Fix AEAD packet construction

Resolves: rhbz#2128058
This commit is contained in:
Jakub Jelen 2023-03-30 14:33:31 +02:00
parent 24e5415f91
commit 0ad46db225
2 changed files with 34 additions and 0 deletions

View File

@ -0,0 +1,30 @@
commit eadf12a52c2e230174e076a0dcae68132094cefe
Author: Jakub Jelen <jjelen@redhat.com>
Date: Thu Feb 24 09:02:53 2022 +0100
sign: Construct valid AEAD packets.
* g10/sign.c (sign_symencrypt_file): Insert correct version and AEAD
information into symkey packet.
--
GnuPG-bug-id: 5856
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
diff --git a/g10/sign.c b/g10/sign.c
index bbcfabdb7..2ab76c99b 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1660,8 +1660,9 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
{
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
- enc->version = 4;
+ enc->version = cfx.dek->use_aead ? 5 : 4;
enc->cipher_algo = cfx.dek->algo;
+ enc->aead_algo = cfx.dek->use_aead;
enc->s2k = *s2k;
pkt.pkttype = PKT_SYMKEY_ENC;
pkt.pkt.symkey_enc = enc;

View File

@ -33,6 +33,9 @@ Patch31: gnupg-2.3.1-revert-default-eddsa.patch
Patch32: gnupg-2.3.3-CVE-2022-34903.patch Patch32: gnupg-2.3.3-CVE-2022-34903.patch
# Mark SHA-1 weak algorithm to prevent its usage for verification # Mark SHA-1 weak algorithm to prevent its usage for verification
Patch33: gnupg-2.3.3-disable-sha1.patch Patch33: gnupg-2.3.3-disable-sha1.patch
# Fix AEAD packet construction
# https://dev.gnupg.org/T5856
Patch34: gnupg-2.3.3-aead-packet.patch
URL: https://www.gnupg.org/ URL: https://www.gnupg.org/
@ -119,6 +122,7 @@ to the base GnuPG package
%patch31 -p1 -R -b .eddsa %patch31 -p1 -R -b .eddsa
%patch32 -p1 -b .CVE-2022-34903 %patch32 -p1 -b .CVE-2022-34903
%patch33 -p1 -b .sha1 %patch33 -p1 -b .sha1
%patch34 -p1 -b .aead
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper) # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
# Note: this is just the name of the default shared lib to load in scdaemon, # Note: this is just the name of the default shared lib to load in scdaemon,