mirror of git://git.gnupg.org/gnupg.git
2003-08-18 Timo Schulz <twoaday@freakmail.de>
* encode.c (encode_sesskey): Checked the code and removed
the warning since all compatibility checks with PGP succeeded.
* mainproc.c (symkey_decrypt_sesskey): Better check for the
algorithm and check the return values of some functions.
This commit is contained in:
Timo Schulz
parent
4eb5165019
commit
73b5da4c7d
|
|
@ -1,3 +1,10 @@
|
||||||
|
2003-08-18 Timo Schulz <twoaday@freakmail.de>
|
||||||
|
|
||||||
|
* encode.c (encode_sesskey): Checked the code and removed
|
||||||
|
the warning since all compatibility checks with PGP succeeded.
|
||||||
|
* mainproc.c (symkey_decrypt_sesskey): Better check for the
|
||||||
|
algorithm and check the return values of some functions.
|
||||||
|
|
||||||
2003-08-07 Werner Koch <wk@gnupg.org>
|
2003-08-07 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* pkglue.c (pk_sign): Fix last change.
|
* pkglue.c (pk_sign): Fix last change.
|
||||||
|
|
|
||||||
47
g10/encode.c
47
g10/encode.c
|
|
@ -78,34 +78,37 @@ encode_store( const char *filename )
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
encode_sesskey( DEK *dek, DEK **ret_dek, byte *enckey )
|
encode_sesskey (DEK * dek, DEK ** ret_dek, byte * enckey)
|
||||||
{
|
{
|
||||||
#warning This functions needs a review.
|
CIPHER_HANDLE hd;
|
||||||
CIPHER_HANDLE hd;
|
DEK * c;
|
||||||
DEK *c;
|
byte buf[33];
|
||||||
byte buf[33];
|
|
||||||
|
|
||||||
assert ( dek->keylen < 32 );
|
assert (dek->keylen < 32);
|
||||||
|
|
||||||
c = xcalloc (1, sizeof *c );
|
c = xcalloc (1, sizeof *c);
|
||||||
c->keylen = dek->keylen;
|
c->keylen = dek->keylen;
|
||||||
c->algo = dek->algo;
|
c->algo = dek->algo;
|
||||||
make_session_key( c );
|
make_session_key (c);
|
||||||
/*log_hexdump( "thekey", c->key, c->keylen );*/
|
/*log_hexdump ("thekey", c->key, c->keylen);*/
|
||||||
|
|
||||||
buf[0] = c->algo;
|
/* the encrypted session key is prefixed with a one-octet algorithm id */
|
||||||
memcpy( buf + 1, c->key, c->keylen );
|
buf[0] = c->algo;
|
||||||
|
memcpy (buf + 1, c->key, c->keylen);
|
||||||
|
|
||||||
|
/* due to the fact that we use only checked values, consider each
|
||||||
|
failure as fatal. */
|
||||||
|
if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
|
||||||
|
BUG();
|
||||||
|
if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
|
||||||
|
BUG();
|
||||||
|
gcry_cipher_setiv (hd, NULL, 0);
|
||||||
|
gcry_cipher_encrypt (hd, buf, c->keylen + 1, NULL, 0);
|
||||||
|
gcry_cipher_close (hd);
|
||||||
|
|
||||||
gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1 );
|
memcpy (enckey, buf, c->keylen + 1);
|
||||||
gcry_cipher_setkey( hd, dek->key, dek->keylen );
|
wipememory (buf, sizeof buf); /* burn key */
|
||||||
gcry_cipher_setiv( hd, NULL, 0 );
|
*ret_dek = c;
|
||||||
gcry_cipher_encrypt( hd, buf, c->keylen + 1, NULL, 0 );
|
|
||||||
gcry_cipher_close( hd );
|
|
||||||
|
|
||||||
memcpy( enckey, buf, c->keylen + 1 );
|
|
||||||
wipememory( buf, sizeof buf ); /* burn key */
|
|
||||||
*ret_dek = c;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* We try very hard to use a MDC */
|
/* We try very hard to use a MDC */
|
||||||
|
|
|
||||||
|
|
@ -239,37 +239,42 @@ add_signature( CTX c, PACKET *pkt )
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
symkey_decrypt_sesskey( DEK *dek, byte *sesskey, size_t slen )
|
symkey_decrypt_sesskey (DEK * dek, byte *sesskey, size_t slen)
|
||||||
{
|
{
|
||||||
CIPHER_HANDLE hd;
|
CIPHER_HANDLE hd;
|
||||||
int n;
|
int n;
|
||||||
|
|
||||||
if ( slen < 17 || slen > 33 ) {
|
if (slen < 17 || slen > 33)
|
||||||
log_error ( _("weird size for an encrypted session key (%d)\n"),
|
{
|
||||||
(int)slen);
|
log_error ( _("weird size for an encrypted session key (%d)\n"),
|
||||||
return;
|
(int)slen);
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
gcry_cipher_open ( &hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1 );
|
/* we checked the DEK values before, so consider all errors as fatal */
|
||||||
gcry_cipher_setkey( hd, dek->key, dek->keylen );
|
if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
|
||||||
gcry_cipher_setiv( hd, NULL, 0 );
|
BUG();
|
||||||
gcry_cipher_decrypt( hd, sesskey, slen, NULL, 0);
|
if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
|
||||||
gcry_cipher_close( hd );
|
BUG();
|
||||||
/* check first byte (the cipher algo) */
|
gcry_cipher_setiv (hd, NULL, 0);
|
||||||
if ( sesskey[0] > 10 ) {
|
gcry_cipher_decrypt (hd, sesskey, slen, NULL, 0);
|
||||||
log_error ( _("invalid symkey algorithm detected (%d)\n"),
|
gcry_cipher_close (hd);
|
||||||
sesskey[0] );
|
/* check first byte (the cipher algo) */
|
||||||
return;
|
if (openpgp_cipher_test_algo (sesskey[0]))
|
||||||
|
{
|
||||||
|
log_error (_("invalid symkey algorithm detected (%d)\n"),
|
||||||
|
sesskey[0]);
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
n = gcry_cipher_get_algo_keylen (sesskey[0]);
|
n = gcry_cipher_get_algo_keylen (sesskey[0]);
|
||||||
if (n > DIM(dek->key))
|
if (n > DIM(dek->key))
|
||||||
BUG ();
|
BUG ();
|
||||||
/* now we replace the dek components with the real session key
|
/* now we replace the dek components with the real session key
|
||||||
to decrypt the contents of the sequencing packet. */
|
to decrypt the contents of the sequencing packet. */
|
||||||
dek->keylen = gcry_cipher_get_algo_keylen (sesskey[0]);
|
dek->keylen = n;
|
||||||
dek->algo = sesskey[0];
|
dek->algo = sesskey[0];
|
||||||
memcpy (dek->key, sesskey + 1, dek->keylen);
|
memcpy (dek->key, sesskey + 1, dek->keylen);
|
||||||
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
|
/*log_hexdump ("thekey", dek->key, dek->keylen);*/
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
proc_symkey_enc( CTX c, PACKET *pkt )
|
proc_symkey_enc( CTX c, PACKET *pkt )
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue