[git] GnuPG - branch, master, updated. gnupg-2.1.2-44-gcf83ff0

Thu Mar 19 18:06:02 CET 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  cf83ff01fce3ddcbde6d97dffa0db6f277588e25 (commit)
      from  dc10d466bff53821f23d2cb4814c259d40c5d9c5 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cf83ff01fce3ddcbde6d97dffa0db6f277588e25
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Mar 19 18:01:58 2015 +0100

    agent: Compute correct MPI length header for protected ECC keys.
    
    * agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
    opaque MPIs to comply with the OpenPGP spec.
    --
    
    This patch is the protected private key counterpart to commit ab17f7b.
    Thanks to andy_s for describing the problem.
    
    GnuPG-bug-id: 1853
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index cadc871..b00f032 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -1107,14 +1107,33 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
     {
       if (gcry_mpi_get_flag (array[i], GCRYMPI_FLAG_OPAQUE))
         {
-          const void *s;
+          const unsigned char *s;
           unsigned int n;
 
           s = gcry_mpi_get_opaque (array[i], &n);
+          if (!s)
+            {
+              s = "";
+              n = 0;
+            }
+          /* Strip leading zero bits.  */
+          for (; n >= 8 && !*s; s++, n -= 8)
+            ;
+          if (n >= 8 && !(*s & 0x80))
+            if (--n >= 7 && !(*s & 0x40))
+              if (--n >= 6 && !(*s & 0x20))
+                if (--n >= 5 && !(*s & 0x10))
+                  if (--n >= 4 && !(*s & 0x08))
+                    if (--n >= 3 && !(*s & 0x04))
+                      if (--n >= 2 && !(*s & 0x02))
+                        if (--n >= 1 && !(*s & 0x01))
+                          --n;
+
           nbits[j] = n;
           n = (n+7)/8;
           narr[j] = n;
-          bufarr[j] = gcry_is_secure (s)? xtrymalloc_secure (n):xtrymalloc (n);
+          bufarr[j] = (gcry_is_secure (s)? xtrymalloc_secure (n?n:1)
+                       /* */             : xtrymalloc (n?n:1));
           if (!bufarr[j])
             {
               err = gpg_error_from_syserror ();

-----------------------------------------------------------------------

Summary of changes:
 agent/cvt-openpgp.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org


