From fd79cadf7ba5ce45dfb5e266975f58bf5c7ce145 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 8 Apr 2020 09:29:43 +0900
Subject: [PATCH] gpg: ECDH: Accept longer padding.

* g10/pubkey-enc.c (get_it): Remove check which mandates shorter
padding.

--

According to the section 8 of RFC 6637, the sender MAY use 21 bytes of
padding for AES-128 to provide 40-byte "m".

Reported-by: Metin Savignano
GnuPG-bug-id: 4908
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/pubkey-enc.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index fb1b17143..9ec86df3e 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -302,10 +302,7 @@ get_it (ctrl_t ctrl,
         goto leave;
 
       /* Now the frame are the bytes decrypted but padded session key.  */
-
-      /* Allow double padding for the benefit of DEK size concealment.
-         Higher than this is wasteful. */
-      if (!nframe || frame[nframe-1] > 8*2 || nframe <= 8
+      if (!nframe || nframe <= 8
           || frame[nframe-1] > nframe)
         {
           err = gpg_error (GPG_ERR_WRONG_SECKEY);