From a2f343995a269817159a4c09e907d6e4c13fdc4a Mon Sep 17 00:00:00 2001
From: Brian Bloniarz <brian.bloniarz@gmail.com>
Date: Wed, 6 Feb 2013 08:31:06 -0800
Subject: [PATCH] fix array index in verify() with multiple pubkeys.
The log message was showing the Ith userId of the Ith pubkey,
which may not exist. All other code paths use the 0th userid
of the Ith pubkey, do that too.
---
resources/openpgp.js | 2 +-
resources/openpgp.min.js | 2 +-
src/openpgp.msg.message.js | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/resources/openpgp.js b/resources/openpgp.js
index fe6e9cc0..46a8750e 100644
--- a/resources/openpgp.js
+++ b/resources/openpgp.js
@@ -9679,7 +9679,7 @@ function openpgp_msg_message() {
for (var i = 0 ; i < pubkey.length; i++) {
var tohash = this.text.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n");
if (this.signature.verify(tohash, pubkey[i])) {
- util.print_info("Found Good Signature from "+pubkey[i].obj.userIds[i].text+" (0x"+util.hexstrdump(pubkey[i].obj.getKeyId()).substring(8)+")");
+ util.print_info("Found Good Signature from "+pubkey[i].obj.userIds[0].text+" (0x"+util.hexstrdump(pubkey[i].obj.getKeyId()).substring(8)+")");
result = true;
} else {
util.print_error("Signature verification failed: Bad Signature from "+pubkey[i].obj.userIds[0].text+" (0x"+util.hexstrdump(pubkey[0].obj.getKeyId()).substring(8)+")");
diff --git a/resources/openpgp.min.js b/resources/openpgp.min.js
index 405ff5a8..c73b3d48 100644
--- a/resources/openpgp.min.js
+++ b/resources/openpgp.min.js
@@ -363,7 +363,7 @@ this.subKeys.length;a++)b+=" "+this.subKeys[a].toString();return b};this.vali
this.getKeyId();for(b=0;b<this.userIds.length;b++)for(var c=0;c<this.userIds[b].certificationRevocationSignatures.length;c++)if(this.userIds[b].certificationSignatures[c].getIssuer==a&&4!=this.userIds[b].certificationSignatures[c].verifyBasic(this.publicKeyPacket))return!1;return!0}}
function openpgp_msg_message(){this.text="";this.type=this.messagePacket=null;this.decrypt=function(b,a){return this.decryptAndVerifySignature(b,a).text};this.decryptAndVerifySignature=function(b,a,c){if(null==b||null==a||""==a)return null;a=a.decrypt(this,b.keymaterial);if(null==a)return null;b=[];util.print_debug_hexstr_dump("openpgp.msg.messge decrypt:\n",a);var a=openpgp.read_messages_dearmored({text:a,openpgp:a}),d;for(d in a){if(a[d].data)this.text=a[d].data;a[d].signature&&b.push(a[d].verifySignature(c))}return{text:this.text,
validSignatures:b}};this.verifySignature=function(b){var a=!1;if(2==this.signature.tagType){if(!b||0==b.length)if(4==this.signature.version)b=openpgp.keyring.getPublicKeysForKeyId(this.signature.issuerKeyId);else if(3==this.signature.version)b=openpgp.keyring.getPublicKeysForKeyId(this.signature.keyId);else return util.print_error("unknown signature type on message!"),!1;if(0==b.length)util.print_warning("Unable to verify signature of issuer: "+util.hexstrdump(this.signature.issuerKeyId)+". Public key not found in keyring.");
-else for(var c=0;c<b.length;c++)this.signature.verify(this.text.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n"),b[c])?(util.print_info("Found Good Signature from "+b[c].obj.userIds[c].text+" (0x"+util.hexstrdump(b[c].obj.getKeyId()).substring(8)+")"),a=!0):util.print_error("Signature verification failed: Bad Signature from "+b[c].obj.userIds[0].text+" (0x"+util.hexstrdump(b[0].obj.getKeyId()).substring(8)+")")}return a};this.toString=function(){var b="Session Keys:\n";if(null!=this.sessionKeys)for(var a=
+else for(var c=0;c<b.length;c++)this.signature.verify(this.text.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n"),b[c])?(util.print_info("Found Good Signature from "+b[c].obj.userIds[0].text+" (0x"+util.hexstrdump(b[c].obj.getKeyId()).substring(8)+")"),a=!0):util.print_error("Signature verification failed: Bad Signature from "+b[c].obj.userIds[0].text+" (0x"+util.hexstrdump(b[0].obj.getKeyId()).substring(8)+")")}return a};this.toString=function(){var b="Session Keys:\n";if(null!=this.sessionKeys)for(var a=
0;a<this.sessionKeys.length;a++)b+=this.sessionKeys[a].toString();b+="\n\n EncryptedData:\n";null!=this.encryptedData&&(b+=this.encryptedData.toString());b+="\n\n Signature:\n";null!=this.signature&&(b+=this.signature.toString());b+="\n\n Text:\n";null!=this.signature&&(b+=this.text);return b}}
function openpgp_packet_encrypteddata(){this.tagType=9;this.decryptedData=this.encryptedData=this.packetLength=null;this.decrypt_sym=function(b,a){this.decryptedData=openpgp_crypto_symmetricDecrypt(b,a,this.encryptedData,!0);util.print_debug("openpgp.packet.encryptedintegrityprotecteddata.js\ndata: "+util.hexstrdump(this.decryptedData));return this.decryptedData};this.toString=function(){return"5.7. Symmetrically Encrypted Data Packet (Tag 9)\n length: "+this.packetLength+"\n Used symmetric algorithm: "+
this.algorithmType+"\n encrypted data: Bytes ["+util.hexstrdump(this.encryptedData)+"]\n"};this.read_packet=function(b,a,c){this.packetLength=c;this.encryptedData=b.substring(a,a+c);return this};this.write_packet=function(b,a,c){b=""+openpgp_crypto_symmetricEncrypt(openpgp_crypto_getPrefixRandom(b),b,a,c,!0);return b=openpgp_packet.write_packet_header(9,b.length)+b}}
diff --git a/src/openpgp.msg.message.js b/src/openpgp.msg.message.js
index bea69499..3df1d66a 100644
--- a/src/openpgp.msg.message.js
+++ b/src/openpgp.msg.message.js
@@ -99,7 +99,7 @@ function openpgp_msg_message() {
for (var i = 0 ; i < pubkey.length; i++) {
var tohash = this.text.replace(/\r\n/g,"\n").replace(/\n/g,"\r\n");
if (this.signature.verify(tohash, pubkey[i])) {
- util.print_info("Found Good Signature from "+pubkey[i].obj.userIds[i].text+" (0x"+util.hexstrdump(pubkey[i].obj.getKeyId()).substring(8)+")");
+ util.print_info("Found Good Signature from "+pubkey[i].obj.userIds[0].text+" (0x"+util.hexstrdump(pubkey[i].obj.getKeyId()).substring(8)+")");
result = true;
} else {
util.print_error("Signature verification failed: Bad Signature from "+pubkey[i].obj.userIds[0].text+" (0x"+util.hexstrdump(pubkey[0].obj.getKeyId()).substring(8)+")");