diff options
| author | Werner Koch <[email protected]> | 2016-04-14 10:16:51 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-04-14 10:29:36 +0000 |
| commit | 8c3fb2360f154a971d2a390e4937acb22a44a8c2 (patch) | |
| tree | 12d73b993e86be4462b090d1352954273379072c | |
| parent | agent: Allow gpg-protect-tool to handle openpgp-native protection. (diff) | |
| download | gnupg-8c3fb2360f154a971d2a390e4937acb22a44a8c2.tar.gz gnupg-8c3fb2360f154a971d2a390e4937acb22a44a8c2.zip | |
agent: Fix regression due to recent commit 4159567.
* agent/protect.c (do_encryption): Fix CBC hashing.
--
The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing. We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis. Note that the OCB
hashing only differs that it does no include the protected part.
Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | agent/protect.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/agent/protect.c b/agent/protect.c index a78d5a5d9..ee08e577c 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -464,9 +464,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen, rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 ); if (!rc) { - gcry_md_write (md, hashbegin, hashlen); + gcry_md_write (md, hashbegin, protbegin - hashbegin); + gcry_md_write (md, protbegin, protlen); gcry_md_write (md, timestamp_exp, timestamp_exp_len); - gcry_md_write (md, ")", 1); + gcry_md_write (md, protbegin+protlen, + hashlen - (protbegin+protlen - hashbegin)); memcpy (hashvalue, gcry_md_read (md, GCRY_MD_SHA1), 20); gcry_md_close (md); } |