Dear Maintainer, Would it be possible to include a fix for this issue as a patch to bouncycastle source? I have cherry-picked commits that fixed https://github.com/bcgit/bc-java/issues/1251 into the patch, applied it, rebuilt bouncycastle and verified that pgpainless builds and tests successfully against patched bouncycastle.
Best Regards, Vladimir.
commit b3ff4a295409246725c82922087c84afef077763 Author: vpa1977 <vladimir.pe...@canonical.com> Date: Fri Jan 6 12:03:48 2023 +1300 Regression in PGP verification of decrypted data https://github.com/bcgit/bc-java/issues/1251 diff --git a/debian/patches/fix-missing-offset-inclusion.patch b/debian/patches/fix-missing-offset-inclusion.patch new file mode 100644 index 00000000..0ded3bcc --- /dev/null +++ b/debian/patches/fix-missing-offset-inclusion.patch @@ -0,0 +1,19 @@ +commit 04bc5096ab1a3cf38c91952adf634df448609762 +Author: David Hook <david.h...@keyfactor.com> +Date: Mon Oct 24 17:41:51 2022 +1100 + + fixed missing offset inclusion + +diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java +index 3ba8d2cc5..1939881da 100644 +--- a/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java ++++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java +@@ -96,7 +96,7 @@ else if (len == 0) + int bytesFromLookahead = Math.min(bytesRead, lookAhead.length); + for (int i = 0; i < bytesFromLookahead; i++) + { +- b[i] = (byte)lookAhead[(bufPtr + i) % lookAhead.length]; ++ b[off + i] = (byte)lookAhead[(bufPtr + i) % lookAhead.length]; + } + + // write tail of readBuffer to lookahead diff --git a/debian/patches/masked-byte-data-for-lookahead.patch b/debian/patches/masked-byte-data-for-lookahead.patch new file mode 100644 index 00000000..ac0647df --- /dev/null +++ b/debian/patches/masked-byte-data-for-lookahead.patch @@ -0,0 +1,30 @@ +commit 1f549b1adeba7fadf2476be97af0b9e45386165c +Author: David Hook <d...@cryptoworkshop.com> +Date: Mon Oct 24 21:02:51 2022 +1100 + + relates to #1251 - masked byte data for lookahead + +diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java +index 1939881da..6a3527e49 100644 +--- a/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java ++++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedData.java +@@ -103,13 +103,16 @@ else if (len == 0) + int bufferTail = bytesRead - bytesFromLookahead; + for (int i = bufferTail; i < bytesRead; i++) + { +- lookAhead[bufPtr] = readBuffer[i]; ++ lookAhead[bufPtr] = readBuffer[i] & 0xff; // we're not at end of file. + bufPtr = (bufPtr + 1) % lookAhead.length; + } + + // Copy head of readBuffer to output +- System.arraycopy(readBuffer, 0, b, off + bytesFromLookahead, bufferTail); +- ++ if (bufferTail != 0) ++ { ++ System.arraycopy(readBuffer, 0, b, off + bytesFromLookahead, bufferTail); ++ } ++ + return bytesRead; + } + diff --git a/debian/patches/series b/debian/patches/series index 6c766b22..9ea886c2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,4 @@ 02_index.patch backward-compatibility.patch +fix-missing-offset-inclusion.patch +masked-byte-data-for-lookahead.patch