From 73b5da4c7da14e40671e09842ea4cb6e8382fab4 Mon Sep 17 00:00:00 2001
From: Timo Schulz <twoaday@freakmail.de>
Date: Mon, 18 Aug 2003 21:25:03 +0000
Subject: [PATCH] 2003-08-18  Timo Schulz  <twoaday@freakmail.de>

        * encode.c (encode_sesskey): Checked the code and removed
        the warning since all compatibility checks with PGP succeeded.
        * mainproc.c (symkey_decrypt_sesskey): Better check for the
        algorithm and check the return values of some functions.
---
 g10/ChangeLog  |  7 ++++++
 g10/encode.c   | 47 +++++++++++++++++++++-------------------
 g10/mainproc.c | 59 +++++++++++++++++++++++++++-----------------------
 3 files changed, 64 insertions(+), 49 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 33d38cf13..2810ada23 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2003-08-18  Timo Schulz  <twoaday@freakmail.de>
+
+	* encode.c (encode_sesskey): Checked the code and removed
+	the warning since all compatibility checks with PGP succeeded.
+	* mainproc.c (symkey_decrypt_sesskey): Better check for the
+	algorithm and check the return values of some functions.
+	
 2003-08-07  Werner Koch  <wk@gnupg.org>
 
 	* pkglue.c (pk_sign): Fix last change.
diff --git a/g10/encode.c b/g10/encode.c
index ba40c0aef..59daa7474 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -78,34 +78,37 @@ encode_store( const char *filename )
 }
 
 static void
-encode_sesskey( DEK *dek, DEK **ret_dek, byte *enckey )
+encode_sesskey (DEK * dek, DEK ** ret_dek, byte * enckey)
 {
-#warning This functions needs a review.
-    CIPHER_HANDLE hd;
-    DEK *c;
-    byte buf[33];
+  CIPHER_HANDLE hd;
+  DEK * c;
+  byte buf[33];
 
-    assert ( dek->keylen < 32 );
+  assert (dek->keylen < 32);
     
-    c = xcalloc (1, sizeof *c );
-    c->keylen = dek->keylen;
-    c->algo = dek->algo;
-    make_session_key( c );
-    /*log_hexdump( "thekey", c->key, c->keylen );*/
+  c = xcalloc (1, sizeof *c);
+  c->keylen = dek->keylen;
+  c->algo = dek->algo;
+  make_session_key (c);
+  /*log_hexdump ("thekey", c->key, c->keylen);*/
 
-    buf[0] = c->algo;
-    memcpy( buf + 1, c->key, c->keylen );
+  /* the encrypted session key is prefixed with a one-octet algorithm id */
+  buf[0] = c->algo;
+  memcpy (buf + 1, c->key, c->keylen);
     
+  /* due to the fact that we use only checked values, consider each
+     failure as fatal. */
+  if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
+    BUG();
+  if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
+    BUG();
+  gcry_cipher_setiv (hd, NULL, 0);
+  gcry_cipher_encrypt (hd, buf, c->keylen + 1, NULL, 0);
+  gcry_cipher_close (hd);
 
-    gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1 );
-    gcry_cipher_setkey( hd, dek->key, dek->keylen );
-    gcry_cipher_setiv( hd, NULL, 0 );
-    gcry_cipher_encrypt( hd, buf, c->keylen + 1, NULL, 0 );
-    gcry_cipher_close( hd );
-
-    memcpy( enckey, buf, c->keylen + 1 );
-    wipememory( buf, sizeof buf ); /* burn key */
-    *ret_dek = c;
+  memcpy (enckey, buf, c->keylen + 1);
+  wipememory (buf, sizeof buf); /* burn key */
+  *ret_dek = c;
 }
 
 /* We try very hard to use a MDC */
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 969c65066..3689525ef 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -239,37 +239,42 @@ add_signature( CTX c, PACKET *pkt )
 }
 
 static void
-symkey_decrypt_sesskey( DEK *dek, byte *sesskey, size_t slen )
+symkey_decrypt_sesskey (DEK * dek, byte *sesskey, size_t slen)
 {
-    CIPHER_HANDLE hd;
-    int n;
+  CIPHER_HANDLE hd;
+  int n;
 
-    if ( slen < 17 || slen > 33 ) {
-        log_error ( _("weird size for an encrypted session key (%d)\n"),
-		    (int)slen);
-        return;   
+  if (slen < 17 || slen > 33)
+    {
+      log_error ( _("weird size for an encrypted session key (%d)\n"),
+                  (int)slen);
+      return;
     }
-    gcry_cipher_open ( &hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1 );
-    gcry_cipher_setkey( hd, dek->key, dek->keylen );
-    gcry_cipher_setiv( hd, NULL, 0 );
-    gcry_cipher_decrypt( hd, sesskey, slen, NULL, 0);
-    gcry_cipher_close( hd );
-    /* check first byte (the cipher algo) */
-    if ( sesskey[0] > 10 ) {
-        log_error ( _("invalid symkey algorithm detected (%d)\n"),
-                    sesskey[0] );
-        return;
+  /* we checked the DEK values before, so consider all errors as fatal */
+  if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
+      BUG();
+  if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
+      BUG();
+  gcry_cipher_setiv (hd, NULL, 0);
+  gcry_cipher_decrypt (hd, sesskey, slen, NULL, 0);
+  gcry_cipher_close (hd);
+  /* check first byte (the cipher algo) */
+  if (openpgp_cipher_test_algo (sesskey[0]))
+    {
+      log_error (_("invalid symkey algorithm detected (%d)\n"),
+                  sesskey[0]);
+      return;
     }
-    n = gcry_cipher_get_algo_keylen (sesskey[0]);
-    if (n > DIM(dek->key))
-         BUG ();
-    /* now we replace the dek components with the real session key
-       to decrypt the contents of the sequencing packet. */
-    dek->keylen = gcry_cipher_get_algo_keylen (sesskey[0]);
-    dek->algo = sesskey[0];
-    memcpy (dek->key, sesskey + 1, dek->keylen);
-    /*log_hexdump( "thekey", dek->key, dek->keylen );*/
-}   
+  n = gcry_cipher_get_algo_keylen (sesskey[0]);
+  if (n > DIM(dek->key))
+    BUG ();
+  /* now we replace the dek components with the real session key
+     to decrypt the contents of the sequencing packet. */
+  dek->keylen = n;
+  dek->algo = sesskey[0];
+  memcpy (dek->key, sesskey + 1, dek->keylen);
+  /*log_hexdump ("thekey", dek->key, dek->keylen);*/
+}
 
 static void
 proc_symkey_enc( CTX c, PACKET *pkt )