From bf754cfd01a4441f4e2c47387e26e6a3a1bff70f Mon Sep 17 00:00:00 2001
From: Matt Corallo <matt@bluematt.me>
Date: Fri, 16 Dec 2011 15:04:43 -0500
Subject: [PATCH 1/2] Add laanwj to gitian download scripts.

---
 .../gitian-downloader/bitcoin-download-config |  4 +++
 contrib/gitian-downloader/laanwj-key.pgp      | 28 +++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 contrib/gitian-downloader/laanwj-key.pgp

diff --git a/contrib/gitian-downloader/bitcoin-download-config b/contrib/gitian-downloader/bitcoin-download-config
index 347670e586c..88e48e2c23f 100644
--- a/contrib/gitian-downloader/bitcoin-download-config
+++ b/contrib/gitian-downloader/bitcoin-download-config
@@ -31,4 +31,8 @@ signers:
     weight: 40
     name: "Gavin Andresen"
     key: gavinandresen
+  71A3B16735405025D447E8F274810B012346C9A6
+    weight: 40
+    name: "Wladimir J. van der Laan"
+    key: laanwj
 minimum_weight: 120
diff --git a/contrib/gitian-downloader/laanwj-key.pgp b/contrib/gitian-downloader/laanwj-key.pgp
new file mode 100644
index 00000000000..559295109d9
--- /dev/null
+++ b/contrib/gitian-downloader/laanwj-key.pgp
@@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: SKS 1.1.0
+
+mQENBE5UtMEBCADOUz2i9l/D8xYINCmfUDnxi+DXvX5LmZ39ZdvsoE+ugO0SRRGdIHEFO2is
+0xezX50wXu9aneb+tEqM0BuiLo6VxaXpxrkxHpr6c4jf37SkE/H0qsi/txEUp7337y3+4HMG
+lUjiuh802I72p1qusjsKBnmnnR0rwNouTcoDmGUDh7jpKCtzFv+2TR2dRthJn7vmmjq3+bG6
+PYfqoFY1yHrAGT1lrDBULZsQ/NBLI2+J4oo2LYv3GCq8GNnzrovqvTvui50VSROhLrOe58o2
+shE+sjQShAy5wYkPt1R1fQnpfx+5vf+TPnkxVwRb3h5GhCp0YL8XC/BXsd5vM4KlVH2rABEB
+AAG0K1dsYWRpbWlyIEouIHZhbiBkZXIgTGFhbiA8bGFhbndqQGdtYWlsLmNvbT6JATgEEwEC
+ACIFAk5UtMECGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEHSBCwEjRsmmy6YIAK09
+buNXyYQrJBsX16sXxEhx5QPKyF3uHJDFJv66SdnpvIkNoznsaPiRJkbTANop93FZmaGa6wVn
+zGDiz7jPA8Dpxx5aAYPhIT+zPJAdXWM3wJ/Gio9besRNzniai8Lwi5MZ9R/5yFGBobm6/AcN
+4sUoqA3NSV2U3I29R0Vwlzo8GVtmyi9ENSi6Oo7AcXNTRt69cxW4nAHkB+amwwDJlcAb31ex
+bogYXPhScwqQZixRr+JBkKxBjkTXXnQypT4KI5SegYwQVYfyiZmDP7UHKe/u6pSKKbVphLg8
+xLB5spcXse8/a2+onrbNlw6y8TXiJ++Z54PE7zztWTXf2huakeG5AQ0ETlS0wQEIAMNO3OkP
+xoPRKWzBLcI7JRITAW+HNaLTq3uN2+4WxA57DEjbL9EDoAv+7wTkDAL40f0T+xiu6GJcLFjw
+GJZu/tYu7+mErHjrdo+K4suCQt7w5EXCBvOLjhW4tyYMzNx8hP+oqzOW9iEC+6VV91+DYeqt
+EkJuyVXOI4vzBlTw8uGow8aMMsCq8XVvKUZFTPsjGl197Q5B3A+ZOFCR8xqiqdPjuz6MglVV
+oFdDNu3EZn8zkGsQlovXoE9ndVeVzx/XMNmsxFaMYsReUs253RIf1FEfgExID0fg2OnyLCjS
+2iFW1RgajS+/saIkKl+N1iuMzJA7wMAM0plhRueOG0MtZSsAEQEAAYkBHwQYAQIACQUCTlS0
+wQIbDAAKCRB0gQsBI0bJpmsDB/4waenn2CvSHXyomykfpwf5lMte1V5LvH3z5R2LY+1NopRv
+LSz3iC39x69XWiTbhywDfgafnGPW4pWBOff2/bu5/A6z1Hnan1vyrRRD/hx1uMJ7S6q+bIvZ
+iVIg1p0jH6tdIIhwX3cydhdRZHo7e9oSMgOUWsr6Ar59NRo9CENwGPE4U61HXfOnxWdrFWoA
+XdwZczBeLxmUy6Vo6sKqv+gE4bqrtAM0sY/MsQ9cU95x+52ox/sq44lQMwd3ZBYUP7B1qbHI
+hZSZuch6MLi5scLPeau0ZvCaljiaMeivP5+x0gWPRs0kI+9sZxInbqvrsJ6oOBJM3xYGhtn1
+zZ7qmZR7
+=si/k
+-----END PGP PUBLIC KEY BLOCK-----

From c7057326eaba2d50410016a9825f0052dd0248b5 Mon Sep 17 00:00:00 2001
From: Pieter Wuille <pieter.wuille@gmail.com>
Date: Thu, 5 Apr 2012 01:02:49 +0200
Subject: [PATCH 2/2] Verify status of encrypt/decrypt calls to detect failed
 padding

---
 src/crypter.cpp  | 24 ++++++++++++++----------
 src/keystore.cpp |  4 ++++
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/crypter.cpp b/src/crypter.cpp
index 9a8e6ca89ae..5b7bfec06a2 100644
--- a/src/crypter.cpp
+++ b/src/crypter.cpp
@@ -73,14 +73,16 @@ bool CCrypter::Encrypt(const CKeyingMaterial& vchPlaintext, std::vector<unsigned
 
     EVP_CIPHER_CTX ctx;
 
+    bool fOk = true;
+
     EVP_CIPHER_CTX_init(&ctx);
-    EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV);
-
-    EVP_EncryptUpdate(&ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen);
-    EVP_EncryptFinal_ex(&ctx, (&vchCiphertext[0])+nCLen, &nFLen);
-
+    if (fOk) fOk = EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV);
+    if (fOk) fOk = EVP_EncryptUpdate(&ctx, &vchCiphertext[0], &nCLen, &vchPlaintext[0], nLen);
+    if (fOk) fOk = EVP_EncryptFinal_ex(&ctx, (&vchCiphertext[0])+nCLen, &nFLen);
     EVP_CIPHER_CTX_cleanup(&ctx);
 
+    if (!fOk) return false;
+
     vchCiphertext.resize(nCLen + nFLen);
     return true;
 }
@@ -98,14 +100,16 @@ bool CCrypter::Decrypt(const std::vector<unsigned char>& vchCiphertext, CKeyingM
 
     EVP_CIPHER_CTX ctx;
 
+    bool fOk = true;
+
     EVP_CIPHER_CTX_init(&ctx);
-    EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV);
-
-    EVP_DecryptUpdate(&ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen);
-    EVP_DecryptFinal_ex(&ctx, (&vchPlaintext[0])+nPLen, &nFLen);
-
+    if (fOk) fOk = EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, chKey, chIV);
+    if (fOk) fOk = EVP_DecryptUpdate(&ctx, &vchPlaintext[0], &nPLen, &vchCiphertext[0], nLen);
+    if (fOk) fOk = EVP_DecryptFinal_ex(&ctx, (&vchPlaintext[0])+nPLen, &nFLen);
     EVP_CIPHER_CTX_cleanup(&ctx);
 
+    if (!fOk) return false;
+
     vchPlaintext.resize(nPLen + nFLen);
     return true;
 }
diff --git a/src/keystore.cpp b/src/keystore.cpp
index 68f57e7e0ef..2e4de87af5e 100644
--- a/src/keystore.cpp
+++ b/src/keystore.cpp
@@ -71,6 +71,8 @@ bool CCryptoKeyStore::Unlock(const CKeyingMaterial& vMasterKeyIn)
             CSecret vchSecret;
             if(!DecryptSecret(vMasterKeyIn, vchCryptedSecret, Hash(vchPubKey.begin(), vchPubKey.end()), vchSecret))
                 return false;
+            if (vchSecret.size() != 32)
+                return false;
             CKey key;
             key.SetSecret(vchSecret);
             if (key.GetPubKey() == vchPubKey)
@@ -131,6 +133,8 @@ bool CCryptoKeyStore::GetKey(const CBitcoinAddress &address, CKey& keyOut) const
             CSecret vchSecret;
             if (!DecryptSecret(vMasterKey, vchCryptedSecret, Hash(vchPubKey.begin(), vchPubKey.end()), vchSecret))
                 return false;
+            if (vchSecret.size() != 32)
+                return false;
             keyOut.SetSecret(vchSecret);
             return true;
         }