diff options
author | Aleksander Machniak <alec@alec.pl> | 2018-04-04 12:14:35 +0300 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2018-04-04 12:14:35 +0300 |
commit | f63150b256ed2d3a568004f278642a64457c00cd (patch) | |
tree | e005474ecd1e3e17f28c1146264f553bf63153ea /plugins | |
parent | 8b0540d402cc545e3f79d4572568a306320c4bf7 (diff) |
Enigma: Fix key selection for signing
In some cases a public key of other user could be selected instead
of the sender's private key
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/enigma/lib/enigma_engine.php | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php index e0bd8bc27..bbe380cd0 100644 --- a/plugins/enigma/lib/enigma_engine.php +++ b/plugins/enigma/lib/enigma_engine.php @@ -29,6 +29,7 @@ class enigma_engine private $pgp_driver; private $smime_driver; private $password_time; + private $cache = array(); public $decryptions = array(); public $signatures = array(); @@ -348,7 +349,7 @@ class enigma_engine $from = $from[1]; // find my key - if ($from && ($key = $this->find_key($from))) { + if ($from && ($key = $this->find_key($from, true))) { $pubkey_armor = $this->export_key($key->id); if (!$pubkey_armor instanceof enigma_error) { @@ -979,6 +980,10 @@ class enigma_engine */ function find_key($email, $can_sign = false) { + if ($can_sign && array_key_exists($email, $this->cache)) { + return $this->cache[$email]; + } + $this->load_pgp_driver(); $result = $this->pgp_driver->list_keys($email); @@ -988,13 +993,25 @@ class enigma_engine } $mode = $can_sign ? enigma_key::CAN_SIGN : enigma_key::CAN_ENCRYPT; + $ret = null; // check key validity and type foreach ($result as $key) { - if ($subkey = $key->find_subkey($email, $mode)) { - return $key; + if (($subkey = $key->find_subkey($email, $mode)) + && (!$can_sign || $key->get_type() == enigma_key::TYPE_KEYPAIR) + ) { + $ret = $key; + break; } } + + // cache private key info for better performance + // we can skip one list_keys() call when signing and attaching a key + if ($can_sign) { + $this->cache[$email] = $ret; + } + + return $ret; } /** |