security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Avoid writing a zero length last chunk in AEAD mode.

Browse source 
* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk.  Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--

This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length).  We also need to
adjust the decryption part because that assumed this zero length last
chunk.

Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.

GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-02-28 09:31:39 +01:00
parent 047506a03d
commit f2c09203b9
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
2 changed files with 55 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

16
g10/decrypt-data.c
View file

@ -770,17 +770,25 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len)
if (dfx->eof_seen)
{
if (DBG_FILTER)
log_debug ("eof seen: holdback buffer has the last and final tag\n");
log_assert (dfx->holdbacklen >= 32);
if (dfx->chunklen)
{
if (DBG_FILTER)
log_debug ("eof seen: holdback has the last and final tag\n");
log_assert (dfx->holdbacklen >= 32);
err = aead_checktag (dfx, 0, dfx->holdback);
if (err)
goto leave;
dfx->chunklen = 0;
dfx->chunkindex++;
off = 16;
}
else
{
if (DBG_FILTER)
log_debug ("eof seen: holdback has the final tag\n");
log_assert (dfx->holdbacklen >= 16);
off = 0;
}
/* Check the final chunk. */
@ -796,7 +804,7 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len)
gpg_strerror (err));
goto leave;
}
err = aead_checktag (dfx, 1, dfx->holdback+16);
err = aead_checktag (dfx, 1, dfx->holdback+off);
if (err)
goto leave;
err = gpg_error (GPG_ERR_EOF);