From 002b30e75c623d15e89708a27442836bdf038ebc Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 6 Oct 2010 11:29:10 +0000
Subject: Import fixes. new otion for watchgnupg

---
 g10/ChangeLog |  5 +++++
 g10/import.c  | 20 +++++++++++++++-----
 2 files changed, 20 insertions(+), 5 deletions(-)

(limited to 'g10')

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 17f3e3269..36a49ba84 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2010-10-06  Werner Koch  <wk@g10code.com>
+
+	* import.c (transfer_secret_keys): Ignore missing key parameters.
+	Provide dummy IV.  Ignore stub keys.
+
 2010-10-01  Werner Koch  <wk@g10code.com>
 
 	* export.c (do_export_stream): Rewrite to take the secret keys
diff --git a/g10/import.c b/g10/import.c
index 605c3b8ab..b3969770f 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1122,8 +1122,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
   if (!err)
     err = gcry_cipher_setkey (cipherhd, kek, keklen);
   if (err)
-    goto leave;
-  xfree (kek);
+    goto leave;  xfree (kek);
   kek = NULL;
 
   main_pk = NULL;
@@ -1143,6 +1142,11 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       stats->count++;
       stats->secret_read++;
 
+      /* For now we ignore the stub keys becuase we don't have real
+         support for them in gpg-agent.  */
+      if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
+        continue;
+
       /* Convert our internal secret key object into an S-expression.  */
       nskey = pubkey_get_nskey (pk->pubkey_algo);
       if (!nskey || nskey > PUBKEY_MAX_NSKEY)
@@ -1156,7 +1160,9 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       put_membuf_str (&mbuf, "(skey");
       for (i=j=0; i < nskey; i++)
         {
-          if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
+          if (!pk->pkey[i])
+            ; /* Protected keys only have NPKEY+1 elements.  */
+          else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
             {
               put_membuf_str (&mbuf, " e %b");
               format_args_buf_ptr[i] = gcry_mpi_get_opaque (pk->pkey[i], &n);
@@ -1189,7 +1195,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
       if (ski->is_protected)
         {
           char countbuf[35];
-
+          
+          /* Note that the IVLEN may be zero if we are working on a
+             dummy key.  We can't express that in an S-expression and
+             thus we send dummy data for the IV.  */
           snprintf (countbuf, sizeof countbuf, "%lu",
                     (unsigned long)ski->s2k.count);
           err = gcry_sexp_build
@@ -1197,7 +1206,8 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
              " (protection %s %s %b %d %s %b %s)\n",
              ski->sha1chk? "sha1":"sum",
              openpgp_cipher_algo_name (ski->algo),
-             (int)ski->ivlen, ski->iv,
+             ski->ivlen? (int)ski->ivlen:1,
+             ski->ivlen? ski->iv: (const unsigned char*)"X",
              ski->s2k.mode,
              openpgp_md_algo_name (ski->s2k.hash_algo),
              (int)sizeof (ski->s2k.salt), ski->s2k.salt,
-- 
cgit v1.2.3