mirror of git://git.gnupg.org/gnupg.git
gpg: Fix flaw in symmetric algorithm selection in mixed mode.
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo. Fix error code.
(encrypt_simple): Use setup_symkey.
--
Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion. The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 6864bba78e
This commit is contained in:
parent
34c9cfd3d7
commit
7b6071a45f
|
@ -191,18 +191,9 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
|||
cfx.dek = NULL;
|
||||
if ( mode )
|
||||
{
|
||||
int canceled;
|
||||
|
||||
s2k = xmalloc_clear( sizeof *s2k );
|
||||
s2k->mode = opt.s2k_mode;
|
||||
s2k->hash_algo = S2K_DIGEST_ALGO;
|
||||
cfx.dek = passphrase_to_dek (default_cipher_algo (), s2k, 1, 0,
|
||||
NULL, &canceled);
|
||||
if ( !cfx.dek || !cfx.dek->keylen )
|
||||
rc = setup_symkey (&s2k, &cfx.dek);
|
||||
if (rc)
|
||||
{
|
||||
rc = gpg_error (canceled? GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
|
||||
xfree (cfx.dek);
|
||||
xfree (s2k);
|
||||
iobuf_close (inp);
|
||||
log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
|
||||
release_progress_context (pfx);
|
||||
|
@ -378,22 +369,22 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
|||
}
|
||||
|
||||
|
||||
int
|
||||
setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek)
|
||||
gpg_error_t
|
||||
setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
|
||||
{
|
||||
int canceled;
|
||||
|
||||
*symkey_s2k=xmalloc_clear(sizeof(STRING2KEY));
|
||||
*symkey_s2k = xmalloc_clear (sizeof **symkey_s2k);
|
||||
(*symkey_s2k)->mode = opt.s2k_mode;
|
||||
(*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;
|
||||
|
||||
*symkey_dek = passphrase_to_dek (opt.s2k_cipher_algo,
|
||||
*symkey_dek = passphrase_to_dek (default_cipher_algo (),
|
||||
*symkey_s2k, 1, 0, NULL, &canceled);
|
||||
if(!*symkey_dek || !(*symkey_dek)->keylen)
|
||||
if (!*symkey_dek || !(*symkey_dek)->keylen)
|
||||
{
|
||||
xfree(*symkey_dek);
|
||||
xfree(*symkey_s2k);
|
||||
return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
|
||||
return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -229,7 +229,7 @@ int cpr_get_answer_okay_cancel (const char *keyword,
|
|||
void display_online_help( const char *keyword );
|
||||
|
||||
/*-- encode.c --*/
|
||||
int setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
|
||||
gpg_error_t setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
|
||||
void encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey);
|
||||
int use_mdc (pk_list_t pk_list,int algo);
|
||||
int encrypt_symmetric (const char *filename );
|
||||
|
|
|
@ -318,7 +318,7 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
|
|||
*canceled = 0;
|
||||
|
||||
if (opt.no_symkey_cache)
|
||||
nocache = 1; /* Force no symmtric key caching. */
|
||||
nocache = 1; /* Force no symmetric key caching. */
|
||||
|
||||
if ( !s2k )
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue