gpg: enable OpenPGP export of cleartext keys with commentsdkg/fix-T4490

* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing sublists in private-key S-expression. -- When gpg-agent learns about a private key from its ssh-agent interface, it stores its S-expression with the comment attached. The export mechanism for OpenPGP keys already in cleartext was too brittle because it would choke on these comments. This change lets it ignore any additional trailing sublists. Signed-off-by: Daniel Kahn Gillmor <[email protected]> Gnupg-Bug-Id: 4490
author: Daniel Kahn Gillmor <[email protected]> 2019-05-14 01:22:38 +0000
committer: Daniel Kahn Gillmor <[email protected]> 2019-05-14 01:43:05 +0000
commit: 29adca88f5f6425f5311c27bb839718a4956ec3a (patch)
tree: 572c4e868e3b129f98558581a8da038f75c63931
parent: gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. (diff)
download: gnupg-dkg/fix-T4490.tar.gz
gnupg-dkg/fix-T4490.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/g10/export.c b/g10/export.c
index 4f6c9137e..b12da9cdb 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -596,7 +596,10 @@ cleartext_secret_key_to_openpgp (gcry_sexp_t s_key, PKT_public_key *pk)
   top_list = gcry_sexp_find_token (s_key, "private-key", 0);
   if (!top_list)
     goto bad_seckey;
-  if (gcry_sexp_length(top_list) != 2)
+
+  /* ignore all S-expression after the first sublist -- we assume that
+     they are comments or otherwise irrelevant to OpenPGP */
+  if (gcry_sexp_length(top_list) < 2)
     goto bad_seckey;
   key = gcry_sexp_nth (top_list, 1);
   if (!key)
author	Daniel Kahn Gillmor <[email protected]>	2019-05-14 01:22:38 +0000
committer	Daniel Kahn Gillmor <[email protected]>	2019-05-14 01:43:05 +0000
commit	29adca88f5f6425f5311c27bb839718a4956ec3a (patch)
tree	572c4e868e3b129f98558581a8da038f75c63931
parent	gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. (diff)
download	gnupg-dkg/fix-T4490.tar.gz gnupg-dkg/fix-T4490.zip