Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When opening encrypted file, the app keeps prompting for a password #82

Closed
dmgk opened this issue Mar 8, 2019 · 7 comments
Closed

When opening encrypted file, the app keeps prompting for a password #82

dmgk opened this issue Mar 8, 2019 · 7 comments

Comments

@dmgk
Copy link
Contributor

dmgk commented Mar 8, 2019

Got this bug report from EncryptPad port user on FreeBSD:

Steps to reproduce.

Run encryptpad.
Type some text.
Save to a file with a password.
Exit program.

Re-run encryptpad.
Open the file you just saved.
Enter password.
Program keeps prompting for password.
Fails to open the document just saved.

The issue is reproducible on master and v0.4.0.4 on FreeBSD 11.2 amd64 and Arch amd64, encryptpad was built with --use-system-libs.

@evpo
Copy link
Owner

evpo commented Mar 9, 2019

Can you please let me know the version of the Botan library installed there?

@dmgk
Copy link
Contributor Author

dmgk commented Mar 9, 2019

2.9.0 on both FreeBSD and Arch.

@evpo
Copy link
Owner

evpo commented Mar 10, 2019

My investigation led to an issue in Botan 2.9.0. I reported it and made a patch. Hopefully it will be merged in the next release. For now there are two options. Use Botan 2.8.0 or apply the patch I am attaching to this comment.

diff --git a/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp b/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp
index d04fb47b3..8bcf9239f 100644
--- a/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp
+++ b/src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp
@@ -61,7 +61,7 @@ uint8_t RFC4880_encode_count(size_t desired_iterations)
    if(desired_iterations >= OPENPGP_S2K_ITERS[255])
       return 255;
 
-   auto i = std::upper_bound(OPENPGP_S2K_ITERS, OPENPGP_S2K_ITERS + 256, desired_iterations);
+   auto i = std::lower_bound(OPENPGP_S2K_ITERS, OPENPGP_S2K_ITERS + 256, desired_iterations);
 
    return static_cast<uint8_t>(i - OPENPGP_S2K_ITERS);
    }

@evpo
Copy link
Owner

evpo commented Mar 10, 2019

Note that the patch is for https://www.freshports.org/security/botan2

Option 3: remove --use-system-libs when building EncryptPad

@dmgk
Copy link
Contributor Author

dmgk commented Mar 10, 2019

Thanks for the investigation and patch, Evgeny. Can you please refer me to the your botan2 bug report? I'll raise an issue with botan2 port so it could be patched in the port tree until the issue fixed upstream.

@evpo
Copy link
Owner

evpo commented Mar 10, 2019

Thanks to you for raising it. This bug can cause people to lose access to their data:

Here is the link: randombit/botan#1853

@dmgk
Copy link
Contributor Author

dmgk commented Mar 10, 2019

Thanks!

@evpo evpo closed this as completed Mar 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants