security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

gpg: Hard fail on a missing MDC even for legacy algorithms.

Browse Source 
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-05-15 12:33:03 +02:00
parent 96350c5d5a
commit d1431901f0
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/gpg.texi
View File

@ -3230,10 +3230,11 @@ to ignore CRC errors.
@item --ignore-mdc-error @item --ignore-mdc-error
@opindex ignore-mdc-error @opindex ignore-mdc-error
This option changes a MDC integrity protection failure into a warning. This option changes a MDC integrity protection failure into a warning.
This can be useful if a message is partially corrupt, but it is It is required to decrypt old messages which did not use an MDC. It
necessary to get as much data as possible out of the corrupt message. may also be useful if a message is partially garbled, but it is
However, be aware that a MDC protection failure may also mean that the necessary to get as much data as possible out of that garbled message.
message was tampered with intentionally by an attacker. Be aware that a missing or failed MDC can be an indication of an
attack. Use with caution.
@item --allow-weak-digest-algos @item --allow-weak-digest-algos
@opindex allow-weak-digest-algos @opindex allow-weak-digest-algos

13
g10/mainproc.c
View File

@ -738,15 +738,12 @@ proc_encrypted (CTX c, PACKET *pkt)
else if (!result else if (!result
&& !opt.ignore_mdc_error && !opt.ignore_mdc_error
&& !pkt->pkt.encrypted->mdc_method && !pkt->pkt.encrypted->mdc_method
&& !pkt->pkt.encrypted->aead_algo && !pkt->pkt.encrypted->aead_algo)
&& openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
&& c->dek->algo != CIPHER_ALGO_TWOFISH)
{ {
/* The message has been decrypted but has no MDC despite that a /* The message has been decrypted but does not carry an MDC or
modern cipher (blocklength != 64 bit, except for Twofish) is * uses AEAD encryption. --ignore-mdc-error has also not been
used and the option to ignore MDC errors is not used: To * used. To avoid attacks changing an MDC message to a non-MDC
avoid attacks changing an MDC message to a non-MDC message, * message, we fail here. */
we fail here. */
log_error (_("WARNING: message was not integrity protected\n")); log_error (_("WARNING: message was not integrity protected\n"));
if (opt.verbose > 1) if (opt.verbose > 1)
log_info ("decryption forced to fail\n"); log_info ("decryption forced to fail\n");

1
tests/openpgp/defs.scm
View File

@ -341,6 +341,7 @@
"no-auto-key-retrieve" "no-auto-key-retrieve"
"no-auto-key-locate" "no-auto-key-locate"
"allow-weak-digest-algos" "allow-weak-digest-algos"
"ignore-mdc-error"
(if have-opt-always-trust (if have-opt-always-trust
"no-auto-check-trustdb" "#no-auto-check-trustdb") "no-auto-check-trustdb" "#no-auto-check-trustdb")
(string-append "agent-program " (string-append "agent-program "