security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Hard fail on a missing MDC even for legacy algorithms.

Browse source 
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1431901f0)

Resolved Conflicts:
	g10/mainproc.c - Remove AEAD stuff.
This commit is contained in:
Werner Koch 2018-05-15 12:33:03 +02:00
parent 26c0d3a3fc
commit 3db1b48a2d
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 11 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

13
g10/mainproc.c
View file

@ -649,15 +649,12 @@ proc_encrypted (CTX c, PACKET *pkt)
;
else if (!result
&& !opt.ignore_mdc_error
&& !pkt->pkt.encrypted->mdc_method
&& openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
&& c->dek->algo != CIPHER_ALGO_TWOFISH)
&& !pkt->pkt.encrypted->mdc_method)
{
/* The message has been decrypted but has no MDC despite that a
modern cipher (blocklength != 64 bit, except for Twofish) is
used and the option to ignore MDC errors is not used: To
avoid attacks changing an MDC message to a non-MDC message,
we fail here. */
/* The message has been decrypted but does not carry an MDC.
* The option --ignore-mdc-error has also not been used. To
* avoid attacks changing an MDC message to a non-MDC message,
* we fail here. */
log_error (_("WARNING: message was not integrity protected\n"));
if (opt.verbose > 1)
log_info ("decryption forced to fail\n");