diff options
| author | Timo Schulz <[email protected]> | 2003-08-18 21:25:03 +0000 |
|---|---|---|
| committer | Timo Schulz <[email protected]> | 2003-08-18 21:25:03 +0000 |
| commit | 73b5da4c7da14e40671e09842ea4cb6e8382fab4 (patch) | |
| tree | 97e6daf2f4c18596cae968f1f9a7ef83da79abeb /g10/encode.c | |
| parent | * scdaemon.c, scdaemon.h: New option --disable-opensc. (diff) | |
| download | gnupg-73b5da4c7da14e40671e09842ea4cb6e8382fab4.tar.gz gnupg-73b5da4c7da14e40671e09842ea4cb6e8382fab4.zip | |
2003-08-18 Timo Schulz <[email protected]>
* encode.c (encode_sesskey): Checked the code and removed
the warning since all compatibility checks with PGP succeeded.
* mainproc.c (symkey_decrypt_sesskey): Better check for the
algorithm and check the return values of some functions.
Diffstat (limited to 'g10/encode.c')
| -rw-r--r-- | g10/encode.c | 51 |
1 files changed, 27 insertions, 24 deletions
diff --git a/g10/encode.c b/g10/encode.c index ba40c0aef..59daa7474 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -78,34 +78,37 @@ encode_store( const char *filename ) } static void -encode_sesskey( DEK *dek, DEK **ret_dek, byte *enckey ) +encode_sesskey (DEK * dek, DEK ** ret_dek, byte * enckey) { -#warning This functions needs a review. - CIPHER_HANDLE hd; - DEK *c; - byte buf[33]; + CIPHER_HANDLE hd; + DEK * c; + byte buf[33]; - assert ( dek->keylen < 32 ); + assert (dek->keylen < 32); - c = xcalloc (1, sizeof *c ); - c->keylen = dek->keylen; - c->algo = dek->algo; - make_session_key( c ); - /*log_hexdump( "thekey", c->key, c->keylen );*/ - - buf[0] = c->algo; - memcpy( buf + 1, c->key, c->keylen ); + c = xcalloc (1, sizeof *c); + c->keylen = dek->keylen; + c->algo = dek->algo; + make_session_key (c); + /*log_hexdump ("thekey", c->key, c->keylen);*/ + + /* the encrypted session key is prefixed with a one-octet algorithm id */ + buf[0] = c->algo; + memcpy (buf + 1, c->key, c->keylen); - - gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1 ); - gcry_cipher_setkey( hd, dek->key, dek->keylen ); - gcry_cipher_setiv( hd, NULL, 0 ); - gcry_cipher_encrypt( hd, buf, c->keylen + 1, NULL, 0 ); - gcry_cipher_close( hd ); - - memcpy( enckey, buf, c->keylen + 1 ); - wipememory( buf, sizeof buf ); /* burn key */ - *ret_dek = c; + /* due to the fact that we use only checked values, consider each + failure as fatal. */ + if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) + BUG(); + if (gcry_cipher_setkey (hd, dek->key, dek->keylen)) + BUG(); + gcry_cipher_setiv (hd, NULL, 0); + gcry_cipher_encrypt (hd, buf, c->keylen + 1, NULL, 0); + gcry_cipher_close (hd); + + memcpy (enckey, buf, c->keylen + 1); + wipememory (buf, sizeof buf); /* burn key */ + *ret_dek = c; } /* We try very hard to use a MDC */ |