Hi,

please re-run the failing command ("... gpg-connect-agent ...") under strace -f
to see what actually fails. I suspect that the gpg-agent is not found (did you
do make install?).

(The command complained about the missing /root/.gnupg because the test suite
sets $GNUPGHOME and you did not. Also: please don't compile software as root.)

This is no longer an issue with gnupg master:

% socat - tcp-listen:11371
GET /pks/lookup?op=index&options=mr&search=foobr HTTP/1.0
Host: localhost:11371
Connection: close
Via: 1.0 tinyproxy (tinyproxy/1.8.3)
Pragma: no-cache
Cache-Control: no-cache

Feel free to reopen with more specific information.

As far as I can tell this is a feature and not a bug. gpgconf reads stderr and
writes that to the eighth column.

I cannot reproduce this with current master. Feel free to reopen this bug if
you manage to reproduce it.

Sorry, that second log does not show anything new. I'm attaching a verbose log
for reference that I obtained the way I described using the version you used.
For me all tests pass, so unless we get more information on the failures it is
impossible to tell what's going on.

hi, this is my new test log, my cmd is
$ make -C tests/openpgp check verbose=2

It wasn't apparent to me until I looked at tests/gpg/t-encrypt.c that
gpgme_op_encrypt_sign expects an array of keys for the second parameter. It worked
when my code was straight C with a pointer to just a single key. In C++ I started
getting segfaults so I switched to an array.

gpgme_key_t keys[1] = {NULL};
gpgErr = gpgme_get_key(gpgCtx,to.c_str(),&keys[0],0);
It still segfaulted, further review, I THINK the array of keys needs to have one
blank key at the end else it may result in a buffer overrun in GPGME? Shouldn't
sizeof be used to determine the length of the array or something similar? Otherwise
the array would have to be at least 2 elements with the last element not a key so
the GPGME doesn't seg.

Process 12727 stopped

• thread #1: tid = 0x864b5, 0x00000001000107ea

libgpgme.11.dylib`gpgme_op_encrypt_sign(ctx=0x0000000100200850,
recp=0x00007fff5fbffa50, flags=GPGME_ENCRYPT_NO_ENCRYPT_TO,
plain=0x0000000100201000, cipher=0x0000000100200dc0) + 474 at encrypt-sign.c:168,
queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)

frame #0: 0x00000001000107ea

libgpgme.11.dylib`gpgme_op_encrypt_sign(ctx=0x0000000100200850,
recp=0x00007fff5fbffa50, flags=GPGME_ENCRYPT_NO_ENCRYPT_TO,
plain=0x0000000100201000, cipher=0x0000000100200dc0) + 474 at encrypt-sign.c:168

165 	
166 	      while (recp[i])
167 		{

-> 168 TRACE_LOG3 ("recipient[%i] = %p (%s)", i, recp[i],

169 			      (recp[i]->subkeys && recp[i]->subkeys->fpr) ?
170 			      recp[i]->subkeys->fpr : "invalid");
171 		  i++;

(lldb) bt

• thread #1: tid = 0x864b5, 0x00000001000107ea

libgpgme.11.dylib`gpgme_op_encrypt_sign(ctx=0x0000000100200850,
recp=0x00007fff5fbffa50, flags=GPGME_ENCRYPT_NO_ENCRYPT_TO,
plain=0x0000000100201000, cipher=0x0000000100200dc0) + 474 at encrypt-sign.c:168,
queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)

• frame #0: 0x00000001000107ea

libgpgme.11.dylib`gpgme_op_encrypt_sign(ctx=0x0000000100200850,
recp=0x00007fff5fbffa50, flags=GPGME_ENCRYPT_NO_ENCRYPT_TO,
plain=0x0000000100201000, cipher=0x0000000100200dc0) + 474 at encrypt-sign.c:168

frame #1: 0x0000000100000b76

pgtalk`GPGWrapper::encryptAndSign(this=0x00007fff5fbffb30, message="This is a
test\n", to="044E9E1D78D510E4C798D3B803254F162CFF2601") + 166 at GPGWrapper.cpp:32

frame #2: 0x00000001000019c6 pgtalk`main(argc=1, argv=0x00007fff5fbffc38) + 486

at pgtalk.cpp:13

frame #3: 0x00007fff910ad5ad libdyld.dylib`start + 1
frame #4: 0x00007fff910ad5ad libdyld.dylib`start + 1

(lldb) quit

Fixed in 81797af.

(Sorry about the question about the OS - my fault)

Please also tell us what OS you are using.
Are you running in FIPS mode?
The output of "gpg --version" would also be helpful.

Fixed in 42d4c276. Thanks!

I approved you as a user, if you still cannot comment on the bug, please ping me
again.

Hello,

can you please run

$ make -C tests/openpgp check verbose=2

and attach the output?

Werner,

Thanks a lot. I will try to apply the patch.
Can you please let us know if your company is offering enterprise level
support.

Thanks
Sandeep

Can you please enter the command "where" in dbx after the fault?

No updates in 8 months, thus closing.

Thus clang is wrong here because it prints an "error" and not something like a
"performance hint". I close this bug.

Fixed on 2016-03-19 with commmit af9a4afb. Note that --quiet shall not suppress
all output.

(The commit you gave is wrong).

Thanks for the report. Probably fixed with commit e2c5781.

Actually we are working on a 64 bit version.

After some uninstall/install cycles on Win8.1 for several gpg4win versions, I
can tell that only the mentioned gpg4win versions are troublesome as soon as
there's GnuPG 2.0.27+ bundled.

I also tried the plain vanilla gnupg-w32-2.1.11_20160209.exe and everything's
fine, too. As there's no 2.0.x non gpg4win binary on the server, I can't tell if
that's really only a gpg4win whatsoever issue. Pretty strange... For me that's
fine to use, but as most Windows users will stick to gpg4win and the 2.0.x
versions, probably still worth checking.

gpg: Total number processed: 307
gpg: unchanged: 307

C:\Users\mech>gpg --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5

Got feedback from users with MacOS GnuPG 2.0.28 and Debian testing GnuPG 2.1.11.
-> not affected despite very similar, if not identical keyring sizes.

So currently only Windows setups having trouble with --refresh-keys.
Will try to get more feedback for Windows with gpg4win.

Thanks for reporting this! These types of bugs are important. Thanks for
reporting it. I will take a look at it soon.

Current code is perfectly fine as crc-intel-pclmul.c is i386/amd64-only source
file and that target architecture can handle unaligned loads.

Thanks for testing 2.1 and for reporting the results.
Good to know that it works now.

I have good news : gpg 2.1 rocks !
Problem solved and here is the solution :

As Sijie said, the "smartcard compatible" pageant was loading the SIG key and
the AUTH key.

Unfortunately, under gpg 2.0.x, when you export a public key and use gpg2ssh,
the output is the ssh key for the SIG key (and not the auth).

So when using gpg-agent, it was waiting for putty to request the AUTH key and
not the SIG key (as it should !). The "smartcard enabled" pageant was sending
the SIG key so it was working with it.

Now for the good part : with gpg 2.1, we can now natively use --export-ssh-key,
and this command export the AUTH key, so in the end, it works :)

Thank you everyone for the help, and I hope it can helps other people too !

Can we close this bug please ?

Regards

This should be somehow a uncommon thing but i wanted to get notice. I sync my
tofu.d directory with git annex. Removed the .git directory in that place lead a
lot of symbolic link not find the original file, as expected, but when trying to
open a mail from mutt i was not able to see them and the keys were not recreated
as the .git directory wasn't there

gpg: Firmado el jue 10 mar 2016 19:16:12 CLT
gpg: usando RSA clave XXXXXXXXXXXX
gpg: Warning: Home directory contains both tofu.db and tofu.d.
gpg: Using split format for TOFU database
gpg: error opening TOFU database
'/home/guido/.gnupg/tofu.d/email/se/some_email.db': unable to open database file

gpg: signal Segmentation fault caught ... exiting
Violación de segmento

it's probably very small, but i wanted to let you know

thanks for your work!

For history purpose, and trying to maximize information, I have been asked to post some part of the discussion I have
on the mailing list about this problem. Here it is :

I tried older version (of gpg4win) (which, at the time, worked for people with the
same setup as myself), but I can try new version too of course.

That is helpful, because development right now is concentrating more
on Gpg4win 3 with the new GnuPG 2.1 (to become 2.2) and this is where
gpg-agent and pinentry is handled slightly differently. So making sure that
it works with the new version is better for the future.

Ok, I installed gpg4win 3.0.0 BETA 128.
The problem stay the same, no pin is asked.

In the mean time, I tried this tool : http://smartcard-auth.de/ssh-en.html
It replace the pageant.exe that ships with putty. And it works. When I
log on the server with putty, I got asked for the PIN. So I think this
is not a problem with the smartcard or with keys. It seems that it's
only that gpg-agent doesn't trigger the pinentry.

I tried witht gpg-agent on another computer (fresh install) running Windows 7 x64, and
with another smartcard, same problem : no pinentry asked.

Yes gpg-agent is started before, I can see it in the process list (and even the scdaemon process).

In fact, pageant can't be started at the same time as gpg-agent (I suppose it share the same mutex because it
says "pageant is already running" when I try to start pageant while gpg-agent is already running).

Did you start gpg-agent before putty or pageant?

The code in question is only for i386 and given that no SSE instructions are
used I wonder why you consider this a bug. The code might be faster if we would
access the short properly aligned but the question is whether this is worth an
extra copy operation.

jussi: What do you say?

Not easy yet, need more time to dig.

GpgOL-1.4 which we will include in 2.3.1 will have an option dialog where you
can enable and disable S/MIME. Default in 1.4 is off.

-> Testing until 2.3.1 is released.

I think this can be resolved. Yes older versions did not allow pasting but
recent versions do allow this. So we've fixed the bug in recent versions ->
resolved. No?

The reporter says he is using ubuntu 14 (i assume 14.4) where the default
pinentry is pinentry-gtk2 0.8.3