security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

gpg: Hard fail on a missing MDC even for legacy algorithms.

Browse Source 
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f)

Resolved Conflicts:
	g10/mainproc.c - Remove AEAD stuff.
This commit is contained in:
Werner Koch 2018-05-15 12:33:03 +02:00
parent 26c0d3a3fc
commit 3db1b48a2d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/gpg.texi
View File

@ -3182,10 +3182,11 @@ to ignore CRC errors.
@item --ignore-mdc-error @item --ignore-mdc-error
@opindex ignore-mdc-error @opindex ignore-mdc-error
This option changes a MDC integrity protection failure into a warning. This option changes a MDC integrity protection failure into a warning.
This can be useful if a message is partially corrupt, but it is It is required to decrypt old messages which did not use an MDC. It
necessary to get as much data as possible out of the corrupt message. may also be useful if a message is partially garbled, but it is
However, be aware that a MDC protection failure may also mean that the necessary to get as much data as possible out of that garbled message.
message was tampered with intentionally by an attacker. Be aware that a missing or failed MDC can be an indication of an
attack. Use with caution.
@item --allow-weak-digest-algos @item --allow-weak-digest-algos
@opindex allow-weak-digest-algos @opindex allow-weak-digest-algos

13
g10/mainproc.c
View File

@ -649,15 +649,12 @@ proc_encrypted (CTX c, PACKET *pkt)
; ;
else if (!result else if (!result
&& !opt.ignore_mdc_error && !opt.ignore_mdc_error
&& !pkt->pkt.encrypted->mdc_method && !pkt->pkt.encrypted->mdc_method)
&& openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
&& c->dek->algo != CIPHER_ALGO_TWOFISH)
{ {
/* The message has been decrypted but has no MDC despite that a /* The message has been decrypted but does not carry an MDC.
modern cipher (blocklength != 64 bit, except for Twofish) is * The option --ignore-mdc-error has also not been used. To
used and the option to ignore MDC errors is not used: To * avoid attacks changing an MDC message to a non-MDC message,
avoid attacks changing an MDC message to a non-MDC message, * we fail here. */
we fail here. */
log_error (_("WARNING: message was not integrity protected\n")); log_error (_("WARNING: message was not integrity protected\n"));
if (opt.verbose > 1) if (opt.verbose > 1)
log_info ("decryption forced to fail\n"); log_info ("decryption forced to fail\n");

1
tests/openpgp/defs.scm
View File

@ -341,6 +341,7 @@
"no-auto-key-retrieve" "no-auto-key-retrieve"
"no-auto-key-locate" "no-auto-key-locate"
"allow-weak-digest-algos" "allow-weak-digest-algos"
"ignore-mdc-error"
(if have-opt-always-trust (if have-opt-always-trust
"no-auto-check-trustdb" "#no-auto-check-trustdb") "no-auto-check-trustdb" "#no-auto-check-trustdb")
(string-append "agent-program " (string-append "agent-program "