From dc52995d85048ed12ae8b9f330e9ca41a4030aae Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Tue, 22 Dec 2015 14:21:18 +0100 Subject: [PATCH] gpg: Lazily evaluate --default-key. * g10/gpg.c (main): If --encrypt-to-default-key is specified, don't add --default-key's value to REMUSR here... * g10/pkclist.c (build_pk_list): ... do it here. * tests/openpgp/Makefile.am (TESTS): Add default-key.test. * tests/openpgp/default-key.test: New file. -- Signed-off-by: Neal H. Walfield --- g10/gpg.c | 21 ---------- g10/pkclist.c | 47 ++++++++++++++++++++++ tests/openpgp/Makefile.am | 2 +- tests/openpgp/default-key.test | 73 ++++++++++++++++++++++++++++++++++ 4 files changed, 121 insertions(+), 22 deletions(-) create mode 100755 tests/openpgp/default-key.test diff --git a/g10/gpg.c b/g10/gpg.c index 11dbf5631..71f44eddf 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4281,8 +4281,6 @@ main (int argc, char **argv) } { - int have_def_secret_key = opt.def_secret_key != NULL; - rc = check_user_ids (&locusr, 1, 1); if (rc) g10_exit (1); @@ -4292,25 +4290,6 @@ main (int argc, char **argv) rc = check_user_ids (&opt.def_secret_key, 1, 0); if (rc) g10_exit (1); - - if (opt.encrypt_to_default_key) - { - const char *default_key = parse_def_secret_key (ctrl); - if (default_key) - { - sl = add_to_strlist2 (&remusr, default_key, utf8_strings); - sl->flags = ((oEncryptToDefaultKey << PK_LIST_SHIFT) - | PK_LIST_ENCRYPT_TO); - if (opt.encrypt_to_default_key == 2) - sl->flags |= PK_LIST_CONFIG; - } - else if (have_def_secret_key) - log_info (_("option '%s' given, but no valid default keys given\n"), - "--encrypt-to-default-key"); - else - log_info (_("option '%s' given, but option '%s' not given\n"), - "--encrypt-to-default-key", "--default-key"); - } } /* The command dispatcher. */ diff --git a/g10/pkclist.c b/g10/pkclist.c index 39a24f717..b6a213fe2 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -914,6 +914,53 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list) else remusr = rcpts; + if (opt.encrypt_to_default_key) + { + static int warned; + + const char *default_key = parse_def_secret_key (ctrl); + if (default_key) + { + PK_LIST r = xmalloc_clear (sizeof *r); + + r->pk = xmalloc_clear (sizeof *r->pk); + r->pk->req_usage = PUBKEY_USAGE_ENC; + + rc = get_pubkey_byname (ctrl, NULL, r->pk, default_key, + NULL, NULL, 0, 1); + if (rc) + { + xfree (r->pk); + xfree (r); + + log_error (_("Can't encrypt to '%s'.\n"), default_key); + if (!opt.quiet) + log_info (_("(check argument of option '%s')\n"), + "--default-key"); + } + else + { + r->next = pk_list; + r->flags = 0; + pk_list = r; + } + } + else if (opt.def_secret_key) + { + if (! warned) + log_info (_("option '%s' given, but no valid default keys given\n"), + "--encrypt-to-default-key"); + warned = 1; + } + else + { + if (! warned) + log_info (_("option '%s' given, but option '%s' not given\n"), + "--encrypt-to-default-key", "--default-key"); + warned = 1; + } + } + /* Check whether there are any recipients in the list and build the * list of the encrypt-to ones (we always trust them). */ for ( rov = remusr; rov; rov = rov->next ) diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 914de8c71..a04b62ca7 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -46,7 +46,7 @@ TESTS = version.test mds.test \ multisig.test verify.test armor.test \ import.test ecc.test 4gb-packet.test \ $(sqlite3_dependent_tests) \ - gpgtar.test use-exact-key.test \ + gpgtar.test use-exact-key.test default-key.test \ finish.test diff --git a/tests/openpgp/default-key.test b/tests/openpgp/default-key.test new file mode 100755 index 000000000..bfb84ac18 --- /dev/null +++ b/tests/openpgp/default-key.test @@ -0,0 +1,73 @@ +#!/bin/sh + +. $srcdir/defs.inc || exit 3 + +#set -x + +# Make sure $srcdir is set. +if test "x$srcdir" = x +then + echo srcdir environment variable not set! + exit 1 +fi + +# Import the sample key +# +# pub 1024R/8BC90111 2015-12-02 +# Key fingerprint = E657 FB60 7BB4 F21C 90BB 6651 BC06 7AF2 8BC9 0111 +# uid [ultimate] Barrett Brown +# sub 1024R/3E880CFF 2015-12-02 (encryption) +# sub 1024R/F5F77B83 2015-12-02 (signing) +# sub 1024R/45117079 2015-12-02 (encryption) +# sub 1024R/1EA97479 2015-12-02 (signing) +info "Importing public key." +if $GPG --import $srcdir/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc +then + : +else + error "$k: import failed" +fi + +# By default, the most recent, valid signing subkey (1EA97479). +for x in 8BC90111 3E880CFF F5F77B83 45117079 1EA97479 +do + info + info "Trying --default-key $x" + + if ! echo | $GPG --default-key "$x" -s | $GPG --verify --status-fd=1 \ + | grep -q 'VALIDSIG 5FBA84ACE02DCB17DA3DFF6BBCA43C441EA97479' + then + echo | $GPG --default-key "$x" -s | $GPG --verify --status-fd=2 + error "Unexpected key used for signing (not the signing subkey, specified \"$x\")." + exit 1 + fi +done + +# By default, the most recent, valid encryption subkey (45117079). +for x in 8BC90111 3E880CFF F5F77B83 45117079 1EA97479 +do + info + info "Trying --default-key $x --encrypt-to-default-key" + + # We need another recipient, because --encrypt-to-default-key is + # not considered a recipient and gpg doesn't encrypt without any + # recipients. + # + # Note: it doesn't matter whether we specify the primary key or + # a subkey: the newest encryption subkey will be used. + if ! echo | $GPG --trust-model=always \ + --default-key "$x" --encrypt-to-default-key \ + -r 439F02CA -e \ + | $GPG --list-packets \ + | grep -q "keyid[ ][A-F0-9]*45117079" + then + echo | $GPG --trust-model=always \ + --default-key "$x" --encrypt-to-default-key \ + -r 439F02CA -e \ + | $GPG --list-packets 1>&2 + error "Unexpected key used for signing (specified \"$x\")." + exit 1 + fi +done + +exit 0