projects
/
paraslash.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c998e82
)
gcrypt: Check file permissions of private keys.
author
Andre Noll
<maan@tuebingen.mpg.de>
Sun, 10 Jul 2016 19:33:18 +0000
(21:33 +0200)
committer
Andre Noll
<maan@tuebingen.mpg.de>
Mon, 22 Aug 2016 15:27:51 +0000
(17:27 +0200)
Before opening a private key, crypt.c checks that the permissions
are restrictive enough. However, the gcrypt implementation contains
no such check. This commit adds it.
gcrypt.c
patch
|
blob
|
history
diff --git
a/gcrypt.c
b/gcrypt.c
index 63f8fff3e788d5166410736b6bc95d425f112f0f..3c6c1ad1d74c234f56f289a46fad98cede2a5140 100644
(file)
--- a/
gcrypt.c
+++ b/
gcrypt.c
@@
-782,6
+782,9
@@
int priv_decrypt(const char *key_file, unsigned char *outbuf,
gcry_sexp_t in, out, priv_key;
size_t nbytes;
+ ret = check_key_file(key_file, true);
+ if (ret < 0)
+ return ret;
PARA_INFO_LOG("decrypting %d byte input\n", inlen);
/* key_file -> asymmetric key priv */
ret = get_private_key(key_file, &priv);