From 416cf9e9be5d2daf0ef629208031989699b3653f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 13 Dec 2017 13:02:34 +0100
Subject: [PATCH] gpg: Print a warning for too much data encrypted with 3DES et
 al.

* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--

Note that to test this warning in a reliable way compression needs to
be disabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/cipher.c | 26 +++++++++++++++++++++++---
 g10/filter.h |  5 +++--
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/g10/cipher.c b/g10/cipher.c
index 409d0adef..b950d0c3f 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -64,6 +64,11 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
       if (DBG_HASHING)
         gcry_md_debug (cfx->mdc_hash, "creatmdc");
     }
+  else if (!opt.no_mdc_warn)
+    {
+      log_info ("WARNING: "
+                "encrypting without integrity protection is dangerous\n");
+    }
 
   write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
                        ed.mdc_method, cfx->dek->algo);
@@ -91,7 +96,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
       BUG();
     }
 
-
   /* log_hexdump ("thekey", cfx->dek->key, cfx->dek->keylen); */
   gcry_cipher_setkey (cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen);
   gcry_cipher_setiv (cfx->cipher_hd, NULL, 0);
@@ -101,7 +105,11 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
   gcry_cipher_encrypt (cfx->cipher_hd, temp, nprefix+2, NULL, 0);
   gcry_cipher_sync (cfx->cipher_hd);
   iobuf_write (a, temp, nprefix+2);
-  cfx->header = 1;
+
+  cfx->short_blklen_warn = (blocksize < 16);
+  cfx->short_blklen_count = nprefix+2;
+
+  cfx->wrote_header = 1;
 }
 
 
@@ -122,11 +130,23 @@ cipher_filter (void *opaque, int control, iobuf_t a, byte *buf, size_t *ret_len)
   else if (control == IOBUFCTRL_FLUSH) /* encrypt */
     {
       log_assert (a);
-      if (!cfx->header)
+      if (!cfx->wrote_header)
         write_header (cfx, a);
       if (cfx->mdc_hash)
         gcry_md_write (cfx->mdc_hash, buf, size);
       gcry_cipher_encrypt (cfx->cipher_hd, buf, size, NULL, 0);
+      if (cfx->short_blklen_warn)
+        {
+          cfx->short_blklen_count += size;
+          if (cfx->short_blklen_count > (150 * 1024 * 1024))
+            {
+              log_info ("WARNING: encrypting more than %d MiB with algorithm "
+                        "%s should be avoided\n", 150,
+                        openpgp_cipher_algo_name (cfx->dek->algo));
+              cfx->short_blklen_warn = 0; /* Don't show again.  */
+            }
+        }
+
       rc = iobuf_write (a, buf, size);
     }
   else if (control == IOBUFCTRL_FREE)
diff --git a/g10/filter.h b/g10/filter.h
index 275608d4a..9e4b1e538 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -92,10 +92,11 @@ typedef struct {
     DEK *dek;
     u32 datalen;
     gcry_cipher_hd_t cipher_hd;
-    int header;
+    unsigned int wrote_header : 1;
+    unsigned int short_blklen_warn : 1;
+    unsigned long short_blklen_count;
     gcry_md_hd_t mdc_hash;
     byte enchash[20];
-    int create_mdc; /* flag will be set by the cipher filter */
 } cipher_filter_context_t;