From 6e3c6e6bcbcf01603ff87f8625e83b8c9115c579 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Tue, 30 Sep 2003 17:27:02 +0000 Subject: [PATCH] * parse-packet.c (parse_symkeyenc): Give a warning if a session key decryption key is seen without salt. Show in --list-packets if a session key decryption key is present. --- g10/ChangeLog | 6 ++++++ g10/parse-packet.c | 18 +++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index ff4fc0bb1..23a860663 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2003-09-30 David Shaw + + * parse-packet.c (parse_symkeyenc): Give a warning if a session + key decryption key is seen without salt. Show in --list-packets + if a session key decryption key is present. + 2003-09-22 David Shaw * g10.c (main): Deprecate --no-comment in favor of diff --git a/g10/parse-packet.c b/g10/parse-packet.c index aafe3356c..a16209d76 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -678,8 +678,17 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) k->s2k.count = iobuf_get(inp); pktlen--; } k->seskeylen = seskeylen; - for(i=0; i < seskeylen && pktlen; i++, pktlen-- ) - k->seskey[i] = iobuf_get_noeof(inp); + if(k->seskeylen) + { + for(i=0; i < seskeylen && pktlen; i++, pktlen-- ) + k->seskey[i] = iobuf_get_noeof(inp); + + /* What we're watching out for here is a session key decryptor + with no salt. The RFC says that using salt for this is a + MUST. */ + if(s2kmode!=1 && s2kmode!=3) + log_info(_("WARNING: potentially insecure session key decryption key\n")); + } assert( !pktlen ); if( list_mode ) { @@ -690,9 +699,12 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) for(i=0; i < 8; i++ ) printf("%02x", k->s2k.salt[i]); if( s2kmode == 3 ) - printf(", count %lu\n", (ulong)k->s2k.count ); + printf(", count %lu", (ulong)k->s2k.count ); printf("\n"); } + if(seskeylen) + printf("\tsession key decryption key present (%d bytes)\n", + seskeylen-1); } leave: