[Pkg-gnupg-commit] [gnupg2] 133/205: agent: Fix regression due to recent commit 4159567.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit 8c3fb2360f154a971d2a390e4937acb22a44a8c2
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Apr 14 12:16:51 2016 +0200

    agent: Fix regression due to recent commit 4159567.
    
    * agent/protect.c (do_encryption): Fix CBC hashing.
    --
    
    The buggy code included an extra closing parenthesis before
    the (protected-at) term in the CBC hashing.  We now do it by
    explicitly hashing the protected stuff and append the rest of the
    expression instead of a fixed closing parenthesis.  Note that the OCB
    hashing only differs that it does no include the protected part.
    
    Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
    Signed-off-by: Werner Koch <wk at gnupg.org>
---
 agent/protect.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/agent/protect.c b/agent/protect.c
index a78d5a5..ee08e57 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -464,9 +464,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
       rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 );
       if (!rc)
         {
-          gcry_md_write (md, hashbegin, hashlen);
+          gcry_md_write (md, hashbegin, protbegin - hashbegin);
+          gcry_md_write (md, protbegin, protlen);
           gcry_md_write (md, timestamp_exp, timestamp_exp_len);
-          gcry_md_write (md, ")", 1);
+          gcry_md_write (md, protbegin+protlen,
+                         hashlen - (protbegin+protlen - hashbegin));
           memcpy (hashvalue, gcry_md_read (md, GCRY_MD_SHA1), 20);
           gcry_md_close (md);
         }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git