From 7b6071a45fbf14219b6aca4fff8fa0eaf6c6dd8e Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 7 Jul 2020 12:58:29 +0200
Subject: [PATCH] gpg: Fix flaw in symmetric algorithm selection in mixed mode.

* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo.  Fix error code.
(encrypt_simple): Use setup_symkey.
--

Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion.  The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported-from-master: 6864bba78e76a1ff72aec140ae9f4e752454c463
---
 g10/encrypt.c    | 25 ++++++++-----------------
 g10/main.h       |  2 +-
 g10/passphrase.c |  2 +-
 3 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/g10/encrypt.c b/g10/encrypt.c
index 75bef8b74..42cad2b95 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -191,18 +191,9 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
   cfx.dek = NULL;
   if ( mode )
     {
-      int canceled;
-
-      s2k = xmalloc_clear( sizeof *s2k );
-      s2k->mode = opt.s2k_mode;
-      s2k->hash_algo = S2K_DIGEST_ALGO;
-      cfx.dek = passphrase_to_dek (default_cipher_algo (), s2k, 1, 0,
-                                   NULL, &canceled);
-      if ( !cfx.dek || !cfx.dek->keylen )
+      rc = setup_symkey (&s2k, &cfx.dek);
+      if (rc)
         {
-          rc = gpg_error (canceled? GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
-          xfree (cfx.dek);
-          xfree (s2k);
           iobuf_close (inp);
           log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
           release_progress_context (pfx);
@@ -378,22 +369,22 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
 }
 
 
-int
-setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek)
+gpg_error_t
+setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
 {
   int canceled;
 
-  *symkey_s2k=xmalloc_clear(sizeof(STRING2KEY));
+  *symkey_s2k = xmalloc_clear (sizeof **symkey_s2k);
   (*symkey_s2k)->mode = opt.s2k_mode;
   (*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;
 
-  *symkey_dek = passphrase_to_dek (opt.s2k_cipher_algo,
+  *symkey_dek = passphrase_to_dek (default_cipher_algo (),
                                    *symkey_s2k, 1, 0, NULL, &canceled);
-  if(!*symkey_dek || !(*symkey_dek)->keylen)
+  if (!*symkey_dek || !(*symkey_dek)->keylen)
     {
       xfree(*symkey_dek);
       xfree(*symkey_s2k);
-      return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_BAD_PASSPHRASE);
+      return gpg_error (canceled?GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
     }
 
   return 0;
diff --git a/g10/main.h b/g10/main.h
index bd57d2d98..bb046baac 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -229,7 +229,7 @@ int  cpr_get_answer_okay_cancel (const char *keyword,
 void display_online_help( const char *keyword );
 
 /*-- encode.c --*/
-int setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
+gpg_error_t setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
 void encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey);
 int use_mdc (pk_list_t pk_list,int algo);
 int encrypt_symmetric (const char *filename );
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 10574ec6a..461e31dc7 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -318,7 +318,7 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
   *canceled = 0;
 
   if (opt.no_symkey_cache)
-    nocache = 1;  /* Force no symmtric key caching.  */
+    nocache = 1;  /* Force no symmetric key caching.  */
 
   if ( !s2k )
     {