diff options
| author | Werner Koch <[email protected]> | 2018-02-27 12:53:52 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-02-27 12:53:52 +0000 |
| commit | ebb0fcf6e0bd6997eff4097ddda94955134212af (patch) | |
| tree | d4a1fd857a4ad78ffad404b5802f76f1b42f6293 /dirmngr/ks-engine-hkp.c | |
| parent | gpg: Try to mitigate the problem of wrong CFB symkey passphrases. (diff) | |
| download | gnupg-ebb0fcf6e0bd6997eff4097ddda94955134212af.tar.gz gnupg-ebb0fcf6e0bd6997eff4097ddda94955134212af.zip | |
gpg: Fix corner cases in AEAD encryption.
* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
index if the previous chunk was empty.
* g10/decrypt-data.c (aead_underflow): Likewise. Also handle a other
corner cases. Add more debug output.
--
GnuPG-bug-id: 3774
This fixes the reported case when the encrypted data is a multiple of
the chunk size. Then the chunk index for the final chunk was wrongly
incremented by 2. The actual fix makes use of the fact that the
current dfx->CHUNKLEN is 0 in this case. There is also some other
reorganizing to help with debugging. The thing seems to work now but
the code is not very clean - should be reworked. Creating test files
can be done with this script:
--8<---------------cut here---------------start------------->8---
csize=6
for len in 0 55 56 57; do
awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
| gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
--s2k-count 1025 --s2k-digest-algo sha256 -z0 \
--force-aead --aead-algo eax --cipher aes -a \
--chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
done
--8<---------------cut here---------------end--------------->8---
A LEN of 56 triggered the bug which can be seen by looking at the
"authdata:" line in the --debug=crypt,filter output.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'dirmngr/ks-engine-hkp.c')
0 files changed, 0 insertions, 0 deletions