summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2019-03-15 19:50:37 +0100
committerWerner Koch <wk@gnupg.org>2019-03-15 20:41:38 +0100
commitf799e9728bcadb3d4148a47848c78c5647860ea4 (patch)
tree3d1428e8d0ea4070d0bcac2defe05d45235dad76 /tests
parenttests: Add sample secret key w/o binding signatures. (diff)
downloadgnupg2-f799e9728bcadb3d4148a47848c78c5647860ea4.tar.xz
gnupg2-f799e9728bcadb3d4148a47848c78c5647860ea4.zip
gpg: Avoid importing secret keys if the keyblock is not valid.
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by new field TAG. * g10/kbnode.c (alloc_node): Change accordingly. * g10/import.c (import_one): Add arg r_valid. (sec_to_pub_keyblock): Set tags. (resync_sec_with_pub_keyblock): New. (import_secret_one): Change return code to gpg_error_t. Return an error code if sec_to_pub_keyblock failed. Resync secret keyblock. -- When importing an invalid secret key ring for example without key binding signatures or no UIDs, gpg used to let gpg-agent store the secret keys anyway. This is clearly a bug because the diagnostics before claimed that for example the subkeys have been skipped. Importing the secret key parameters then anyway is surprising in particular because a gpg -k does not show the key. After importing the public key the secret keys suddenly showed up. This changes the behaviour of GnuPG-bug-id: 4392 to me more consistent but is not a solution to the actual bug. Caution: The ecc.scm test now fails because two of the sample keys don't have binding signatures. Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'tests')
-rwxr-xr-xtests/openpgp/ecc.scm2
-rw-r--r--tests/openpgp/samplekeys/README2
2 files changed, 3 insertions, 1 deletions
diff --git a/tests/openpgp/ecc.scm b/tests/openpgp/ecc.scm
index d7c02a5e2..a63ec45bd 100755
--- a/tests/openpgp/ecc.scm
+++ b/tests/openpgp/ecc.scm
@@ -175,7 +175,7 @@ Rg==
(display "This is one line\n" (fdopen fd "wb")))
(for-each-p
- "Checking ECDSA decryption"
+ "Checking ECDH decryption"
(lambda (test)
(lettmp (x y)
(call-with-output-file
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index 9f1648bdf..f8a7e9ed7 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -29,3 +29,5 @@ Notes:
such a file is created which is then directly followed by a separate
armored public key block. To create such a sample concatenate
pgp-desktop-skr.asc and E657FB607BB4F21C90BB6651BC067AF28BC90111.asc
+- ecc-sample-2-sec.asc and ecc-sample-3-sec.asc do not have and
+ binding signatures either. ecc-sample-1-sec.asc has them, though.