From 41dc3bd22a3e0001abec8f2bea79b40ee5ad00be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= <dev@ingo-kloecker.de>
Date: Wed, 8 Feb 2023 14:44:38 +0100
Subject: [PATCH] core: Allow finalization of signature verification of
 unencrypted data

* src/decrypt-verify.c (decrypt_verify_status_handler): Call
_gpgme_verify_status_handler on EOF even if
_gpgme_decrypt_status_handler returned NO DATA error.

* tests/gpg/t-decrypt-verify.c (normal_signed_message): New.
(main): Add test with signed, but not encrypted data.
--

This allows the verify status handler to finalize the verification of
the last signature even if the decrypt status handler returned a NO DATA
error because the input data wasn't encrypted.

GnuPG-bug-id: 6368
---
 src/decrypt-verify.c         | 10 +++++++---
 tests/gpg/t-decrypt-verify.c | 31 +++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/src/decrypt-verify.c b/src/decrypt-verify.c
index b63318f2..3ff15feb 100644
--- a/src/decrypt-verify.c
+++ b/src/decrypt-verify.c
@@ -35,13 +35,17 @@ decrypt_verify_status_handler (void *priv, gpgme_status_code_t code,
 			       char *args)
 {
   gpgme_error_t err;
+  gpgme_error_t err2;
 
   err = _gpgme_progress_status_handler (priv, code, args);
   if (!err)
     err = _gpgme_decrypt_status_handler (priv, code, args);
-  if (!err)
-      err = _gpgme_verify_status_handler (priv, code, args);
-  return err;
+  /* Allow finalization of signature verification even if previous handler
+   * returned NO DATA error which just means that the data wasn't encrypted. */
+  if (!err
+      || (code == GPGME_STATUS_EOF && gpg_err_code (err) == GPG_ERR_NO_DATA))
+    err2 = _gpgme_verify_status_handler (priv, code, args);
+  return err ? err : err2;
 }
 
 
diff --git a/tests/gpg/t-decrypt-verify.c b/tests/gpg/t-decrypt-verify.c
index 211f8129..424cc817 100644
--- a/tests/gpg/t-decrypt-verify.c
+++ b/tests/gpg/t-decrypt-verify.c
@@ -36,6 +36,16 @@
 #include "t-support.h"
 
 
+static const char normal_signed_message[] =
+"-----BEGIN PGP MESSAGE-----\n"
+"\n"
+"owGbwMvMwCSoW1RzPCOz3IRxjXQSR0lqcYleSUWJTZOvjVdpcYmCu1+oQmaJIleH\n"
+"GwuDIBMDGysTSIqBi1MApi+nlGGuwDeHao53HBr+FoVGP3xX+kvuu9fCMJvl6IOf\n"
+"y1kvP4y+8D5a11ang0udywsA\n"
+"=Crq6\n"
+"-----END PGP MESSAGE-----\n";
+
+
 static void
 check_verify_result (gpgme_verify_result_t result, unsigned int summary,
 		     const char *fpr, gpgme_error_t status, int validity)
@@ -141,6 +151,27 @@ main (int argc, char *argv[])
 
   gpgme_data_release (in);
   gpgme_data_release (out);
+
+  /* Checking a signed, but not encrypted message.  */
+  err = gpgme_data_new_from_mem (&in, normal_signed_message, strlen (normal_signed_message), 0);
+  fail_if_err (err);
+  err = gpgme_data_new (&out);
+  fail_if_err (err);
+  err = gpgme_op_decrypt_verify (ctx, in, out);
+  /* should have returned "no data" because the message is not encrypted */
+  if (gpgme_err_code (err) != GPG_ERR_NO_DATA)
+    {
+      fprintf (stderr, "%s:%i: Unexpected result of gpgme_op_decrypt_verify: %s\n",
+	       __FILE__, __LINE__, gpgme_strerror (err));
+    }
+  verify_result = gpgme_op_verify_result (ctx);
+  check_verify_result (verify_result, GPGME_SIGSUM_VALID|GPGME_SIGSUM_GREEN,
+		       "A0FF4590BB6122EDEF6E3C542D727CC768697734",
+		       GPG_ERR_NO_ERROR, GPGME_VALIDITY_FULL);
+
+  gpgme_data_release (in);
+  gpgme_data_release (out);
+
   gpgme_release (ctx);
   return 0;
 }