security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

common: Add cipher mode to compliance predicate. 

* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2017-06-07 16:09:07 +02:00
parent 21fc2508c9
commit e051e39615
No known key found for this signature in database
GPG Key ID: DD1A52F9DA8C9020
4 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
common/compliance.c
View File

@ -193,9 +193,11 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
}
/* Return true if CIPHER is compliant to the given COMPLIANCE mode. */
/* Return true if (CIPHER, MODE) is compliant to the given COMPLIANCE mode. */
int
gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t cipher)
gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
cipher_algo_t cipher,
enum gcry_cipher_modes mode)
{
log_assert (initialized);
@ -208,7 +210,15 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t
case CIPHER_ALGO_AES192:
case CIPHER_ALGO_AES256:
case CIPHER_ALGO_3DES:
return 1;
switch (module)
{
case GNUPG_MODULE_NAME_GPG:
return mode == GCRY_CIPHER_MODE_CFB;
case GNUPG_MODULE_NAME_GPGSM:
return mode == GCRY_CIPHER_MODE_CBC;
}
log_assert (!"reached");
default:
return 0;
}

3
common/compliance.h
View File

@ -45,7 +45,8 @@ int gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
gcry_mpi_t key[], unsigned int keylength,
const char *curvename);
int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
cipher_algo_t cipher);
cipher_algo_t cipher,
enum gcry_cipher_modes mode);
int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
digest_algo_t digest);
const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);

2
g10/mainproc.c
View File

@ -607,7 +607,7 @@ proc_encrypted (CTX c, PACKET *pkt)
/* Overriding session key voids compliance. */
&& opt.override_session_key == NULL
/* Check symmetric cipher. */
&& gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo))
&& gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo, GCRY_CIPHER_MODE_CFB))
{
struct kidlist_item *i;
int compliant = 1;

3
sm/decrypt.c
View File

@ -359,8 +359,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
}
/* For CMS, CO_DE_VS demands CBC mode. */
is_de_vs = (mode == GCRY_CIPHER_MODE_CBC
&& gnupg_cipher_is_compliant (CO_DE_VS, algo));
is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);
audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo);
dfparm.algo = algo;