security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-07-03 02:58:57 +02:00
Code Activity
08f0b9ea2e
gnupg/sm
History
Werner Koch 08f0b9ea2e
sm: Another partly rewrite of minip12.c 
* sm/minip12.c (struct tlv_ctx_s): Add origbuffer and origbufsize.
Remove pop_count.  Rename offset to length.
(dump_tag_info, _dump_tag_info): Rewrite.
(dump_tlv_ctx, _dump_tlv_ctx): Rewrite.
(tlv_new): Init origbuffer.
(_tlv_peek): Add arg ti.
(tlv_peek): New.
(tlv_peek_null): New.
(_tlv_push): Rewrite.
(_tlv_pop): Rewrite.
(tlv_next): New macro.  Move old code to ...
(_tlv_next): this.  Add arg lno.  Pop remaining end tags.
(tlv_popped): Remove.
(tlv_expect_object): Handle ndef.
(tlv_expect_octet_string): Ditto.
(parse_bag_encrypted_data): Use nesting level to control the inner
loop.
(parse_shrouded_key_bag): Likewise.
(parse_bag_data): Handle surplus octet strings.
(p12_parse): Ditto.

* sm/minip12.c (decrypt_block): Strip the padding.
(tlv_expect_top_sequence): Remove.  Replace callers by
tlv_expect_sequence.

* tests/samplekeys/t6752-ov-user-ff.p12: New sample key.
* tests/samplekeys/Description-p12: Add its description
--

This patch improves the BER parser by simplifying it.  Now tlv_next
pops off and thus closes all containers regardless on whether they are
length bounded or ndef.  tlv_set_pending is now always used to undo
the effect of a tlv_next in a loop condition which was terminated by a
nesting level change.

Instead of using the length as seen in the decrypted container we now
remove the padding and let the BER parser do its work.  This might
have a negative effect on pkcs#12 objects which are not correctly
padded but we don't have any example of such broken objects.

GnuPG-bug-id: 6752
2023-10-24 09:22:13 +02:00
..
call-agent.c agent: Add trustlist flag "de-vs". 2023-09-07 17:14:10 +02:00
call-dirmngr.c sm: Fix use of value NONE in gnupg_isotime_t type. 2023-08-28 08:39:16 +02:00
certchain.c agent: New flag "qual" for the trustlist.txt. 2023-09-07 17:12:33 +02:00
certcheck.c gpgsm: Support verification of nistp521 signatures. 2022-11-15 10:46:03 +01:00
certdump.c sm: Fix a bug in the rfc2253 parser 2020-08-28 09:09:34 +02:00
certlist.c gpgsm: Add --always-trust feature. 2023-08-31 11:13:38 +02:00
certreqgen-ui.c gpgsm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA. 2022-11-14 18:16:49 +01:00
certreqgen.c gpg,gpgsm: Extend the use of allow-ecc-encr and vsd-allow-ocb 2023-03-24 13:50:37 +01:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
decrypt.c gpgsm: Avoid warnings due to enum conversions 2023-08-28 08:49:45 +02:00
delete.c sm: Fix issuer certificate look error due to legacy error code. 2023-02-24 17:46:39 +01:00
encrypt.c gpgsm: New option --input-size-hint. 2023-07-05 12:04:08 +02:00
export.c sm: Fix issuer certificate look error due to legacy error code. 2023-02-24 17:46:39 +01:00
fingerprint.c gpgsm: Allow ECC encryption keys with just keyAgreement specified. 2022-10-28 12:17:46 +02:00
gpgsm-w32info.rc w32: Add manifest files to most binaries 2020-10-02 17:04:12 +02:00
gpgsm.c gpgsm: Add --always-trust feature. 2023-08-31 11:13:38 +02:00
gpgsm.h agent: Add trustlist flag "de-vs". 2023-09-07 17:14:10 +02:00
gpgsm.w32-manifest.in w32: Add missing manifests and set a requestedExecutionLevel. 2023-05-25 11:10:21 +02:00
import.c sm: Support import of PKCS#12 encoded ECC private keys. 2023-10-17 16:40:49 +02:00
keydb.c sm: Fix issuer certificate look error due to legacy error code. 2023-02-24 17:46:39 +01:00
keydb.h sm: On Windows close the kbx files at several places. 2021-03-02 19:01:07 +01:00
keylist.c sm: Fix use of value NONE in gnupg_isotime_t type. 2023-08-28 08:39:16 +02:00
Makefile.am sm: Complete rewrite of the PKCS#12 parser 2023-07-05 14:21:16 +02:00
minip12.c sm: Another partly rewrite of minip12.c 2023-10-24 09:22:13 +02:00
minip12.h sm: Complete rewrite of the PKCS#12 parser 2023-07-05 14:21:16 +02:00
misc.c gpgsm: Some more ECC support backported. 2022-11-14 17:23:06 +01:00
passphrase.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
passphrase.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
qualified.c Replace most of the remaining stdio calls by estream calls. 2020-10-21 21:09:38 +02:00
server.c gpgsm: Add --always-trust feature. 2023-08-31 11:13:38 +02:00
sign.c gpgsm: Create binary detached sigs with definite form length octets. 2023-09-07 16:44:29 +02:00
t-minip12.c sm: Minor robustness fix for a regression test. 2023-10-17 16:42:33 +02:00
verify.c gpgsm: Strip trailing zeroes from detached signatures. 2023-09-07 16:38:35 +02:00