diff --git a/g10/ChangeLog b/g10/ChangeLog index d08368550..7d73643a2 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2002-08-16 Werner Koch + + * seckey-cert.c: Workaround to allow decryption of v3 keys created + with a bug in the mpi_get_secure_buffer. + 2002-08-14 David Shaw * hkp.c (parse_hkp_index): Properly handle really large keys diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 01f4c7b2f..2eadc9dd3 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -158,6 +158,32 @@ do_check( PKT_secret_key *sk, const char *tryagain_text ) csum += checksum_mpi( sk->skey[i] ); m_free( buffer ); } + if( csum != sk->csum ) { + /* Due to a fix of a bug in mpi_get_secure_buffer we + might encounter seceret keys which are not correctly + encrypted. We fix this by a second try, this time + with a reversed bug fix (the memmove below). */ + byte *p; + + copy_secret_key( sk, save_sk ); + cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); + csum = 0; + for(i=pubkey_get_npkey (sk->pubkey_algo); + i < pubkey_get_nskey (sk->pubkey_algo); i++ ) { + buffer = mpi_get_secure_buffer (sk->skey[i], &nbytes,NULL); + for (p=buffer; !*p && nbytes; p++, --nbytes ) + ; + if (p != buffer) + memmove (buffer, p, nbytes); + cipher_sync (cipher_hd); + assert (mpi_is_protected(sk->skey[i])); + cipher_decrypt (cipher_hd, buffer, buffer, nbytes); + mpi_set_buffer (sk->skey[i], buffer, nbytes, 0); + mpi_clear_protect_flag (sk->skey[i]); + csum += checksum_mpi (sk->skey[i]); + m_free (buffer); + } + } if( opt.emulate_bugs & EMUBUG_GPGCHKSUM ) { csum = sk->csum; }