1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

agent: For OCB key files return Bad Passprase instead of Checksum Error.

* agent/protect.c (do_decryption): Map error checksum to bad
passpharse protection

* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
source for corrupted protection.
--

GnuPG-bug-id: 3266
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-28 11:40:56 +02:00
parent 1c35e29af9
commit 5cf95157c5
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 12 additions and 3 deletions

View File

@ -167,6 +167,10 @@ unlock_pinentry (gpg_error_t rc)
case GPG_ERR_BAD_PIN: case GPG_ERR_BAD_PIN:
break; break;
case GPG_ERR_CORRUPTED_PROTECTION:
/* This comes from gpg-agent. */
break;
default: default:
rc = gpg_err_make (GPG_ERR_SOURCE_PINENTRY, gpg_err_code (rc)); rc = gpg_err_make (GPG_ERR_SOURCE_PINENTRY, gpg_err_code (rc));
break; break;

View File

@ -813,7 +813,14 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
protected, protectedlen - 16); protected, protectedlen - 16);
} }
if (!rc) if (!rc)
{
rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16); rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16);
if (gpg_err_code (rc) == GPG_ERR_CHECKSUM)
{
/* Return Bad Passphrase instead of checksum error */
rc = gpg_error (GPG_ERR_BAD_PASSPHRASE);
}
}
} }
else else
{ {
@ -833,8 +840,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
/* Do a quick check on the data structure. */ /* Do a quick check on the data structure. */
if (*outbuf != '(' && outbuf[1] != '(') if (*outbuf != '(' && outbuf[1] != '(')
{ {
/* Note that in OCB mode this is actually invalid _encrypted_
* data and not a bad passphrase. */
xfree (outbuf); xfree (outbuf);
return gpg_error (GPG_ERR_BAD_PASSPHRASE); return gpg_error (GPG_ERR_BAD_PASSPHRASE);
} }