diff options
| author | Werner Koch <[email protected]> | 2018-02-28 08:31:39 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-02-28 08:39:57 +0000 |
| commit | f2c09203b98b83669a460dc8161283de96022536 (patch) | |
| tree | afab0963abc61968bbbbae570cfd01f3d1e45aa5 /g10/decrypt-data.c | |
| parent | gpg: Merge two functions in cipher-aead.c (diff) | |
| download | gnupg-f2c09203b98b83669a460dc8161283de96022536.tar.gz gnupg-f2c09203b98b83669a460dc8161283de96022536.zip | |
gpg: Avoid writing a zero length last chunk in AEAD mode.
* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk. Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--
This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length). We also need to
adjust the decryption part because that assumed this zero length last
chunk.
Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.
GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/decrypt-data.c')
| -rw-r--r-- | g10/decrypt-data.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 5594d9055..a3151b5ed 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -770,17 +770,25 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) if (dfx->eof_seen) { - if (DBG_FILTER) - log_debug ("eof seen: holdback buffer has the last and final tag\n"); - log_assert (dfx->holdbacklen >= 32); if (dfx->chunklen) { + if (DBG_FILTER) + log_debug ("eof seen: holdback has the last and final tag\n"); + log_assert (dfx->holdbacklen >= 32); err = aead_checktag (dfx, 0, dfx->holdback); if (err) goto leave; dfx->chunklen = 0; dfx->chunkindex++; + off = 16; + } + else + { + if (DBG_FILTER) + log_debug ("eof seen: holdback has the final tag\n"); + log_assert (dfx->holdbacklen >= 16); + off = 0; } /* Check the final chunk. */ @@ -796,7 +804,7 @@ aead_underflow (decode_filter_ctx_t dfx, iobuf_t a, byte *buf, size_t *ret_len) gpg_strerror (err)); goto leave; } - err = aead_checktag (dfx, 1, dfx->holdback+16); + err = aead_checktag (dfx, 1, dfx->holdback+off); if (err) goto leave; err = gpg_error (GPG_ERR_EOF); |