mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-14 00:19:50 +02:00
scd: More fix for Curve25519 prefix handling.
* scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
Also fix xfree bug introduced.
--
In old format with no prefix, cipher text can be trancated when it
is parsed as MPI. Recover the value adding back zeros.
Fixes-commit: 11b2691edd
This commit is contained in:
parent
e28f2e7a2f
commit
f747adfa21
|
@ -4175,14 +4175,25 @@ do_decipher (app_t app, const char *keyidstr,
|
||||||
}
|
}
|
||||||
else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
|
else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
|
||||||
{
|
{
|
||||||
if (app->app_local->keyattr[1].ecc.flags
|
int old_format_len = 0;
|
||||||
&& (indatalen%2))
|
|
||||||
{ /*
|
if (app->app_local->keyattr[1].ecc.flags)
|
||||||
* Skip the prefix. It may be 0x40 (in new format), or MPI
|
{
|
||||||
* head of 0x00 (in old format).
|
if (indatalen > 32 + 1)
|
||||||
*/
|
{ /*
|
||||||
indata = (const char *)indata + 1;
|
* Skip the prefix. It may be 0x40 (in new format), or MPI
|
||||||
indatalen--;
|
* head of 0x00 (in old format).
|
||||||
|
*/
|
||||||
|
indata = (const char *)indata + 1;
|
||||||
|
indatalen--;
|
||||||
|
}
|
||||||
|
else if (indatalen < 32)
|
||||||
|
{ /*
|
||||||
|
* Old format trancated by MPI handling.
|
||||||
|
*/
|
||||||
|
old_format_len = indatalen;
|
||||||
|
indatalen = 32;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fixuplen = 7;
|
fixuplen = 7;
|
||||||
|
@ -4198,7 +4209,16 @@ do_decipher (app_t app, const char *keyidstr,
|
||||||
fixbuf[4] = (char)(indatalen+2);
|
fixbuf[4] = (char)(indatalen+2);
|
||||||
fixbuf[5] = '\x86';
|
fixbuf[5] = '\x86';
|
||||||
fixbuf[6] = (char)indatalen;
|
fixbuf[6] = (char)indatalen;
|
||||||
memcpy (fixbuf+fixuplen, indata, indatalen);
|
if (old_format_len)
|
||||||
|
{
|
||||||
|
memset (fixbuf+fixuplen, 0, 32 - old_format_len);
|
||||||
|
memcpy (fixbuf+fixuplen + 32 - old_format_len,
|
||||||
|
indata, old_format_len);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
memcpy (fixbuf+fixuplen, indata, indatalen);
|
||||||
|
}
|
||||||
indata = fixbuf;
|
indata = fixbuf;
|
||||||
indatalen = fixuplen + indatalen;
|
indatalen = fixuplen + indatalen;
|
||||||
|
|
||||||
|
@ -4230,12 +4250,12 @@ do_decipher (app_t app, const char *keyidstr,
|
||||||
fixbuf = xtrymalloc (*outdatalen + 1);
|
fixbuf = xtrymalloc (*outdatalen + 1);
|
||||||
if (!fixbuf)
|
if (!fixbuf)
|
||||||
{
|
{
|
||||||
xfree (outdata);
|
xfree (*outdata);
|
||||||
return gpg_error_from_syserror ();
|
return gpg_error_from_syserror ();
|
||||||
}
|
}
|
||||||
fixbuf[0] = 0x40;
|
fixbuf[0] = 0x40;
|
||||||
memcpy (fixbuf+1, *outdata, *outdatalen);
|
memcpy (fixbuf+1, *outdata, *outdatalen);
|
||||||
xfree (outdata);
|
xfree (*outdata);
|
||||||
*outdata = fixbuf;
|
*outdata = fixbuf;
|
||||||
*outdatalen = *outdatalen + 1;
|
*outdatalen = *outdatalen + 1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user