gpg: Fix flaw in symmetric algorithm selection in mixed mode.

* g10/encrypt.c (setup_symkey): Use default_cipher_algo function instead of the fallback s2k_cipher_algo. Fix error code. (encrypt_simple): Use setup_symkey. -- Aside of removing code duplication this patch fixes the flaw that the S2K cipher algorithm was used when mixing public key and symmetric encryption or signatures with symmetric encrypion. The default_algorithm function should be used here so that the command line option --cipher-algo and --personal-cipher-preferences have an effect. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2020-07-07 12:58:29 +02:00 · 2020-07-07 12:58:29 +02:00 · 6864bba78e
commit 6864bba78e
parent 969abcf40c
3 changed files with 10 additions and 18 deletions
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@ -319,19 +319,11 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
  cfx.dek = NULL;
  if ( mode )
    {
-      int canceled;
      aead_algo_t aead_algo;

-      s2k = xmalloc_clear( sizeof *s2k );
-      s2k->mode = opt.s2k_mode;
-      s2k->hash_algo = S2K_DIGEST_ALGO;
-      cfx.dek = passphrase_to_dek (default_cipher_algo (), s2k, 1, 0,
-                                   NULL, &canceled);
-      if ( !cfx.dek || !cfx.dek->keylen )
+      rc = setup_symkey (&s2k, &cfx.dek);
+      if (rc)
        {
-          rc = gpg_error (canceled? GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
-          xfree (cfx.dek);
-          xfree (s2k);
          iobuf_close (inp);
          log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
          release_progress_context (pfx);
@ -534,22 +526,22 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
 }


-int
-setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek)
+gpg_error_t
+setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
 {
  int canceled;

-  *symkey_s2k=xmalloc_clear(sizeof(STRING2KEY));
+  *symkey_s2k = xmalloc_clear (sizeof **symkey_s2k);
  (*symkey_s2k)->mode = opt.s2k_mode;
  (*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;

-  *symkey_dek = passphrase_to_dek (opt.s2k_cipher_algo,
+  *symkey_dek = passphrase_to_dek (default_cipher_algo (),
                                   *symkey_s2k, 1, 0, NULL, &canceled);
-  if(!*symkey_dek || !(*symkey_dek)->keylen)
+  if (!*symkey_dek || !(*symkey_dek)->keylen)
    {
      xfree(*symkey_dek);
      xfree(*symkey_s2k);
-      return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
+      return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
    }

  return 0;