mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Make AEAD modes subject to compliance checks.
* g10/decrypt-data.c (decrypt_data): Move aead algo detection up. -- Note that the AEAD modes are not yet approved for --compliance=de-vs Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
5c47e7825b
commit
cec397e002
@ -220,6 +220,8 @@ int
|
||||
decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
|
||||
{
|
||||
decode_filter_ctx_t dfx;
|
||||
enum gcry_cipher_modes ciphermode;
|
||||
unsigned int startivlen;
|
||||
byte *p;
|
||||
int rc=0, c, i;
|
||||
byte temp[32];
|
||||
@ -243,9 +245,18 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
|
||||
dek->algo_info_printed = 1;
|
||||
}
|
||||
|
||||
if (ed->aead_algo)
|
||||
{
|
||||
rc = openpgp_aead_algo_info (ed->aead_algo, &ciphermode, &startivlen);
|
||||
if (rc)
|
||||
goto leave;
|
||||
log_assert (startivlen <= sizeof dfx->startiv);
|
||||
}
|
||||
else
|
||||
ciphermode = GCRY_CIPHER_MODE_CFB;
|
||||
|
||||
/* Check compliance. */
|
||||
if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo,
|
||||
GCRY_CIPHER_MODE_CFB))
|
||||
if (!gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, ciphermode))
|
||||
{
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
openpgp_cipher_algo_name (dek->algo),
|
||||
@ -286,20 +297,12 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
|
||||
|
||||
if (ed->aead_algo)
|
||||
{
|
||||
enum gcry_cipher_modes ciphermode;
|
||||
unsigned int startivlen;
|
||||
|
||||
if (blocksize != 16)
|
||||
{
|
||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
rc = openpgp_aead_algo_info (ed->aead_algo, &ciphermode, &startivlen);
|
||||
if (rc)
|
||||
goto leave;
|
||||
log_assert (startivlen <= sizeof dfx->startiv);
|
||||
|
||||
if (ed->chunkbyte > 56)
|
||||
{
|
||||
log_error ("invalid AEAD chunkbyte %u\n", ed->chunkbyte);
|
||||
|
Loading…
x
Reference in New Issue
Block a user