diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/misc.c | 8 | ||||
| -rw-r--r-- | g10/parse-packet.c | 10 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 7 |
3 files changed, 21 insertions, 4 deletions
diff --git a/g10/misc.c b/g10/misc.c index d1bacf694..0c2b6ac4a 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -30,7 +30,12 @@ #include "main.h" #include "options.h" -volatile int + +const char *g10m_revision_string(int); +const char *g10c_revision_string(int); +const char *g10u_revision_string(int); + +volatile void pull_in_libs(void) { g10m_revision_string(0); @@ -140,6 +145,7 @@ checksum_mpi_counted_nbits( MPI a ) buffer = mpi_get_buffer( a, &nbytes, NULL ); nbits = mpi_get_nbits(a); + mpi_set_nbit_info(a,nbits); csum = checksum_u16_nobug( nbits ); csum += checksum( buffer, nbytes ); m_free( buffer ); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 9e469b644..ba26089c5 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1004,6 +1004,8 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect it. */ n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n; + if( cert->is_protected ) + mpi_set_protect_flag(cert->skey[3]); cert->csum = read_16(inp); pktlen -= 2; if( list_mode ) { @@ -1129,6 +1131,8 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect it. */ n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n; + if( cert->is_protected ) + mpi_set_protect_flag(cert->skey[4]); cert->csum = read_16(inp); pktlen -= 2; if( list_mode ) { @@ -1184,6 +1188,12 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n; n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n; n = pktlen; cert->skey[5] = mpi_read(inp, &n, 0 ); pktlen -=n; + if( cert->is_protected ) { + mpi_set_protect_flag(cert->skey[2]); + mpi_set_protect_flag(cert->skey[3]); + mpi_set_protect_flag(cert->skey[4]); + mpi_set_protect_flag(cert->skey[5]); + } cert->csum = read_16(inp); pktlen -= 2; if( list_mode ) { diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index f30e5d0e9..508187fb8 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -69,14 +69,14 @@ do_check( PKT_secret_cert *cert ) i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { buffer = mpi_get_secure_buffer( cert->skey[i], &nbytes, NULL ); cipher_sync( cipher_hd ); + assert( mpi_is_protected(cert->skey[i]) ); cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 ); + mpi_clear_protect_flag( cert->skey[i] ); csum += checksum_mpi( cert->skey[i] ); m_free( buffer ); } if( opt.emulate_bugs & 1 ) { - log_debug("secret key csum is=%04hx should=%04hx algos=%d/%d\n", - csum, cert->csum, cert->pubkey_algo,cert->protect.algo ); csum = cert->csum; } cipher_close( cipher_hd ); @@ -193,10 +193,11 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek ) i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { csum += checksum_mpi_counted_nbits( cert->skey[i] ); buffer = mpi_get_buffer( cert->skey[i], &nbytes, NULL ); - log_debug("protecing i=%d csum=%04hx nbytes=%u\n", i, csum, nbytes ); cipher_sync( cipher_hd ); + assert( !mpi_is_protected(cert->skey[i]) ); cipher_encrypt( cipher_hd, buffer, buffer, nbytes ); mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 ); + mpi_set_protect_flag( cert->skey[i] ); m_free( buffer ); } cert->csum = csum; |