mirror of git://git.gnupg.org/gnupg.git
gpg: Hard fail on a missing MDC even for legacy algorithms.
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d1431901f0)
Resolved Conflicts:
g10/mainproc.c - Remove AEAD stuff.
This commit is contained in:
Werner Koch
parent
26c0d3a3fc
commit
3db1b48a2d
|
|
@ -3182,10 +3182,11 @@ to ignore CRC errors.
|
||||||
@item --ignore-mdc-error
|
@item --ignore-mdc-error
|
||||||
@opindex ignore-mdc-error
|
@opindex ignore-mdc-error
|
||||||
This option changes a MDC integrity protection failure into a warning.
|
This option changes a MDC integrity protection failure into a warning.
|
||||||
This can be useful if a message is partially corrupt, but it is
|
It is required to decrypt old messages which did not use an MDC. It
|
||||||
necessary to get as much data as possible out of the corrupt message.
|
may also be useful if a message is partially garbled, but it is
|
||||||
However, be aware that a MDC protection failure may also mean that the
|
necessary to get as much data as possible out of that garbled message.
|
||||||
message was tampered with intentionally by an attacker.
|
Be aware that a missing or failed MDC can be an indication of an
|
||||||
|
attack. Use with caution.
|
||||||
|
|
||||||
@item --allow-weak-digest-algos
|
@item --allow-weak-digest-algos
|
||||||
@opindex allow-weak-digest-algos
|
@opindex allow-weak-digest-algos
|
||||||
|
|
|
||||||
|
|
@ -649,15 +649,12 @@ proc_encrypted (CTX c, PACKET *pkt)
|
||||||
;
|
;
|
||||||
else if (!result
|
else if (!result
|
||||||
&& !opt.ignore_mdc_error
|
&& !opt.ignore_mdc_error
|
||||||
&& !pkt->pkt.encrypted->mdc_method
|
&& !pkt->pkt.encrypted->mdc_method)
|
||||||
&& openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
|
|
||||||
&& c->dek->algo != CIPHER_ALGO_TWOFISH)
|
|
||||||
{
|
{
|
||||||
/* The message has been decrypted but has no MDC despite that a
|
/* The message has been decrypted but does not carry an MDC.
|
||||||
modern cipher (blocklength != 64 bit, except for Twofish) is
|
* The option --ignore-mdc-error has also not been used. To
|
||||||
used and the option to ignore MDC errors is not used: To
|
* avoid attacks changing an MDC message to a non-MDC message,
|
||||||
avoid attacks changing an MDC message to a non-MDC message,
|
* we fail here. */
|
||||||
we fail here. */
|
|
||||||
log_error (_("WARNING: message was not integrity protected\n"));
|
log_error (_("WARNING: message was not integrity protected\n"));
|
||||||
if (opt.verbose > 1)
|
if (opt.verbose > 1)
|
||||||
log_info ("decryption forced to fail\n");
|
log_info ("decryption forced to fail\n");
|
||||||
|
|
|
||||||
|
|
@ -341,6 +341,7 @@
|
||||||
"no-auto-key-retrieve"
|
"no-auto-key-retrieve"
|
||||||
"no-auto-key-locate"
|
"no-auto-key-locate"
|
||||||
"allow-weak-digest-algos"
|
"allow-weak-digest-algos"
|
||||||
|
"ignore-mdc-error"
|
||||||
(if have-opt-always-trust
|
(if have-opt-always-trust
|
||||||
"no-auto-check-trustdb" "#no-auto-check-trustdb")
|
"no-auto-check-trustdb" "#no-auto-check-trustdb")
|
||||||
(string-append "agent-program "
|
(string-append "agent-program "
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue