gpg: More check for symmetric key encryption.

* g10/dek.h (DEK): Use debugger friendly type of unsigned int.
* g10/mainproc.c (symkey_decrypt_seskey): Add another check.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

g10/dek.h

@@ -30,16 +30,16 @@ typedef struct
   /* Whether we've already printed information about this key.  This
    * is currently only used in decrypt_data() and only if we are in
    * verbose mode.  */
-  int algo_info_printed : 1;
+  unsigned int algo_info_printed : 1;
 
   /* AEAD shall be used.  The value is the AEAD algo. */
   int use_aead : 4;
 
   /* MDC shall be used.  */
-  int use_mdc : 1;
+  unsigned int use_mdc : 1;
 
   /* This key was read from a SK-ESK packet (see proc_symkey_enc).  */
-  int symmetric : 1;
+  unsigned int symmetric : 1;
 
   /* This is the largest used keylen (256 bit). */
   byte key[32];

g10/mainproc.c

@@ -325,7 +325,8 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
        * the gnupg < 2.2 bug compatible case which would terminate the
        * process on GPG_ERR_CIPHER_ALGO.  Note that with AEAD (above)
        * we will have a reliable test here.  */
-      if (openpgp_cipher_test_algo (seskey[0]))
+      if (openpgp_cipher_test_algo (seskey[0])
+          || openpgp_cipher_get_algo_keylen (seskey[0]) != slen - 1)
         {
           err = gpg_error (GPG_ERR_CHECKSUM);
           goto leave;