diff options
| author | Werner Koch <wk@gnupg.org> | 2024-09-19 10:00:24 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2024-09-19 10:06:55 +0200 |
| commit | 2770efa75b7666ac57cc29089ab988f61cd246c3 (patch) | |
| tree | f6b2ec9231d1a1142ae30429e85b29035bcde435 /g10 | |
| parent | agent: Fix detection of the trustflag de-vs. (diff) | |
| download | gnupg2-2770efa75b7666ac57cc29089ab988f61cd246c3.tar.xz gnupg2-2770efa75b7666ac57cc29089ab988f61cd246c3.zip | |
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--
This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.
Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e
GnuPG-bug-id: 7042
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/decrypt-data.c | 9 | ||||
| -rw-r--r-- | g10/mainproc.c | 7 |
2 files changed, 11 insertions, 5 deletions
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 81209f66f..0f1551144 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -72,6 +72,9 @@ struct decode_filter_context_s * 3 = premature EOF (general) */ unsigned int eof_seen : 2; + /* Flag to convey an error from aead_checktag. */ + unsigned int checktag_failed : 1; + /* The actually used cipher algo for AEAD. */ byte cipher_algo; @@ -206,6 +209,7 @@ aead_checktag (decode_filter_ctx_t dfx, int final, const void *tagbuf) log_error ("gcry_cipher_checktag%s failed: %s\n", final? " (final)":"", gpg_strerror (err)); write_status_error ("aead_checktag", err); + dfx->checktag_failed = 1; return err; } if (DBG_FILTER) @@ -486,6 +490,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek, dfx->refcount++; dfx->partial = !!ed->is_partial; dfx->length = ed->len; + dfx->checktag_failed = 0; if (ed->aead_algo) iobuf_push_filter ( ed->buf, aead_decode_filter, dfx ); else if (ed->mdc_method) @@ -531,6 +536,10 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek, ed->buf = NULL; if (dfx->eof_seen > 1 ) rc = gpg_error (GPG_ERR_INV_PACKET); + else if (dfx->checktag_failed) + { + rc = gpg_error (GPG_ERR_BAD_SIGNATURE); + } else if ( ed->mdc_method ) { /* We used to let parse-packet.c handle the MDC packet but this diff --git a/g10/mainproc.c b/g10/mainproc.c index 2429e1006..039db9ccd 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -798,15 +798,12 @@ proc_encrypted (CTX c, PACKET *pkt) compliance_de_vs |= 2; } - /* Trigger the deferred error. The second condition makes sure that a - * log_error printed in the cry_cipher_checktag never gets ignored. */ + /* Trigger the deferred error. */ if (!result && early_plaintext) result = gpg_error (GPG_ERR_BAD_DATA); else if (!result && opt.show_only_session_key) result = -1; - else if (!result && pkt->pkt.encrypted->aead_algo - && log_get_errorcount (0)) - result = gpg_error (GPG_ERR_BAD_SIGNATURE); + if (result == -1) ; |