5 files changed, 50 insertions, 21 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index a52f51cec..3f9e747d5 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -459,9 +459,10 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 
 *** SESSION_KEY <algo>:<hexdigits>
     The session key used to decrypt the message.  This message will
-    only be emitted when the special option --show-session-key is
-    used.  The format is suitable to be passed to the option
-    --override-session-key
+    only be emitted if the option --show-session-key is used.  The
+    format is suitable to be passed as value for the option
+    --override-session-key.  It is not an indication that the
+    decryption will or has succeeded.
 
 *** BEGIN_ENCRYPTION  <mdc_method> <sym_algo>
     Mark the start of the actual encryption process.
diff --git a/g10/cpr.c b/g10/cpr.c
index b84710d03..988d211ad 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -139,9 +139,14 @@ write_status ( int no )
 }
 
 
+/* Write a status line with code NO followed by the string TEXT and
+   directly followed by the remaining strings up to a NULL. */
 void
-write_status_text (int no, const char *text)
+write_status_strings (int no, const char *text, ...)
 {
+  va_list arg_ptr;
+  const char *s;
+
   if (!statusfp || !status_currently_allowed (no) )
     return;  /* Not enabled or allowed. */
 
@@ -150,15 +155,22 @@ write_status_text (int no, const char *text)
   if ( text )
     {
       es_putc ( ' ', statusfp);
-      for (; *text; text++)
+      va_start (arg_ptr, text);
+      s = text;
+      do
         {
-          if (*text == '\n')
-            es_fputs ("\\n", statusfp);
-          else if (*text == '\r')
-            es_fputs ("\\r", statusfp);
-          else
-            es_fputc ( *(const byte *)text, statusfp);
+          for (; *s; s++)
+            {
+              if (*s == '\n')
+                es_fputs ("\\n", statusfp);
+              else if (*s == '\r')
+                es_fputs ("\\r", statusfp);
+              else
+                es_fputc (*(const byte *)s, statusfp);
+            }
         }
+      while ((s = va_arg (arg_ptr, const char*)));
+      va_end (arg_ptr);
     }
   es_putc ('\n', statusfp);
   if (es_fflush (statusfp) && opt.exit_on_status_write_error)
@@ -166,6 +178,12 @@ write_status_text (int no, const char *text)
 }
 
 
+void
+write_status_text (int no, const char *text)
+{
+  write_status_strings (no, text, NULL);
+}
+
 /* Wrte an ERROR status line using a full gpg-error error value.  */
 void
 write_status_error (const char *where, gpg_error_t err)
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c
index e219898ee..4ad47cb8e 100644
--- a/g10/decrypt-data.c
+++ b/g10/decrypt-data.c
@@ -106,6 +106,23 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
     write_status_text (STATUS_DECRYPTION_INFO, buf);
   }
 
+  if (opt.show_session_key)
+    {
+      char numbuf[25];
+      char *hexbuf;
+
+      snprintf (numbuf, sizeof numbuf, "%d:", dek->algo);
+      hexbuf = bin2hex (dek->key, dek->keylen, NULL);
+      if (!hexbuf)
+        {
+          rc = gpg_error_from_syserror ();
+          goto leave;
+        }
+      log_info ("session key: '%s%s'\n", numbuf, hexbuf);
+      write_status_strings (STATUS_SESSION_KEY, numbuf, hexbuf, NULL);
+      xfree (hexbuf);
+    }
+
   rc = openpgp_cipher_test_algo (dek->algo);
   if (rc)
     goto leave;
diff --git a/g10/main.h b/g10/main.h
index fd4e5e9ec..1b619e0d1 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -167,6 +167,8 @@ void write_status ( int no );
 void write_status_error (const char *where, gpg_error_t err);
 void write_status_errcode (const char *where, int errcode);
 void write_status_text ( int no, const char *text );
+void write_status_strings (int no, const char *text,
+                           ...) GNUPG_GCC_A_SENTINEL(0);
 void write_status_buffer ( int no,
                            const char *buffer, size_t len, int wrap );
 void write_status_text_and_buffer ( int no, const char *text,
diff --git a/g10/mainproc.c b/g10/mainproc.c
index bd5cac5bc..18fe7e70b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -570,6 +570,7 @@ proc_encrypted( CTX c, PACKET *pkt )
     }
     else if( !c->dek )
 	result = G10ERR_NO_SECKEY;
+
     if (!result)
       result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek );
 
@@ -584,16 +585,6 @@ proc_encrypted( CTX c, PACKET *pkt )
 	    write_status( STATUS_GOODMDC );
 	else if(!opt.no_mdc_warn)
 	    log_info (_("WARNING: message was not integrity protected\n"));
-	if(opt.show_session_key)
-	  {
-	    int i;
-	    char *buf = xmalloc ( c->dek->keylen*2 + 20 );
-	    sprintf ( buf, "%d:", c->dek->algo );
-	    for(i=0; i < c->dek->keylen; i++ )
-	      sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
-	    log_info( "session key: '%s'\n", buf );
-	    write_status_text ( STATUS_SESSION_KEY, buf );
-	  }
     }
     else if( result == G10ERR_BAD_SIGN ) {
         glo_ctrl.lasterr = result;