gpg: Avoid error diagnostics with --override-session-key when verifying

* src/engine-gpg.c (gpg_decrypt): only send --no-keyring when we are not verifying. -- Without this change, the signature verification would fail. This problem was introduced in bded8ebc59c7fdad2617f4c9232a58047656834c in an attempt to avoid an error when *not* verifying. Clearly more test suite coverage is needed to avoid introducing this sort of problem in the future. GnuPG-bug-id: 3464 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Gbp-Pq: Name 0002-gpg-Avoid-error-diagnostics-with-override-session-ke.patch
2019-05-29 17:56:01 -04:00 · 2019-05-29 17:56:01 -04:00 · 8efb039b85
parent 3b34e0acdc
commit 8efb039b85
1 changed files with 6 additions and 3 deletions
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@ -1695,11 +1695,14 @@ gpg_decrypt (void *engine,
                                         strlen (override_session_key), 1);
          if (!err)
            {
-              /* We add --no-keyring because a keyring is not required
-               * when we are overriding the session key.  It would
+              /* When we are not trying to verify signatures as well,
+               * we add --no-keyring because a keyring is not required
+               * for decryption when overriding the session key.  It would
               * work without that option but --no-keyring avoids that
               * gpg return a failure due to a missing key log_error()
               * diagnostic.  --no-keyring is supported since 2.1.14. */
+
+              if (!(flags & GPGME_DECRYPT_VERIFY))
                  err = add_arg (gpg, "--no-keyring");
              if (!err)
                err = add_arg (gpg, "--override-session-key-fd");