From cd79fc39736fda6ce38f1f79700cf658c47372f9 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 9 Sep 2024 17:33:29 +0200
Subject: core: New encryption flags GPGME_ENCRYPT_ADD_RECP and _CHG_RECP.

* src/gpgme.h.in (GPGME_ENCRYPT_ADD_RECP, GPGME_ENCRYPT_CHG_RECP):
New flag values.
* src/engine-gpg.c (have_cmd_modify_recipients): New.
(gpg_encrypt): Check availability of the feature and prepare command.

* tests/run-encrypt.c (main): New options --add-recipients
and --change-recipients.
--

GnuPG-bug-id: 1825
---
 src/engine-gpg.c | 41 +++++++++++++++++++++++++++++++++++++++--
 src/gpgme.h.in   |  4 +++-
 2 files changed, 42 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index fc9c7f90..eba61ac4 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -456,6 +456,22 @@ have_option_proc_all_sigs (engine_gpg_t gpg)
 }
 
 
+static int
+have_cmd_modify_recipients (engine_gpg_t gpg)
+{
+  static unsigned int flag;
+
+  if (flag)
+    ;
+  else if (have_gpg_version (gpg, "2.5.1"))
+    flag = 1|2;
+  else
+    flag = 1;
+
+  return !!(flag & 2);
+}
+
+
 static void
 free_argv (char **argv)
 {
@@ -2403,11 +2419,32 @@ gpg_encrypt (void *engine, gpgme_key_t recp[], const char *recpstring,
   if (gpg->flags.use_gpgtar && (flags & GPGME_ENCRYPT_WRAP))
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if ((flags & (GPGME_ENCRYPT_ADD_RECP|GPGME_ENCRYPT_CHG_RECP))
+      && !have_cmd_modify_recipients (gpg))
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
   if (recp || recpstring)
-    err = add_arg (gpg, "--encrypt");
+    {
+      if ((flags & GPGME_ENCRYPT_ADD_RECP))
+        err = add_arg (gpg, "--add-recipients");
+      else if ((flags & GPGME_ENCRYPT_CHG_RECP))
+        err = add_arg (gpg, "--change-recipients");
+      else
+        err = add_arg (gpg, "--encrypt");
+    }
 
   if (!err && ((flags & GPGME_ENCRYPT_SYMMETRIC) || (!recp && !recpstring)))
-    err = add_arg (gpg, "--symmetric");
+    {
+      if (!recp && !recpstring)
+        {
+          if ((flags & GPGME_ENCRYPT_ADD_RECP))
+            err = add_arg (gpg, "--add-recipients");
+          else if ((flags & GPGME_ENCRYPT_CHG_RECP))
+            err = add_arg (gpg, "--change-recipients");
+        }
+      if (!err)
+        err = add_arg (gpg, "--symmetric");
+    }
 
   if (!err && use_armor)
     err = add_gpg_arg (gpg, "--armor");
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index a01a24a6..cdd945bf 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -1356,7 +1356,9 @@ typedef enum
     GPGME_ENCRYPT_WRAP = 128,
     GPGME_ENCRYPT_WANT_ADDRESS = 256,
     GPGME_ENCRYPT_ARCHIVE = 512,
-    GPGME_ENCRYPT_FILE = 1024
+    GPGME_ENCRYPT_FILE = 1024,
+    GPGME_ENCRYPT_ADD_RECP = 2048,
+    GPGME_ENCRYPT_CHG_RECP = 4096
   }
 gpgme_encrypt_flags_t;
 
-- 
cgit v1.2.3