gcrypt: Check file permissions of private keys.
authorAndre Noll <maan@tuebingen.mpg.de>
Sun, 10 Jul 2016 19:33:18 +0000 (21:33 +0200)
committerAndre Noll <maan@tuebingen.mpg.de>
Mon, 22 Aug 2016 15:27:51 +0000 (17:27 +0200)
Before opening a private key, crypt.c checks that the permissions
are restrictive enough. However, the gcrypt implementation contains
no such check. This commit adds it.

gcrypt.c

index 63f8fff..3c6c1ad 100644 (file)
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -782,6 +782,9 @@ int priv_decrypt(const char *key_file, unsigned char *outbuf,
        gcry_sexp_t in, out, priv_key;
        size_t nbytes;
 
+       ret = check_key_file(key_file, true);
+       if (ret < 0)
+               return ret;
        PARA_INFO_LOG("decrypting %d byte input\n", inlen);
        /* key_file -> asymmetric key priv */
        ret = get_private_key(key_file, &priv);