* g10.c, options.h: Removed option --emulate-checksum-bug.

* misc.c (checksum_u16_nobug): Removed. (checksum_u16): Removed the bug emulation. (checksum_mpi): Ditto. (checksum_mpi_counted_nbits): Removed and replaced all calls with checksum_mpi. * parse-packet.c (read_protected_v3_mpi): New. (parse_key): Use it here to store it as an opaque MPI. * seckey-cert.c (do_check): Changed the v3 unprotection to the new why to store these keys. (protect_secret_key): Likewise. * build-packet.c (do_secret_key): And changed the writing.
author: Werner Koch <[email protected]> 2002-09-11 07:27:54 +0000
committer: Werner Koch <[email protected]> 2002-09-11 07:27:54 +0000
commit: c5445cc3239e7654fbaf145c6e697de54093892f (patch)
tree: fb8e0b6e5018951bd13aade5f46b3444d2fe005c /g10/seckey-cert.c
parent: * exec.c (expand_args): Remove loop left over from earlier implementation. (diff)
download: gnupg-c5445cc3239e7654fbaf145c6e697de54093892f.tar.gz
gnupg-c5445cc3239e7654fbaf145c6e697de54093892f.zip
1 files changed, 34 insertions, 44 deletions
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 2eadc9dd3..d2d39dacf 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -149,43 +149,26 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
 	else {
 	    for(i=pubkey_get_npkey(sk->pubkey_algo);
 		    i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-		buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
-		cipher_sync( cipher_hd );
-		assert( mpi_is_protected(sk->skey[i]) );
-		cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
-		mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
-		mpi_clear_protect_flag( sk->skey[i] );
-		csum += checksum_mpi( sk->skey[i] );
-		m_free( buffer );
-	    }
-            if( csum != sk->csum ) {
-              /* Due to a fix of a bug in mpi_get_secure_buffer we
-                 might encounter seceret keys which are not correctly
-                 encrypted.  We fix this by a second try, this time
-                 with a reversed bug fix (the memmove below). */
                 byte *p;
-              
-                copy_secret_key( sk, save_sk );
-                cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
-                csum = 0;
-                for(i=pubkey_get_npkey (sk->pubkey_algo);
-		    i < pubkey_get_nskey (sk->pubkey_algo); i++ ) {
-                    buffer = mpi_get_secure_buffer (sk->skey[i], &nbytes,NULL);
-                    for (p=buffer; !*p && nbytes; p++, --nbytes )
-                      ;
-                    if (p != buffer)
-                      memmove (buffer, p, nbytes);
-                    cipher_sync (cipher_hd);
-                    assert (mpi_is_protected(sk->skey[i]));
-                    cipher_decrypt (cipher_hd, buffer, buffer, nbytes);
-                    mpi_set_buffer (sk->skey[i], buffer, nbytes, 0);
-                    mpi_clear_protect_flag (sk->skey[i]);
-                    csum += checksum_mpi (sk->skey[i]);
-                    m_free (buffer);
-                }
-            }
-	    if( opt.emulate_bugs & EMUBUG_GPGCHKSUM ) {
-	       csum = sk->csum;
+                int ndata;
+                unsigned int dummy;
+
+                assert (mpi_is_opaque (sk->skey[i]));
+                p = mpi_get_opaque (sk->skey[i], &ndata);
+                assert (ndata >= 2);
+                assert (ndata == ((p[0] << 8 | p[1]) + 7)/8 + 2);
+                buffer = m_alloc_secure (ndata);
+		cipher_sync (cipher_hd);
+                buffer[0] = p[0];
+                buffer[1] = p[1];
+                cipher_decrypt (cipher_hd, buffer+2, p+2, ndata-2);
+                csum += checksum (buffer, ndata);
+                mpi_free (sk->skey[i]);
+                dummy = ndata;
+                sk->skey[i] = mpi_read_from_buffer (buffer, &dummy, 1);
+                assert (sk->skey[i]);
+		m_free (buffer);
+/*  		csum += checksum_mpi (sk->skey[i]); */
 	    }
 	}
 	cipher_close( cipher_hd );
@@ -366,19 +349,26 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
 		sk->skey[i] = mpi_set_opaque(NULL, data, ndata );
 	    }
 	    else {
-		/* NOTE: we always recalculate the checksum because there
-		 * are some test releases which calculated it wrong */
 		csum = 0;
 		for(i=pubkey_get_npkey(sk->pubkey_algo);
 			i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-		    csum += checksum_mpi_counted_nbits( sk->skey[i] );
+                    byte *data;
+		    unsigned int nbits;
+
+		    csum += checksum_mpi (sk->skey[i]);
 		    buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
-		    cipher_sync( cipher_hd );
-		    assert( !mpi_is_protected(sk->skey[i]) );
-		    cipher_encrypt( cipher_hd, buffer, buffer, nbytes );
-		    mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
-		    mpi_set_protect_flag( sk->skey[i] );
+		    cipher_sync (cipher_hd);
+		    assert ( !mpi_is_opaque (sk->skey[i]) );
+                    data = m_alloc (nbytes+2);
+                    nbits  = mpi_get_nbits (sk->skey[i]);
+                    assert (nbytes == (nbits + 7)/8);
+                    data[0] = nbits >> 8;
+                    data[1] = nbits;
+		    cipher_encrypt (cipher_hd, data+2, buffer, nbytes);
 		    m_free( buffer );
+                    
+                    mpi_free (sk->skey[i]);
+                    sk->skey[i] = mpi_set_opaque (NULL, data, nbytes+2);
 		}
 		sk->csum = csum;
 	    }
author	Werner Koch <[email protected]>	2002-09-11 07:27:54 +0000
committer	Werner Koch <[email protected]>	2002-09-11 07:27:54 +0000
commit	c5445cc3239e7654fbaf145c6e697de54093892f (patch)
tree	fb8e0b6e5018951bd13aade5f46b3444d2fe005c /g10/seckey-cert.c
parent	* exec.c (expand_args): Remove loop left over from earlier implementation. (diff)
download	gnupg-c5445cc3239e7654fbaf145c6e697de54093892f.tar.gz gnupg-c5445cc3239e7654fbaf145c6e697de54093892f.zip