* decrypt.c (prepare_decryption): Hack to detected already

unpkcsedone keys.
2025-02-01 16:33:02 +01:00 · 2002-08-09 21:01:03 +00:00 · 2002-08-09 21:01:03 +00:00 · dc8f3ee42c
commit dc8f3ee42c
parent beb0fef1ee
2 changed files with 37 additions and 26 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,5 +1,8 @@
 2002-08-09  Werner Koch  <wk@gnupg.org>

+	* decrypt.c (prepare_decryption): Hack to detected already
+	unpkcsedone keys.
+
 	* gpgsm.c (emergency_cleanup): New.
 	(main): Initialize the signal handler.

--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -73,35 +73,43 @@ prepare_decryption (const char *hexkeygrip, KsbaConstSexp enc_val,
    log_printhex ("pkcs1 encoded session key:", seskey, seskeylen);

  n=0;
-  if (n + 7 > seskeylen )
+  if (seskeylen == 24)
    {
-      rc = seterr (Invalid_Session_Key);
-      goto leave; 
+      /* Smells like a 3-des key.  This might happen because a SC has
+         already done the unpacking. fixme! */
+    }
+  else
+    {
+      if (n + 7 > seskeylen )
+        {
+          rc = seterr (Invalid_Session_Key);
+          goto leave; 
+        }
+      
+      /* FIXME: Actually the leading zero is required but due to the way
+         we encode the output in libgcrypt as an MPI we are not able to
+         encode that leading zero.  However, when using a Smartcard we are
+         doing it the rightway and therefore we have to skip the zero.  This
+         should be fixed in gpg-agent of course. */
+      if (!seskey[n])
+        n++;
+      
+      if (seskey[n] != 2 )  /* wrong block type version */
+        { 
+          rc = seterr (Invalid_Session_Key);
+          goto leave; 
+        }
+      
+      for (n++; n < seskeylen && seskey[n]; n++) /* skip the random bytes */
+        ;
+      n++; /* and the zero byte */
+      if (n >= seskeylen )
+        { 
+          rc = seterr (Invalid_Session_Key);
+          goto leave; 
+        }
    }

-  /* FIXME: Actually the leading zero is required but due to the way
-     we encode the output in libgcrypt as an MPI we are not able to
-     encode that leading zero.  However, when using a Smartcard we are
-     doing it the rightway and therefore we have to skip the zero.  This
-     should be fixed in gpg-agent of course. */
-  if (!seskey[n])
-    n++;
-
-  if (seskey[n] != 2 )  /* wrong block type version */
-    { 
-      rc = seterr (Invalid_Session_Key);
-      goto leave; 
-    }
-
-  for (n++; n < seskeylen && seskey[n]; n++) /* skip the random bytes */
-    ;
-  n++; /* and the zero byte */
-  if (n >= seskeylen )
-    { 
-      rc = seterr (Invalid_Session_Key);
-      goto leave; 
-    }
-  
  if (DBG_CRYPTO)
    log_printhex ("session key:", seskey+n, seskeylen-n);