpg->passwd_fd, F_SETFL, flags | O_NONBLOCK);
 	}
 	
 	flags = (flags = fcntl (gpg->stdin_fd, F_GETFL)) == -1 ? O_WRONLY : flags;
@@ -773,7 +790,7 @@ gpg_ctx_op_start (struct _GpgCtx *gpg)
 	
 	errnosave = errno;
 	
-	for (i = 0; i < 10; i++) {
+	for (i = 0; i < maxfd; i++) {
 		if (fds[i] != -1)
 			close (fds[i]);
 	}
@@ -1248,7 +1265,7 @@ enum {
 	GPG_STDOUT_FD,
 	GPG_STDERR_FD,
 	GPG_STATUS_FD,
-	GPG_PASSWD_FD,
+	GPG_SECRET_FD,
 	GPG_N_FDS
 };
 
@@ -1360,8 +1377,8 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, GError **err)
 	pfds[GPG_STDIN_FD].fd = gpg->stdin_fd;
 	pfds[GPG_STDIN_FD].events = POLLOUT;
 	
-	pfds[GPG_PASSWD_FD].fd = gpg->passwd_fd;
-	pfds[GPG_PASSWD_FD].events = POLLOUT;
+	pfds[GPG_SECRET_FD].fd = gpg->secret_fd;
+	pfds[GPG_SECRET_FD].events = POLLOUT;
 	
 	do {
 		for (n = 0; n < GPG_N_FDS; n++)
@@ -1415,6 +1432,7 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, GError **err)
 		do {
 			nread = read (gpg->stdout_fd, buffer, sizeof (buffer));
 		} while (nread == -1 && (errno == EINTR || errno == EAGAIN));
+		
 		if (nread == -1)
 			goto exception;
 		
@@ -1435,6 +1453,7 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, GError **err)
 		do {
 			nread = read (gpg->stderr_fd, buffer, sizeof (buffer));
 		} while (nread == -1 && (errno == EINTR || errno == EAGAIN));
+		
 		if (nread == -1)
 			goto exception;
 		
@@ -1445,32 +1464,60 @@ gpg_ctx_op_step (struct _GpgCtx *gpg, GError **err)
 		}
 	}
 	
-	if ((pfds[GPG_PASSWD_FD].revents & (POLLOUT | POLLHUP)) && gpg->need_passwd && gpg->send_passwd) {
-		size_t n, nwritten = 0;
-		ssize_t w;
-		
-		d(printf ("sending gpg our passphrase...\n"));
-		
-		/* send the passphrase to gpg */
-		n = strlen (gpg->passwd);
-		do {
+	if ((pfds[GPG_SECRET_FD].revents & (POLLOUT | POLLHUP))) {
+		if (gpg->need_passwd && gpg->send_passwd) {
+			size_t n, nwritten = 0;
+			ssize_t w;
+			
+			d(printf ("sending gpg our passphrase...\n"));
+			
+			/* send the passphrase to gpg */
+			n = strlen (gpg->passwd);
 			do {
-				w = write (gpg->passwd_fd, gpg->passwd + nwritten, n - nwritten);
-			} while (w == -1 && (errno == EINTR || errno == EAGAIN));
+				do {
+					w = write (gpg->secret_fd, gpg->passwd + nwritten, n - nwritten);
+				} while (w == -1 && (errno == EINTR || errno == EAGAIN));
+				
+				if (w > 0)
+					nwritten += w;
+			} while (nwritten < n && w != -1);
 			
-			if (w > 0)
-				nwritten += w;
-		} while (nwritten < n && w != -1);
-		
-		/* zero and free our passwd buffer */
-		memset (gpg->passwd, 0, n);
-		g_free (gpg->passwd);
-		gpg->passwd = NULL;
-		
-		if (w == -1)
-			goto exception;
-		
-		gpg->send_passwd = FALSE;
+			/* zero and free our passwd buffer */
+			memset (gpg->passwd, 0, n);
+			g_free (gpg->passwd);
+			gpg->passwd = NULL;
+			
+			if (w == -1)
+				goto exception;
+			
+			gpg->send_passwd = FALSE;
+		} else if (gpg->mode == GPG_CTX_MODE_VERIFY) {
+			ssize_t nread, w, nwritten = 0;
+			char buffer[4096];
+			
+			d(printf ("sending gpg our digital signature...\n"));
+			
+			/* write our stream to gpg's sig fd */
+			nread = g_mime_stream_read (gpg->sigstream, buffer, sizeof (buffer));
+			if (nread > 0) {
+				do {
+					do {
+						w = write (gpg->secret_fd, buffer + nwritten, nread - nwritten);
+					} while (w == -1 && (errno == EINTR || errno == EAGAIN));
+					
+					if (w > 0)
+						nwritten += w;
+				} while (nwritten < nread && w != -1);
+				
+				if (w == -1)
+					goto exception;
+			}
+			
+			if (g_mime_stream_eos (gpg->sigstream)) {
+				close (gpg->secret_fd);
+				gpg->secret_fd = -1;
+			}
+		}
 	}
 	
 	if ((pfds[GPG_STDIN_FD].revents & (POLLOUT | POLLHUP)) && gpg->istream) {
@@ -1692,35 +1739,6 @@ gpg_sign (GMimeCipherContext *context, const char *userid, GMimeCipherHash hash,
 }
 
 
-static char *
-swrite (GMimeStream *istream)
-{
-	GMimeStream *ostream;
-	char *template;
-	int fd, ret;
-	
-	template = g_build_filename (g_get_tmp_dir (), "gmime-pgp.XXXXXX", NULL);
-	if ((fd = mkstemp (template)) == -1) {
-		g_free (template);
-		return NULL;
-	}
-	
-	ostream = g_mime_stream_fs_new (fd);
-	if ((ret = g_mime_stream_write_to_stream (istream, ostream)) != -1) {
-		if ((ret = g_mime_stream_flush (ostream)) != -1)
-			ret = g_mime_stream_close (ostream);
-	}
-	g_object_unref (ostream);
-	
-	if (ret == -1) {
-		unlink (template);
-		g_free (template);
-		return NULL;
-	}
-	
-	return template;
-}
-
 static GMimeSignatureValidity *
 gpg_verify (GMimeCipherContext *context, GMimeCipherHash hash,
 	    GMimeStream *istream, GMimeStream *sigstream,
@@ -1730,38 +1748,28 @@ gpg_verify (GMimeCipherContext *context, GMimeCipherHash hash,
 	GMimeSignatureValidity *validity;
 	const char *diagnostics;
 	struct _GpgCtx *gpg;
-	char *sigfile = NULL;
 	gboolean valid;
 	
-	if (sigstream != NULL) {
-		/* We are going to verify a detached signature so save
-		   the signature to a temp file. */
-		if (!(sigfile = swrite (sigstream))) {
-			g_set_error (err, GMIME_ERROR, errno,
-				     _("Cannot verify message signature: "
-				       "could not create temp file: %s"),
-				     g_strerror (errno));
-			return NULL;
-		}
-	}
-	
 	gpg = gpg_ctx_new (context->session, ctx->path);
 	gpg_ctx_set_mode (gpg, GPG_CTX_MODE_VERIFY);
-	gpg_ctx_set_hash (gpg, hash);
-	gpg_ctx_set_sigfile (gpg, sigfile);
+	gpg_ctx_set_sigstream (gpg, sigstream);
 	gpg_ctx_set_istream (gpg, istream);
+	gpg_ctx_set_hash (gpg, hash);
 	
 	if (gpg_ctx_op_start (gpg) == -1) {
 		g_set_error (err, GMIME_ERROR, errno,
 			     _("Failed to execute gpg: %s"),
 			     errno ? g_strerror (errno) : _("Unknown"));
-		goto exception;
+		gpg_ctx_free (gpg);
+		
+		return NULL;
 	}
 	
 	while (!gpg_ctx_op_complete (gpg)) {
 		if (gpg_ctx_op_step (gpg, err) == -1) {
 			gpg_ctx_op_cancel (gpg);
-			goto exception;
+			gpg_ctx_free (gpg);
+			return NULL;
 		}
 	}
 	
@@ -1788,23 +1796,7 @@ gpg_verify (GMimeCipherContext *context, GMimeCipherHash hash,
 	
 	gpg_ctx_free (gpg);
 	
-	if (sigfile) {
-		unlink (sigfile);
-		g_free (sigfile);
-	}
-	
 	return validity;
-	
- exception:
-	
-	gpg_ctx_free (gpg);
-	
-	if (sigfile) {
-		unlink (sigfile);
-		g_free (sigfile);
-	}
-	
-	return NULL;
 }
 
 
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]