security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Fix flaw in symmetric algorithm selection in mixed mode. 

* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo.  Fix error code.
(encrypt_simple): Use setup_symkey.
--

Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion.  The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported-from-master: 6864bba78e
This commit is contained in:
Werner Koch 2020-07-07 12:58:29 +02:00
parent 34c9cfd3d7
commit 7b6071a45f
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 10 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
g10/encrypt.c
View File

@ -191,18 +191,9 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
cfx.dek = NULL;
if ( mode )
{
int canceled;
s2k = xmalloc_clear( sizeof *s2k );
s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
cfx.dek = passphrase_to_dek (default_cipher_algo (), s2k, 1, 0,
NULL, &canceled);
if ( !cfx.dek || !cfx.dek->keylen )
rc = setup_symkey (&s2k, &cfx.dek);
if (rc)
{
rc = gpg_error (canceled? GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
xfree (cfx.dek);
xfree (s2k);
iobuf_close (inp);
log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
release_progress_context (pfx);
@ -378,22 +369,22 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
}
int
setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek)
gpg_error_t
setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
{
int canceled;
*symkey_s2k=xmalloc_clear(sizeof(STRING2KEY));
*symkey_s2k = xmalloc_clear (sizeof **symkey_s2k);
(*symkey_s2k)->mode = opt.s2k_mode;
(*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;
*symkey_dek = passphrase_to_dek (opt.s2k_cipher_algo,
*symkey_dek = passphrase_to_dek (default_cipher_algo (),
*symkey_s2k, 1, 0, NULL, &canceled);
if(!*symkey_dek || !(*symkey_dek)->keylen)
if (!*symkey_dek || !(*symkey_dek)->keylen)
{
xfree(*symkey_dek);
xfree(*symkey_s2k);
return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
}
return 0;

2
g10/main.h
View File

@ -229,7 +229,7 @@ int cpr_get_answer_okay_cancel (const char *keyword,
void display_online_help( const char *keyword );
/*-- encode.c --*/
int setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
gpg_error_t setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
void encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey);
int use_mdc (pk_list_t pk_list,int algo);
int encrypt_symmetric (const char *filename );

2
g10/passphrase.c
View File

@ -318,7 +318,7 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
*canceled = 0;
if (opt.no_symkey_cache)
nocache = 1; /* Force no symmtric key caching. */
nocache = 1; /* Force no symmetric key caching. */
if ( !s2k )
{