gpg: More check for symmetric key encryption.

* g10/dek.h (DEK): Use debugger friendly type of unsigned int. * g10/mainproc.c (symkey_decrypt_seskey): Add another check. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-18 10:59:29 +09:00 · 2019-07-18 10:59:29 +09:00 · 44be675b75
parent 4195ce15f4
commit 44be675b75
2 changed files with 5 additions and 4 deletions
--- a/g10/dek.h
+++ b/g10/dek.h
@ -30,16 +30,16 @@ typedef struct
  /* Whether we've already printed information about this key.  This
   * is currently only used in decrypt_data() and only if we are in
   * verbose mode.  */
-  int algo_info_printed : 1;
+  unsigned int algo_info_printed : 1;

  /* AEAD shall be used.  The value is the AEAD algo. */
  int use_aead : 4;

  /* MDC shall be used.  */
-  int use_mdc : 1;
+  unsigned int use_mdc : 1;

  /* This key was read from a SK-ESK packet (see proc_symkey_enc).  */
-  int symmetric : 1;
+  unsigned int symmetric : 1;

  /* This is the largest used keylen (256 bit). */
  byte key[32];
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -325,7 +325,8 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
       * the gnupg < 2.2 bug compatible case which would terminate the
       * process on GPG_ERR_CIPHER_ALGO.  Note that with AEAD (above)
       * we will have a reliable test here.  */
-      if (openpgp_cipher_test_algo (seskey[0]))
+      if (openpgp_cipher_test_algo (seskey[0])
+          || openpgp_cipher_get_algo_keylen (seskey[0]) != slen - 1)
        {
          err = gpg_error (GPG_ERR_CHECKSUM);
          goto leave;