* seckey-cert.c (do_check): Handle case when checksum was okay but

passphrase still wrong. Roman Pavlik found such a case. * mpicoder.c (mpi_read_from_buffer): Don't abort in case of an invalid MPI but print a message and return NULL. Use log_info and not log_error.
2025-01-03 12:11:33 +01:00 · 2004-12-20 10:05:20 +00:00 · 2004-12-20 10:05:20 +00:00 · 9e3526f236
commit 9e3526f236
parent be4bb5a88b
6 changed files with 49 additions and 8 deletions
--- a/5
+++ b/5
@ -12,6 +12,11 @@

 	* configure.ac: Check for arpa/nameser.h.

+2004-12-16  Werner Koch  <wk@g10code.com>
+
+	* THANKS: Added John Clizbe for help testing the 1.4.0a W32
+	binary.
+
 2004-12-16  Werner Koch  <wk@g10code.com>

 	Released 1.4.0.
--- a/1
+++ b/1
@ -101,6 +101,7 @@ Jim Small                  cavenewt@my-deja.com
 Joachim Backes		   backes@rhrk.uni-kl.de
 Joe Rhett                  jrhett@isite.net
 John A. Martin		   jam@jamux.com
+John Clizbe                JPClizbe@comcast.net
 Johnny Teveßen		   j.tevessen@gmx.de
 Jörg Schilling		   schilling@fokus.gmd.de
 Jos Backus		   Jos.Backus@nl.origin-it.com
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,8 @@
+2004-12-20  Werner Koch  <wk@g10code.com>
+
+	* seckey-cert.c (do_check): Handle case when checksum was okay but
+	passphrase still wrong.  Roman Pavlik found such a case.
+
 2004-12-20  David Shaw  <dshaw@jabberwocky.com>

 	* keyedit.c (keyedit_menu): Invisible alias "passwd" as
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -147,12 +147,20 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
                }
            }

-            /* must check it here otherwise the mpi_read_xx would fail
+            /* Must check it here otherwise the mpi_read_xx would fail
               because the length may have an arbitrary value */
            if( sk->csum == csum ) {
                for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
                    nbytes = ndata;
                    sk->skey[i] = mpi_read_from_buffer(p, &nbytes, 1 );
+                    if (!sk->skey[i])
+                      {
+                        /* Checksum was okay, but not correctly
+                           decrypted.  */
+                        sk->csum = 0;
+                        csum = 1;
+                        break;
+                      }
                    ndata -= nbytes;
                    p += nbytes;
                }
@ -179,8 +187,15 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
                csum += checksum (buffer, ndata);
                mpi_free (sk->skey[i]);
                sk->skey[i] = mpi_read_from_buffer (buffer, &ndata, 1);
-                assert (sk->skey[i]);
 		m_free (buffer);
+                if (!sk->skey[i])
+                  {
+                    /* Checksum was okay, but not correctly
+                       decrypted.  */
+                    sk->csum = 0;
+                    csum = 1;
+                    break;
+                  }
 /*  		csum += checksum_mpi (sk->skey[i]); */
 	    }
 	}
--- a/mpi/ChangeLog
+++ b/mpi/ChangeLog
@ -1,3 +1,9 @@
+2004-12-20  Werner Koch  <wk@g10code.com>
+
+	* mpicoder.c (mpi_read_from_buffer): Don't abort in case of an
+	invalid MPI but print a message and return NULL.  Use log_info and
+	not log_error.
+
 2004-10-26  Werner Koch  <wk@g10code.com>

 	* config.links: Use HOST instead of TARGET.
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@ -125,7 +125,7 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure)


 MPI
-mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure)
+mpi_read_from_buffer(byte *buffer, unsigned int *ret_nread, int secure)
 {
    int i, j;
    unsigned nbits, nbytes, nlimbs, nread=0;
@ -136,7 +136,7 @@ mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure)
 	goto leave;
    nbits = buffer[0] << 8 | buffer[1];
    if( nbits > MAX_EXTERN_MPI_BITS ) {
-	log_error("mpi too large (%u bits)\n", nbits);
+	log_info ("mpi too large (%u bits)\n", nbits);
 	goto leave;
    }
    buffer += 2;
@ -154,10 +154,19 @@ mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure)
    for( ; j > 0; j-- ) {
 	a = 0;
 	for(; i < BYTES_PER_MPI_LIMB; i++ ) {
-	    if( ++nread > *ret_nread )
-		log_bug("mpi larger than buffer\n");
-	    a <<= 8;
-	    a |= *buffer++;
+          if( ++nread > *ret_nread ) {
+              /* This (as well as the above error condition) may
+                 happen if we use this function to parse a decrypted
+                 MPI which didn't turn out to be a real MPI - possible
+                 because the supplied key was wrong but the OpenPGP
+                 checksum didn't caught it. */
+		log_info ("mpi larger than buffer\n");
+                mpi_free (val);
+                val = MPI_NULL;
+                goto leave;
+          }
+          a <<= 8;
+          a |= *buffer++;
 	}
 	i = 0;
 	val->d[j-1] = a;