From 16424d8a34c7f6af1071fd19dfc180cb7d17c052 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 18 Dec 2018 08:21:03 +0100 Subject: [PATCH] wks: Do not use compression for the encrypted data. * tools/gpg-wks-client.c (encrypt_response): Add arg -z0. * tools/gpg-wks-server.c (encrypt_stream): Ditto. -- If for example a server was built without the development packages of the compression libraries installed, the server will not be able to decrypt a request. In theory this can't happen due to the preference system but it is just to easy to create the server's key using a different version of gpg and then use gpg-wks-server built differently. For the short messages we exchange compression is not really required and thus we better do without to make the system more robust. Signed-off-by: Werner Koch (cherry picked from commit 70a8db0333e3c22403b3647f8b5f924f6dace719) --- tools/gpg-wks-client.c | 1 + tools/gpg-wks-server.c | 1 + 2 files changed, 2 insertions(+) diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c index c8ff16651..78e4fe420 100644 --- a/tools/gpg-wks-client.c +++ b/tools/gpg-wks-client.c @@ -1151,6 +1151,7 @@ encrypt_response (estream_t *r_output, estream_t input, const char *addrspec, ccparray_put (&ccp, "--status-fd=2"); ccparray_put (&ccp, "--always-trust"); ccparray_put (&ccp, "--armor"); + ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */ if (fake_submission_addr) ccparray_put (&ccp, "--auto-key-locate=clear,local"); else diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c index 1a0ba8f4f..f83ef6528 100644 --- a/tools/gpg-wks-server.c +++ b/tools/gpg-wks-server.c @@ -586,6 +586,7 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile) ccparray_put (&ccp, "--always-trust"); ccparray_put (&ccp, "--no-keyring"); ccparray_put (&ccp, "--armor"); + ccparray_put (&ccp, "-z0"); /* No compression for improved robustness. */ ccparray_put (&ccp, "--recipient-file"); ccparray_put (&ccp, keyfile); ccparray_put (&ccp, "--encrypt");