From 866667765f38bf65b612191209d0f0a87fb16393 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 29 May 2018 12:42:44 +0200 Subject: [PATCH] gpg: Remove MDC options * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. * g10/cipher.c (write_header): Include extra hint and make translatable. * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. This is a stripped down version of commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be applied due to the AEAD mechanisms there. Signed-off-by: Werner Koch --- doc/gpg.texi | 23 +++++++++++----------- g10/cipher.c | 6 ++++-- g10/encrypt.c | 53 ++++++++------------------------------------------- g10/gpg.c | 21 +++++--------------- g10/options.h | 2 -- 5 files changed, 28 insertions(+), 77 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 49a708a3e..260b9f33e 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2580,17 +2580,13 @@ is the default. These options are obsolete and have no effect since GnuPG 2.1. @item --force-mdc +@itemx --disable-mdc @opindex force-mdc -Force the use of encryption with a modification detection code. This -is always used with the newer ciphers (those with a blocksize greater -than 64 bits), or if all of the recipient keys indicate MDC support in -their feature flags. - -@item --disable-mdc @opindex disable-mdc -Disable the use of the modification detection code. Note that by -using this option, the encrypted message becomes vulnerable to a -message modification attack. +These options are obsolete and have no effect since GnuPG 2.2.8. The +MDC is always used. But note: If the creation of a legacy non-MDC +message is exceptionally required, the option @option{--rfc2440} +allows for this. @item --disable-signer-uid @opindex disable-signer-uid @@ -2710,7 +2706,10 @@ keys or data may not be usable with future GnuPG versions. @item --rfc2440 @opindex rfc2440 Reset all packet, cipher and digest options to strict RFC-2440 -behavior. +behavior. Note that by using this option encryption packets are +created in a legacy mode without MDC protection. This is dangerous +and should thus only be used for experiments. See also option +@option{--ignore-mdc-error}. @item --pgp6 @opindex pgp6 @@ -2721,7 +2720,7 @@ compression algorithms none and ZIP. This also disables @option{--throw-keyids}, and making signatures with signing subkeys as PGP 6 does not understand signatures made by signing subkeys. -This option implies @option{--disable-mdc --escape-from-lines}. +This option implies @option{--escape-from-lines}. @item --pgp7 @opindex pgp7 @@ -3186,7 +3185,7 @@ It is required to decrypt old messages which did not use an MDC. It may also be useful if a message is partially garbled, but it is necessary to get as much data as possible out of that garbled message. Be aware that a missing or failed MDC can be an indication of an -attack. Use with caution. +attack. Use with great caution; see also option @option{--rfc2440}. @item --allow-weak-digest-algos @opindex allow-weak-digest-algos diff --git a/g10/cipher.c b/g10/cipher.c index 2dc77bff6..f10ce486b 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -33,6 +33,7 @@ #include "packet.h" #include "options.h" #include "main.h" +#include "../common/i18n.h" #include "../common/status.h" @@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) } else { - log_info ("WARNING: " - "encrypting without integrity protection is dangerous\n"); + log_info (_("WARNING: " + "encrypting without integrity protection is dangerous\n")); + log_info (_("Hint: Do not use option %s\n"), "--rfc2440"); } write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d", diff --git a/g10/encrypt.c b/g10/encrypt.c index c68d6d5d1..543f1a737 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -109,57 +109,20 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey) } -/* We try very hard to use a MDC */ +/* Shall we use the MDC? Yes - unless rfc-2440 compatibility is + * requested. */ int use_mdc (pk_list_t pk_list,int algo) { - /* RFC-2440 don't has MDC */ + (void)pk_list; + (void)algo; + + /* RFC-2440 don't has MDC - this is the only way to create a legacy + * non-MDC encryption packet. */ if (RFC2440) return 0; - /* --force-mdc overrides --disable-mdc */ - if(opt.force_mdc) - return 1; - - if(opt.disable_mdc) - return 0; - - /* Do the keys really support MDC? */ - - if(select_mdc_from_pklist(pk_list)) - return 1; - - /* The keys don't support MDC, so now we do a bit of a hack - if any - of the AESes or TWOFISH are in the prefs, we assume that the user - can handle a MDC. This is valid for PGP 7, which can handle MDCs - though it will not generate them. 2440bis allows this, by the - way. */ - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH) - return 1; - - /* Last try. Use MDC for the modern ciphers. */ - - if (openpgp_cipher_get_algo_blklen (algo) != 8) - return 1; - - if (opt.verbose) - warn_missing_mdc_from_pklist (pk_list); - - return 0; /* No MDC */ + return 1; /* In all other cases we use the MDC */ } diff --git a/g10/gpg.c b/g10/gpg.c index aeb62aa44..2c181c2cf 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -297,10 +297,6 @@ enum cmd_and_opt_values oShowPhotos, oNoShowPhotos, oPhotoViewer, - oForceMDC, - oNoForceMDC, - oDisableMDC, - oNoDisableMDC, oS2KMode, oS2KDigest, oS2KCipher, @@ -598,11 +594,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oQuiet, "quiet", "@"), ARGPARSE_s_n (oNoTTY, "no-tty", "@"), - ARGPARSE_s_n (oForceMDC, "force-mdc", "@"), - ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"), - ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"), - ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"), - ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"), ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), @@ -910,6 +901,11 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoop, "force-v4-certs", "@"), ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"), ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"), + ARGPARSE_s_n (oNoop, "force-mdc", "@"), + ARGPARSE_s_n (oNoop, "no-force-mdc", "@"), + ARGPARSE_s_n (oNoop, "disable-mdc", "@"), + ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"), + ARGPARSE_end () }; @@ -2158,7 +2154,6 @@ set_compliance_option (enum cmd_and_opt_values option) case oDE_VS: set_compliance_option (oOpenPGP); opt.compliance = CO_DE_VS; - opt.force_mdc = 1; /* Fixme: Change other options. */ break; @@ -2959,11 +2954,6 @@ main (int argc, char **argv) break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; - case oForceMDC: opt.force_mdc = 1; break; - case oNoForceMDC: opt.force_mdc = 0; break; - case oDisableMDC: opt.disable_mdc = 1; break; - case oNoDisableMDC: opt.disable_mdc = 0; break; - case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; @@ -3734,7 +3724,6 @@ main (int argc, char **argv) { /* That does not anymore work because we have no more support for v3 signatures. */ - opt.disable_mdc=1; opt.escape_from=1; opt.ask_sig_expire=0; } diff --git a/g10/options.h b/g10/options.h index 177ba959f..6c672653a 100644 --- a/g10/options.h +++ b/g10/options.h @@ -91,8 +91,6 @@ struct int no_armor; int list_packets; /* Option --list-packets active. */ int def_cipher_algo; - int force_mdc; - int disable_mdc; int def_digest_algo; int cert_digest_algo; int compress_algo;