From 4584125802be11833a5b289e864b45eedc2b45fd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 12 Oct 2015 09:31:44 +0200 Subject: [PATCH] gpg: Try hard to use MDC also for sign+symenc. * g10/encrypt.c (use_mdc): Make it a global func. * g10/sign.c (sign_symencrypt_file): Use that function to decide whether to use an MDC. * tests/openpgp/conventional-mdc.test: Add a simple test case. -- We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc. That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all uses of modern ciphers are using MDC. Reported-by: Ben Kibbey Signed-off-by: Werner Koch --- g10/encrypt.c | 4 ++-- g10/main.h | 1 + g10/sign.c | 13 ++++++------- tests/openpgp/conventional-mdc.test | 11 ++++++++++- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/g10/encrypt.c b/g10/encrypt.c index e2e1c05da..8bdbe8c2d 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -101,8 +101,8 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey) /* We try very hard to use a MDC */ -static int -use_mdc(PK_LIST pk_list,int algo) +int +use_mdc (pk_list_t pk_list,int algo) { /* RFC-2440 don't has MDC */ if (RFC2440) diff --git a/g10/main.h b/g10/main.h index 0bace6162..c9521ad1d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -211,6 +211,7 @@ void display_online_help( const char *keyword ); /*-- encode.c --*/ int setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek); +int use_mdc (pk_list_t pk_list,int algo); int encrypt_symmetric (const char *filename ); int encrypt_store (const char *filename ); int encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, diff --git a/g10/sign.c b/g10/sign.c index 782b9fcfa..fadf4ccb5 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1261,12 +1261,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) goto leave; } - /* We have no way to tell if the recipient can handle messages - with an MDC, so this defaults to no. Perhaps in a few years, - this can be defaulted to yes. Note that like regular - encrypting, --force-mdc overrides --disable-mdc. */ - if(opt.force_mdc) - cfx.dek->use_mdc=1; + cfx.dek->use_mdc = use_mdc (NULL, cfx.dek->algo); /* now create the outfile */ rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out); @@ -1309,7 +1304,11 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) /* Push the compress filter */ if (default_compress_algo()) - push_compress_filter(out,&zfx,default_compress_algo()); + { + if (cfx.dek && cfx.dek->use_mdc) + zfx.new_ctb = 1; + push_compress_filter (out, &zfx,default_compress_algo() ); + } /* Write the one-pass signature packets */ /*(current filters: zip - encrypt - armor)*/ diff --git a/tests/openpgp/conventional-mdc.test b/tests/openpgp/conventional-mdc.test index 744e11ef3..031fc0e12 100755 --- a/tests/openpgp/conventional-mdc.test +++ b/tests/openpgp/conventional-mdc.test @@ -31,5 +31,14 @@ for ciph in `all_cipher_algos`; do cmp z y || error "$ciph/$i: mismatch" done done - progress_end + +#info Checking sign+symencrypt +for i in $plain_files $data_files; do + echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k -cs -o x --yes $i + echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k -o y --yes x + cmp $i y || error "$i: mismatch in sign+symenc" +done + + +# eof