aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2024-09-19 08:00:24 +0000
committerWerner Koch <[email protected]>2024-09-19 08:00:24 +0000
commit9e8e48e00b85b66563b1a581b0ffd8cbc5262e10 (patch)
treedf08b3def9b5e8e5c4c190e8f2ac3185f3905ded
parentagent: Fix detection of the trustflag de-vs. (diff)
downloadgnupg-9e8e48e00b85b66563b1a581b0ffd8cbc5262e10.tar.gz
gnupg-9e8e48e00b85b66563b1a581b0ffd8cbc5262e10.zip
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag checktag_failed. (aead_checktag): Set flag. (decrypt_data): Initially clear that flag and check the flag after the decryption. * g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based check. -- This fixes a bug where for an OCB encrypted and signed message with the signing key missing during decryption the DECRYPTION_FAILED status line was printed along with "WARNING: encrypted message has been manipulated". This was because we use log_error to show that the signature could not be verified due to the missing pubkey; the original fix looked at the error counter and thus triggered the decryption failed status. Fixes-commit: 82b39fe254703776209cebb88f428bf2d1eb596b GnuPG-bug-id: 7042
-rw-r--r--g10/decrypt-data.c9
-rw-r--r--g10/mainproc.c6
2 files changed, 10 insertions, 5 deletions
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c
index d372cbb90..4bb2b7e80 100644
--- a/g10/decrypt-data.c
+++ b/g10/decrypt-data.c
@@ -73,6 +73,9 @@ struct decode_filter_context_s
* 3 = premature EOF (general) */
unsigned int eof_seen : 2;
+ /* Flag to convey an error from aead_checktag. */
+ unsigned int checktag_failed : 1;
+
/* The actually used cipher algo for AEAD. */
byte cipher_algo;
@@ -207,6 +210,7 @@ aead_checktag (decode_filter_ctx_t dfx, int final, const void *tagbuf)
log_error ("gcry_cipher_checktag%s failed: %s\n",
final? " (final)":"", gpg_strerror (err));
write_status_error ("aead_checktag", err);
+ dfx->checktag_failed = 1;
return err;
}
if (DBG_FILTER)
@@ -479,6 +483,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
dfx->refcount++;
dfx->partial = !!ed->is_partial;
dfx->length = ed->len;
+ dfx->checktag_failed = 0;
if (ed->aead_algo)
iobuf_push_filter ( ed->buf, aead_decode_filter, dfx );
else if (ed->mdc_method)
@@ -524,6 +529,10 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek,
ed->buf = NULL;
if (dfx->eof_seen > 1 )
rc = gpg_error (GPG_ERR_INV_PACKET);
+ else if (dfx->checktag_failed)
+ {
+ rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
+ }
else if ( ed->mdc_method )
{
/* We used to let parse-packet.c handle the MDC packet but this
diff --git a/g10/mainproc.c b/g10/mainproc.c
index eb114f639..16ac4393f 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -821,13 +821,9 @@ proc_encrypted (CTX c, PACKET *pkt)
compliance_de_vs |= 2;
}
- /* Trigger the deferred error. The second condition makes sure that a
- * log_error printed in the cry_cipher_checktag never gets ignored. */
+ /* Trigger the deferred error. */
if (!result && early_plaintext)
result = gpg_error (GPG_ERR_BAD_DATA);
- else if (!result && pkt->pkt.encrypted->aead_algo
- && log_get_errorcount (0))
- result = gpg_error (GPG_ERR_BAD_SIGNATURE);
if (result == -1)
;