1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00

* g10.c, options.h: Removed option --emulate-checksum-bug.

* misc.c (checksum_u16_nobug): Removed.
(checksum_u16): Removed the bug emulation.
(checksum_mpi): Ditto.
(checksum_mpi_counted_nbits): Removed and replaced all calls
with checksum_mpi.
* parse-packet.c (read_protected_v3_mpi): New.
(parse_key): Use it here to store it as an opaque MPI.
* seckey-cert.c (do_check): Changed the v3 unprotection to the new
why to store these keys.
(protect_secret_key): Likewise.
* build-packet.c (do_secret_key): And changed the writing.
This commit is contained in:
Werner Koch 2002-09-11 07:27:54 +00:00
parent c30d7e8dc7
commit c5445cc323
10 changed files with 152 additions and 126 deletions

View file

@ -149,43 +149,26 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
else {
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
assert( mpi_is_protected(sk->skey[i]) );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_clear_protect_flag( sk->skey[i] );
csum += checksum_mpi( sk->skey[i] );
m_free( buffer );
}
if( csum != sk->csum ) {
/* Due to a fix of a bug in mpi_get_secure_buffer we
might encounter seceret keys which are not correctly
encrypted. We fix this by a second try, this time
with a reversed bug fix (the memmove below). */
byte *p;
copy_secret_key( sk, save_sk );
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
csum = 0;
for(i=pubkey_get_npkey (sk->pubkey_algo);
i < pubkey_get_nskey (sk->pubkey_algo); i++ ) {
buffer = mpi_get_secure_buffer (sk->skey[i], &nbytes,NULL);
for (p=buffer; !*p && nbytes; p++, --nbytes )
;
if (p != buffer)
memmove (buffer, p, nbytes);
cipher_sync (cipher_hd);
assert (mpi_is_protected(sk->skey[i]));
cipher_decrypt (cipher_hd, buffer, buffer, nbytes);
mpi_set_buffer (sk->skey[i], buffer, nbytes, 0);
mpi_clear_protect_flag (sk->skey[i]);
csum += checksum_mpi (sk->skey[i]);
m_free (buffer);
}
}
if( opt.emulate_bugs & EMUBUG_GPGCHKSUM ) {
csum = sk->csum;
int ndata;
unsigned int dummy;
assert (mpi_is_opaque (sk->skey[i]));
p = mpi_get_opaque (sk->skey[i], &ndata);
assert (ndata >= 2);
assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2);
buffer = m_alloc_secure (ndata);
cipher_sync (cipher_hd);
buffer[0] = p[0];
buffer[1] = p[1];
cipher_decrypt (cipher_hd, buffer+2, p+2, ndata-2);
csum += checksum (buffer, ndata);
mpi_free (sk->skey[i]);
dummy = ndata;
sk->skey[i] = mpi_read_from_buffer (buffer, &dummy, 1);
assert (sk->skey[i]);
m_free (buffer);
/* csum += checksum_mpi (sk->skey[i]); */
}
}
cipher_close( cipher_hd );
@ -366,19 +349,26 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
sk->skey[i] = mpi_set_opaque(NULL, data, ndata );
}
else {
/* NOTE: we always recalculate the checksum because there
* are some test releases which calculated it wrong */
csum = 0;
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
csum += checksum_mpi_counted_nbits( sk->skey[i] );
byte *data;
unsigned int nbits;
csum += checksum_mpi (sk->skey[i]);
buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
assert( !mpi_is_protected(sk->skey[i]) );
cipher_encrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_set_protect_flag( sk->skey[i] );
cipher_sync (cipher_hd);
assert ( !mpi_is_opaque (sk->skey[i]) );
data = m_alloc (nbytes+2);
nbits = mpi_get_nbits (sk->skey[i]);
assert (nbytes == (nbits + 7)/8);
data[0] = nbits >> 8;
data[1] = nbits;
cipher_encrypt (cipher_hd, data+2, buffer, nbytes);
m_free( buffer );
mpi_free (sk->skey[i]);
sk->skey[i] = mpi_set_opaque (NULL, data, nbytes+2);
}
sk->csum = csum;
}