Bug in gpgme 0.4.2?
Albrecht Dreß
albrecht.dress@arcor.de
Mon Aug 4 21:23:02 2003
--MW5yreqqjyrRcusr
Content-Type: text/plain; format=flowed; charset=ISO-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
when porting the gpg support in balsa from gpgme 0.3.15 to 0.4.2, I think=
=20
I ran into a bug.
If I run gpgme_op_verify() on a message for which the key is missing, I=20
get a GPGME general error as result instead of GPG_ERR_NO_PUBKEY. A simple=
=20
test program is attached. To test it, run it e.g. on a RFC 2440 signed=20
message body for which you do not have the public key (e.g. this message,=
=20
if you delete my public key from your ring before):
[albrecht@antares albrecht]$ ./gpgme-key-test TEST-NoKey gpgme version is=
=20
0.4.2
signature status: 117440513 =3D GPGME: General error
gpgme 0.3.15 correctly says that the signature could not be verified due=20
to a missing key. The test app works fine if the key is present, even if=20
the signature is bad:
[albrecht@antares albrecht]$ ./gpgme-key-test TEST-GoodKeySig
gpgme version is 0.4.2
signature status: 0 =3D Unspecified source: Success
[albrecht@antares albrecht]$ ./gpgme-key-test TEST-GoodKeyBadSig
gpgme version is 0.4.2
signature status: 117440520 =3D GPGME: Bad signature
However, for the latter case, IMHO the example on pg. 52=20
(gpgme_get_sig_status) is wrong, as "switch(sig->status)" will not hit=20
GPG_ERR_BAD_SIGNATURE (missing gpgme_err_code()).
System details: gpgme 0.4.2, gpg-error 0.3, gpg 1.2.2, glibc-2.2.5-1.2.3a,=
=20
gcc-3.2.3 on a Powermac running Yellowdog Linux 2.3.
Any ideas?
Cheers, Albrecht.
- --=20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Albrecht Dre=DF - Johanna-Kirchner-Stra=DFe 13 - D-53123 Bonn (German=
y)
Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de
_________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/LrLon/9unNAn/9ERAj3BAKC+9W+WDhSjdOKDpl6/xGkxbCNLhQCgsJuL
qmlN2mXsRZdxamkyRIvBbXE=3D
=3DvUMJ
-----END PGP SIGNATURE-----
--MW5yreqqjyrRcusr
Content-Type: text/x-c; charset=us-ascii
Content-Disposition: attachment; filename="gpgme-key-test.c"
#include <gpgme.h>
#include <stdio.h>
#include <stdlib.h>
static void check_file_sig(const char * filename);
int
main(int argc, char **argv)
{
if (argc < 2) {
fprintf(stderr, "usage: %s <signed file>\n", argv[0]);
return 1;
}
printf ("gpgme version is %s\n", gpgme_check_version(NULL));
check_file_sig(argv[1]);
return 0;
}
static void
check_file_sig(const char * filename)
{
gpgme_error_t err;
gpgme_ctx_t ctx;
gpgme_data_t sig, out;
gpgme_new(&ctx);
if ((err = gpgme_data_new_from_file(&sig, filename, 1)) != GPG_ERR_NO_ERROR) {
fprintf(stderr, "gpgme could not get data from file: %s: %s\n",
gpgme_strsource(err), gpgme_strerror(err));
exit(1);
}
gpgme_data_new(&out);
if ((err = gpgme_op_verify(ctx, sig, NULL, out)) != GPG_ERR_NO_ERROR) {
fprintf(stderr, "gpgme signature verification failed: %s: %s\n",
gpgme_strsource(err), gpgme_strerror(err));
exit(1);
} else {
gpgme_verify_result_t result;
if (!(result = gpgme_op_verify_result(ctx)) || result->signatures == NULL) {
fprintf(stderr, "gpgme_op_verify_result() did not return a result.\n");
exit(1);
}
printf("signature status: %d = %s: %s\n", result->signatures->status,
gpgme_strsource(result->signatures->status),
gpgme_strerror(result->signatures->status));
}
gpgme_data_release(sig);
gpgme_data_release(out);
gpgme_release(ctx);
}
--MW5yreqqjyrRcusr--