diff options
| author | Werner Koch <[email protected]> | 2015-03-19 17:01:58 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2015-03-19 17:01:58 +0000 |
| commit | cf83ff01fce3ddcbde6d97dffa0db6f277588e25 (patch) | |
| tree | 70ae6c5d1876318d45249159b986e003775abb22 | |
| parent | hkps: Fix host name verification when using pools. (diff) | |
| download | gnupg-cf83ff01fce3ddcbde6d97dffa0db6f277588e25.tar.gz gnupg-cf83ff01fce3ddcbde6d97dffa0db6f277588e25.zip | |
agent: Compute correct MPI length header for protected ECC keys.
* agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
opaque MPIs to comply with the OpenPGP spec.
--
This patch is the protected private key counterpart to commit ab17f7b.
Thanks to andy_s for describing the problem.
GnuPG-bug-id: 1853
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | agent/cvt-openpgp.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index cadc87180..b00f032e7 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -1107,14 +1107,33 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey, { if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE)) { - const void *s; + const unsigned char *s; unsigned int n; s = gcry_mpi_get_opaque (array[i], &n); + if (!s) + { + s = ""; + n = 0; + } + /* Strip leading zero bits. */ + for (; n >= 8 && !*s; s++, n -= 8) + ; + if (n >= 8 && !(*s & 0x80)) + if (--n >= 7 && !(*s & 0x40)) + if (--n >= 6 && !(*s & 0x20)) + if (--n >= 5 && !(*s & 0x10)) + if (--n >= 4 && !(*s & 0x08)) + if (--n >= 3 && !(*s & 0x04)) + if (--n >= 2 && !(*s & 0x02)) + if (--n >= 1 && !(*s & 0x01)) + --n; + nbits[j] = n; n = (n+7)/8; narr[j] = n; - bufarr[j] = gcry_is_secure (s)? xtrymalloc_secure (n):xtrymalloc (n); + bufarr[j] = (gcry_is_secure (s)? xtrymalloc_secure (n?n:1) + /* */ : xtrymalloc (n?n:1)); if (!bufarr[j]) { err = gpg_error_from_syserror (); |