From 33d0d618adbd6bd7afafbbbe1fd0d60b7c8d561c Mon Sep 17 00:00:00 2001
From: Andre Noll <maan@tuebingen.mpg.de>
Date: Sun, 10 Jul 2016 21:33:18 +0200
Subject: [PATCH 1/1] gcrypt: Check file permissions of private keys.

Before opening a private key, crypt.c checks that the permissions
are restrictive enough. However, the gcrypt implementation contains
no such check. This commit adds it.
---
 gcrypt.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gcrypt.c b/gcrypt.c
index 63f8fff3..3c6c1ad1 100644
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -782,6 +782,9 @@ int priv_decrypt(const char *key_file, unsigned char *outbuf,
 	gcry_sexp_t in, out, priv_key;
 	size_t nbytes;
 
+	ret = check_key_file(key_file, true);
+	if (ret < 0)
+		return ret;
 	PARA_INFO_LOG("decrypting %d byte input\n", inlen);
 	/* key_file -> asymmetric key priv */
 	ret = get_private_key(key_file, &priv);
-- 
2.39.2