[git] GnuPG - branch, master, updated. gnupg-2.1.21-173-g5cf9515
by Werner Koch
cvs at cvs.gnupg.org
Fri Jul 28 12:01:30 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 5cf95157c5db88dd599ac4d48f619782179b1438 (commit)
via 1c35e29af95c46475f297d2bd70a5f3bd49d45b1 (commit)
via 6496dc1f9d2aef3bf8cf950da2434c96f7a0145c (commit)
from 5516ef47a22dfdf9cdf56107f34d2bda9e46deec (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5cf95157c5db88dd599ac4d48f619782179b1438
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 28 11:40:56 2017 +0200
agent: For OCB key files return Bad Passprase instead of Checksum Error.
* agent/protect.c (do_decryption): Map error checksum to bad
passpharse protection
* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
source for corrupted protection.
--
GnuPG-bug-id: 3266
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index cb7997f..6a5c1fe 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -167,6 +167,10 @@ unlock_pinentry (gpg_error_t rc)
case GPG_ERR_BAD_PIN:
break;
+ case GPG_ERR_CORRUPTED_PROTECTION:
+ /* This comes from gpg-agent. */
+ break;
+
default:
rc = gpg_err_make (GPG_ERR_SOURCE_PINENTRY, gpg_err_code (rc));
break;
diff --git a/agent/protect.c b/agent/protect.c
index 7817901..c257861 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -813,7 +813,14 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
protected, protectedlen - 16);
}
if (!rc)
- rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16);
+ {
+ rc = gcry_cipher_checktag (hd, protected + protectedlen - 16, 16);
+ if (gpg_err_code (rc) == GPG_ERR_CHECKSUM)
+ {
+ /* Return Bad Passphrase instead of checksum error */
+ rc = gpg_error (GPG_ERR_BAD_PASSPHRASE);
+ }
+ }
}
else
{
@@ -833,8 +840,6 @@ do_decryption (const unsigned char *aad_begin, size_t aad_len,
/* Do a quick check on the data structure. */
if (*outbuf != '(' && outbuf[1] != '(')
{
- /* Note that in OCB mode this is actually invalid _encrypted_
- * data and not a bad passphrase. */
xfree (outbuf);
return gpg_error (GPG_ERR_BAD_PASSPHRASE);
}
commit 1c35e29af95c46475f297d2bd70a5f3bd49d45b1
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 28 11:08:32 2017 +0200
gpg: Minor rework for better readibility of get_best_pubkey_byname.
* g10/getkey.c (get_best_pubkey_byname): Change return type to
gpg_error_t. Use var name err instead of rc. Move a
gpg_error_from_syserror closer to the call.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/getkey.c b/g10/getkey.c
index e0c4bd9..79bce61 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1583,24 +1583,23 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
/* This function works like get_pubkey_byname, but if the name
* resembles a mail address, the results are ranked and only the best
* result is returned. */
-int
+gpg_error_t
get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
const char *name, KBNODE *ret_keyblock,
int include_unusable, int no_akl)
{
- int rc;
+ gpg_error_t err;
struct getkey_ctx_s *ctx = NULL;
if (retctx)
*retctx = NULL;
- rc = get_pubkey_byname (ctrl, &ctx, pk, name, ret_keyblock,
- NULL, include_unusable, no_akl);
- if (rc)
+ err = get_pubkey_byname (ctrl, &ctx, pk, name, ret_keyblock,
+ NULL, include_unusable, no_akl);
+ if (err)
{
- if (ctx)
- getkey_end (ctrl, ctx);
- return rc;
+ getkey_end (ctrl, ctx);
+ return err;
}
if (is_valid_mailbox (name) && ctx)
@@ -1647,16 +1646,17 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
{
ctx = xtrycalloc (1, sizeof **retctx);
if (! ctx)
- rc = gpg_error_from_syserror ();
+ err = gpg_error_from_syserror ();
else
{
ctx->kr_handle = keydb_new ();
if (! ctx->kr_handle)
{
+ err = gpg_error_from_syserror ();
xfree (ctx);
+ ctx = NULL;
if (retctx)
*retctx = NULL;
- rc = gpg_error_from_syserror ();
}
else
{
@@ -1671,7 +1671,7 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
{
release_kbnode (*ret_keyblock);
*ret_keyblock = NULL;
- rc = getkey_next (ctrl, ctx, NULL, ret_keyblock);
+ err = getkey_next (ctrl, ctx, NULL, ret_keyblock);
}
}
}
@@ -1684,7 +1684,7 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
}
}
- if (rc && ctx)
+ if (err && ctx)
{
getkey_end (ctrl, ctx);
ctx = NULL;
@@ -1695,7 +1695,7 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
else
getkey_end (ctrl, ctx);
- return rc;
+ return err;
}
diff --git a/g10/keydb.h b/g10/keydb.h
index 15345bb..f793ada 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -319,10 +319,10 @@ int get_pubkey_byname (ctrl_t ctrl,
/* Likewise, but only return the best match if NAME resembles a mail
* address. */
-int get_best_pubkey_byname (ctrl_t ctrl,
- GETKEY_CTX *retctx, PKT_public_key *pk,
- const char *name, KBNODE *ret_keyblock,
- int include_unusable, int no_akl);
+gpg_error_t get_best_pubkey_byname (ctrl_t ctrl,
+ GETKEY_CTX *retctx, PKT_public_key *pk,
+ const char *name, KBNODE *ret_keyblock,
+ int include_unusable, int no_akl);
/* Get a public key directly from file FNAME. */
gpg_error_t get_pubkey_fromfile (ctrl_t ctrl,
commit 6496dc1f9d2aef3bf8cf950da2434c96f7a0145c
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 28 10:58:59 2017 +0200
gpg: Fix segv in get_best_pubkey_byname.
* g10/getkey.c (get_best_pubkey_byname): Init NEW.
--
We call free_user_id on NEW.uid and thus it needs to be initialized.
This fixes the ref-count or invisible segv bug from
GnuPG-bug-id: 3266
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/getkey.c b/g10/getkey.c
index 390e2dc..e0c4bd9 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1607,7 +1607,7 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
{
/* Rank results and return only the most relevant key. */
struct pubkey_cmp_cookie best = { 0 };
- struct pubkey_cmp_cookie new;
+ struct pubkey_cmp_cookie new = { 0 };
kbnode_t new_keyblock;
while (getkey_next (ctrl, ctx, &new.key, &new_keyblock) == 0)
-----------------------------------------------------------------------
Summary of changes:
agent/call-pinentry.c | 4 ++++
agent/protect.c | 11 ++++++++---
g10/getkey.c | 28 ++++++++++++++--------------
g10/keydb.h | 8 ++++----
4 files changed, 30 insertions(+), 21 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list