diff options
| author | Werner Koch <wk@gnupg.org> | 2018-01-23 11:54:02 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2018-01-23 12:08:02 +0100 |
| commit | 278d87465685e0aa415e0333de1d27e79d1608f0 (patch) | |
| tree | c3ecc14c7beefb31dc8bbe8a56cd56be552c26f5 /g10 | |
| parent | gpg: Implement AEAD for SKESK packets. (diff) | |
| download | gnupg2-278d87465685e0aa415e0333de1d27e79d1608f0.tar.xz gnupg2-278d87465685e0aa415e0333de1d27e79d1608f0.zip | |
gpg: Clear the symmetric passphrase cache for encrypted session keys.
* g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
error.
(proc_encrypted): Need to take are of the checksum error.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/mainproc.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index d1d44d774..accf25ed6 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -252,7 +252,6 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen) gcry_cipher_hd_t hd; unsigned int noncelen, keylen; enum gcry_cipher_modes ciphermode; - byte ad[4]; if (dek->use_aead) { @@ -410,9 +409,17 @@ proc_symkey_enc (CTX c, PACKET *pkt) log_info ("decryption of the symmetrically encrypted" " session key failed: %s\n", gpg_strerror (err)); - if (gpg_err_code (err) != GPG_ERR_BAD_KEY) + if (gpg_err_code (err) != GPG_ERR_BAD_KEY + && gpg_err_code (err) != GPG_ERR_CHECKSUM) log_fatal ("process terminated to be bug compatible" " with GnuPG <= 2.2\n"); + if (c->dek->s2k_cacheid[0]) + { + if (opt.debug) + log_debug ("cleared passphrase cached with ID:" + " %s\n", c->dek->s2k_cacheid); + passphrase_clear_cache (c->dek->s2k_cacheid); + } xfree (c->dek); c->dek = NULL; } @@ -757,6 +764,7 @@ proc_encrypted (CTX c, PACKET *pkt) else { if ((gpg_err_code (result) == GPG_ERR_BAD_KEY + || gpg_err_code (result) == GPG_ERR_CHECKSUM || gpg_err_code (result) == GPG_ERR_CIPHER_ALGO) && *c->dek->s2k_cacheid != '\0') { |