mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-31 11:41:32 +01:00
gpg: Remove MDC options
* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. * g10/cipher.c (write_header): Include extra hint and make translatable. * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. This is a stripped down version of commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be applied due to the AEAD mechanisms there. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
3db1b48a2d
commit
866667765f
23
doc/gpg.texi
23
doc/gpg.texi
@ -2580,17 +2580,13 @@ is the default.
|
|||||||
These options are obsolete and have no effect since GnuPG 2.1.
|
These options are obsolete and have no effect since GnuPG 2.1.
|
||||||
|
|
||||||
@item --force-mdc
|
@item --force-mdc
|
||||||
|
@itemx --disable-mdc
|
||||||
@opindex force-mdc
|
@opindex force-mdc
|
||||||
Force the use of encryption with a modification detection code. This
|
|
||||||
is always used with the newer ciphers (those with a blocksize greater
|
|
||||||
than 64 bits), or if all of the recipient keys indicate MDC support in
|
|
||||||
their feature flags.
|
|
||||||
|
|
||||||
@item --disable-mdc
|
|
||||||
@opindex disable-mdc
|
@opindex disable-mdc
|
||||||
Disable the use of the modification detection code. Note that by
|
These options are obsolete and have no effect since GnuPG 2.2.8. The
|
||||||
using this option, the encrypted message becomes vulnerable to a
|
MDC is always used. But note: If the creation of a legacy non-MDC
|
||||||
message modification attack.
|
message is exceptionally required, the option @option{--rfc2440}
|
||||||
|
allows for this.
|
||||||
|
|
||||||
@item --disable-signer-uid
|
@item --disable-signer-uid
|
||||||
@opindex disable-signer-uid
|
@opindex disable-signer-uid
|
||||||
@ -2710,7 +2706,10 @@ keys or data may not be usable with future GnuPG versions.
|
|||||||
@item --rfc2440
|
@item --rfc2440
|
||||||
@opindex rfc2440
|
@opindex rfc2440
|
||||||
Reset all packet, cipher and digest options to strict RFC-2440
|
Reset all packet, cipher and digest options to strict RFC-2440
|
||||||
behavior.
|
behavior. Note that by using this option encryption packets are
|
||||||
|
created in a legacy mode without MDC protection. This is dangerous
|
||||||
|
and should thus only be used for experiments. See also option
|
||||||
|
@option{--ignore-mdc-error}.
|
||||||
|
|
||||||
@item --pgp6
|
@item --pgp6
|
||||||
@opindex pgp6
|
@opindex pgp6
|
||||||
@ -2721,7 +2720,7 @@ compression algorithms none and ZIP. This also disables
|
|||||||
@option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
|
@option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
|
||||||
does not understand signatures made by signing subkeys.
|
does not understand signatures made by signing subkeys.
|
||||||
|
|
||||||
This option implies @option{--disable-mdc --escape-from-lines}.
|
This option implies @option{--escape-from-lines}.
|
||||||
|
|
||||||
@item --pgp7
|
@item --pgp7
|
||||||
@opindex pgp7
|
@opindex pgp7
|
||||||
@ -3186,7 +3185,7 @@ It is required to decrypt old messages which did not use an MDC. It
|
|||||||
may also be useful if a message is partially garbled, but it is
|
may also be useful if a message is partially garbled, but it is
|
||||||
necessary to get as much data as possible out of that garbled message.
|
necessary to get as much data as possible out of that garbled message.
|
||||||
Be aware that a missing or failed MDC can be an indication of an
|
Be aware that a missing or failed MDC can be an indication of an
|
||||||
attack. Use with caution.
|
attack. Use with great caution; see also option @option{--rfc2440}.
|
||||||
|
|
||||||
@item --allow-weak-digest-algos
|
@item --allow-weak-digest-algos
|
||||||
@opindex allow-weak-digest-algos
|
@opindex allow-weak-digest-algos
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
#include "options.h"
|
#include "options.h"
|
||||||
#include "main.h"
|
#include "main.h"
|
||||||
|
#include "../common/i18n.h"
|
||||||
#include "../common/status.h"
|
#include "../common/status.h"
|
||||||
|
|
||||||
|
|
||||||
@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
log_info ("WARNING: "
|
log_info (_("WARNING: "
|
||||||
"encrypting without integrity protection is dangerous\n");
|
"encrypting without integrity protection is dangerous\n"));
|
||||||
|
log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
|
||||||
}
|
}
|
||||||
|
|
||||||
write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
|
write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
|
||||||
|
@ -109,57 +109,20 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* We try very hard to use a MDC */
|
/* Shall we use the MDC? Yes - unless rfc-2440 compatibility is
|
||||||
|
* requested. */
|
||||||
int
|
int
|
||||||
use_mdc (pk_list_t pk_list,int algo)
|
use_mdc (pk_list_t pk_list,int algo)
|
||||||
{
|
{
|
||||||
/* RFC-2440 don't has MDC */
|
(void)pk_list;
|
||||||
|
(void)algo;
|
||||||
|
|
||||||
|
/* RFC-2440 don't has MDC - this is the only way to create a legacy
|
||||||
|
* non-MDC encryption packet. */
|
||||||
if (RFC2440)
|
if (RFC2440)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* --force-mdc overrides --disable-mdc */
|
return 1; /* In all other cases we use the MDC */
|
||||||
if(opt.force_mdc)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
if(opt.disable_mdc)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
/* Do the keys really support MDC? */
|
|
||||||
|
|
||||||
if(select_mdc_from_pklist(pk_list))
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
/* The keys don't support MDC, so now we do a bit of a hack - if any
|
|
||||||
of the AESes or TWOFISH are in the prefs, we assume that the user
|
|
||||||
can handle a MDC. This is valid for PGP 7, which can handle MDCs
|
|
||||||
though it will not generate them. 2440bis allows this, by the
|
|
||||||
way. */
|
|
||||||
|
|
||||||
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
|
|
||||||
CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
|
|
||||||
CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
|
|
||||||
CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
|
|
||||||
CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
/* Last try. Use MDC for the modern ciphers. */
|
|
||||||
|
|
||||||
if (openpgp_cipher_get_algo_blklen (algo) != 8)
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
if (opt.verbose)
|
|
||||||
warn_missing_mdc_from_pklist (pk_list);
|
|
||||||
|
|
||||||
return 0; /* No MDC */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
21
g10/gpg.c
21
g10/gpg.c
@ -297,10 +297,6 @@ enum cmd_and_opt_values
|
|||||||
oShowPhotos,
|
oShowPhotos,
|
||||||
oNoShowPhotos,
|
oNoShowPhotos,
|
||||||
oPhotoViewer,
|
oPhotoViewer,
|
||||||
oForceMDC,
|
|
||||||
oNoForceMDC,
|
|
||||||
oDisableMDC,
|
|
||||||
oNoDisableMDC,
|
|
||||||
oS2KMode,
|
oS2KMode,
|
||||||
oS2KDigest,
|
oS2KDigest,
|
||||||
oS2KCipher,
|
oS2KCipher,
|
||||||
@ -598,11 +594,6 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_n (oQuiet, "quiet", "@"),
|
ARGPARSE_s_n (oQuiet, "quiet", "@"),
|
||||||
ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
|
ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
|
||||||
|
|
||||||
ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
|
|
||||||
ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
|
|
||||||
ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
|
|
||||||
ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
|
|
||||||
|
|
||||||
ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
|
ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
|
||||||
|
|
||||||
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
|
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
|
||||||
@ -910,6 +901,11 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
|
ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
|
||||||
ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
|
ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
|
||||||
ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
|
ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
|
||||||
|
ARGPARSE_s_n (oNoop, "force-mdc", "@"),
|
||||||
|
ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
|
||||||
|
ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
|
||||||
|
ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
|
||||||
|
|
||||||
|
|
||||||
ARGPARSE_end ()
|
ARGPARSE_end ()
|
||||||
};
|
};
|
||||||
@ -2158,7 +2154,6 @@ set_compliance_option (enum cmd_and_opt_values option)
|
|||||||
case oDE_VS:
|
case oDE_VS:
|
||||||
set_compliance_option (oOpenPGP);
|
set_compliance_option (oOpenPGP);
|
||||||
opt.compliance = CO_DE_VS;
|
opt.compliance = CO_DE_VS;
|
||||||
opt.force_mdc = 1;
|
|
||||||
/* Fixme: Change other options. */
|
/* Fixme: Change other options. */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -2959,11 +2954,6 @@ main (int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
|
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
|
||||||
|
|
||||||
case oForceMDC: opt.force_mdc = 1; break;
|
|
||||||
case oNoForceMDC: opt.force_mdc = 0; break;
|
|
||||||
case oDisableMDC: opt.disable_mdc = 1; break;
|
|
||||||
case oNoDisableMDC: opt.disable_mdc = 0; break;
|
|
||||||
|
|
||||||
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
|
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
|
||||||
|
|
||||||
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
|
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
|
||||||
@ -3734,7 +3724,6 @@ main (int argc, char **argv)
|
|||||||
{
|
{
|
||||||
/* That does not anymore work because we have no more support
|
/* That does not anymore work because we have no more support
|
||||||
for v3 signatures. */
|
for v3 signatures. */
|
||||||
opt.disable_mdc=1;
|
|
||||||
opt.escape_from=1;
|
opt.escape_from=1;
|
||||||
opt.ask_sig_expire=0;
|
opt.ask_sig_expire=0;
|
||||||
}
|
}
|
||||||
|
@ -91,8 +91,6 @@ struct
|
|||||||
int no_armor;
|
int no_armor;
|
||||||
int list_packets; /* Option --list-packets active. */
|
int list_packets; /* Option --list-packets active. */
|
||||||
int def_cipher_algo;
|
int def_cipher_algo;
|
||||||
int force_mdc;
|
|
||||||
int disable_mdc;
|
|
||||||
int def_digest_algo;
|
int def_digest_algo;
|
||||||
int cert_digest_algo;
|
int cert_digest_algo;
|
||||||
int compress_algo;
|
int compress_algo;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user