From 874e391665405fc413a69f2ffacdb94bb08da7ff Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 31 May 2018 12:59:40 +0200 Subject: [PATCH] gpg: Print a hint on how to decrypt a non-mdc message anyway. * g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o MDC. Also print a dedicated status error code Signed-off-by: Werner Koch --- g10/mainproc.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/g10/mainproc.c b/g10/mainproc.c index 0303a527d..cf22210a3 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -751,8 +751,25 @@ proc_encrypted (CTX c, PACKET *pkt) * used. To avoid attacks changing an MDC message to a non-MDC * message, we fail here. */ log_error (_("WARNING: message was not integrity protected\n")); - if (opt.verbose > 1) - log_info ("decryption forced to fail\n"); + if (!pkt->pkt.encrypted->mdc_method + && (openpgp_cipher_get_algo_blklen (c->dek->algo) == 8 + || c->dek->algo == CIPHER_ALGO_TWOFISH)) + { + /* Before 2.2.8 we did not fail hard for a missing MDC if + * one of the old ciphers where used. Although these cases + * are rare in practice we print a hint on how to decrypt + * such messages. */ + log_string + (GPGRT_LOGLVL_INFO, + _("Hint: If this message was created before the year 2003 it is\n" + "likely that this message is legitimate. This is because back\n" + "then integrity protection was not widely used.\n")); + log_info (_("Use the option '%s' to decrypt anyway.\n"), + "--ignore-mdc-error"); + write_status_errcode ("nomdc_with_legacy_cipher", + GPG_ERR_DECRYPT_FAILED); + } + log_info (_("decryption forced to fail!\n")); write_status (STATUS_DECRYPTION_FAILED); } else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE