security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-20 14:37:08 +01:00
Code Activity

agent: Compute correct MPI length header for protected ECC keys.

Browse Source 
* agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
opaque MPIs to comply with the OpenPGP spec.
--

This patch is the protected private key counterpart to commit ab17f7b.
Thanks to andy_s for describing the problem.

GnuPG-bug-id: 1853
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2015-03-19 18:01:58 +01:00
parent dc10d466bf
commit cf83ff01fc
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 21 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
agent/cvt-openpgp.c
View File

@ -1107,14 +1107,33 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
{ {
if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE)) if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE))
{ {
const void *s; const unsigned char *s;
unsigned int n; unsigned int n;
s = gcry_mpi_get_opaque (array[i], &n); s = gcry_mpi_get_opaque (array[i], &n);
if (!s)
{
s = "";
n = 0;
}
/* Strip leading zero bits. */
for (; n >= 8 && !*s; s++, n -= 8)
;
if (n >= 8 && !(*s & 0x80))
if (--n >= 7 && !(*s & 0x40))
if (--n >= 6 && !(*s & 0x20))
if (--n >= 5 && !(*s & 0x10))
if (--n >= 4 && !(*s & 0x08))
if (--n >= 3 && !(*s & 0x04))
if (--n >= 2 && !(*s & 0x02))
if (--n >= 1 && !(*s & 0x01))
--n;
nbits[j] = n; nbits[j] = n;
n = (n+7)/8; n = (n+7)/8;
narr[j] = n; narr[j] = n;
bufarr[j] = gcry_is_secure (s)? xtrymalloc_secure (n):xtrymalloc (n); bufarr[j] = (gcry_is_secure (s)? xtrymalloc_secure (n?n:1)
/* */ : xtrymalloc (n?n:1));
if (!bufarr[j]) if (!bufarr[j])
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();