From 5cf95157c5db88dd599ac4d48f619782179b1438 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 28 Jul 2017 11:40:56 +0200 Subject: agent: For OCB key files return Bad Passprase instead of Checksum Error. * agent/protect.c (do_decryption): Map error checksum to bad passpharse protection * agent/call-pinentry.c (unlock_pinentry): Don't munge the error source for corrupted protection. -- GnuPG-bug-id: 3266 Signed-off-by: Werner Koch --- agent/call-pinentry.c | 4 ++++ agent/protect.c | 11 ++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'agent') diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index cb7997faa..6a5c1fe1e 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -167,6 +167,10 @@ unlock_pinentry (gpg_error_t rc) case GPG_ERR_BAD_PIN: break; + case GPG_ERR_CORRUPTED_PROTECTION: + /* This comes from gpg-agent. */ + break; + default: rc = gpg_err_make (GPG_ERR_SOURCE_PINENTRY, gpg_err_code (rc)); break; diff --git a/agent/protect.c b/agent/protect.c index 7817901d1..c257861e2 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -813,7 +813,14 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, protected, protectedlen - 16); } if (!rc) - rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16); + { + rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16); + if (gpg_err_code (rc) == GPG_ERR_CHECKSUM) + { + /* Return Bad Passphrase instead of checksum error */ + rc = gpg_error (GPG_ERR_BAD_PASSPHRASE); + } + } } else { @@ -833,8 +840,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len, /* Do a quick check on the data structure. */ if (*outbuf != '(' && outbuf[1] != '(') { - /* Note that in OCB mode this is actually invalid _encrypted_ - * data and not a bad passphrase. */ xfree (outbuf); return gpg_error (GPG_ERR_BAD_PASSPHRASE); } -- cgit v1.2.3