From 2770efa75b7666ac57cc29089ab988f61cd246c3 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 19 Sep 2024 10:00:24 +0200 Subject: gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey. * g10/decrypt-data.c (struct decode_filter_context_s): Add flag checktag_failed. (aead_checktag): Set flag. (decrypt_data): Initially clear that flag and check the flag after the decryption. * g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based check. -- This fixes a bug where for an OCB encrypted and signed message with the signing key missing during decryption the DECRYPTION_FAILED status line was printed along with "WARNING: encrypted message has been manipulated". This was because we use log_error to show that the signature could not be verified due to the missing pubkey; the original fix looked at the error counter and thus triggered the decryption failed status. Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e GnuPG-bug-id: 7042 --- g10/mainproc.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'g10/mainproc.c') diff --git a/g10/mainproc.c b/g10/mainproc.c index 2429e1006..039db9ccd 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -798,15 +798,12 @@ proc_encrypted (CTX c, PACKET *pkt) compliance_de_vs |= 2; } - /* Trigger the deferred error. The second condition makes sure that a - * log_error printed in the cry_cipher_checktag never gets ignored. */ + /* Trigger the deferred error. */ if (!result && early_plaintext) result = gpg_error (GPG_ERR_BAD_DATA); else if (!result && opt.show_only_session_key) result = -1; - else if (!result && pkt->pkt.encrypted->aead_algo - && log_get_errorcount (0)) - result = gpg_error (GPG_ERR_BAD_SIGNATURE); + if (result == -1) ; -- cgit v1.2.3