security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-17 14:07:03 +01:00
Code Activity

common: Add cipher mode to compliance predicate.

Browse Source 
* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2017-06-07 16:09:07 +02:00
parent 21fc2508c9
commit e051e39615
No known key found for this signature in database
GPG Key ID: DD1A52F9DA8C9020
4 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
common/compliance.c
View File

@ -193,9 +193,11 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
} }
/* Return true if CIPHER is compliant to the given COMPLIANCE mode. */ /* Return true if (CIPHER, MODE) is compliant to the given COMPLIANCE mode. */
int int
gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t cipher) gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
cipher_algo_t cipher,
enum gcry_cipher_modes mode)
{ {
log_assert (initialized); log_assert (initialized);
@ -208,7 +210,15 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t
case CIPHER_ALGO_AES192: case CIPHER_ALGO_AES192:
case CIPHER_ALGO_AES256: case CIPHER_ALGO_AES256:
case CIPHER_ALGO_3DES: case CIPHER_ALGO_3DES:
return 1; switch (module)
{
case GNUPG_MODULE_NAME_GPG:
return mode == GCRY_CIPHER_MODE_CFB;
case GNUPG_MODULE_NAME_GPGSM:
return mode == GCRY_CIPHER_MODE_CBC;
}
log_assert (!"reached");
default: default:
return 0; return 0;
} }

3
common/compliance.h
View File

@ -45,7 +45,8 @@ int gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
gcry_mpi_t key[], unsigned int keylength, gcry_mpi_t key[], unsigned int keylength,
const char *curvename); const char *curvename);
int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
cipher_algo_t cipher); cipher_algo_t cipher,
enum gcry_cipher_modes mode);
int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance, int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
digest_algo_t digest); digest_algo_t digest);
const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance); const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);

2
g10/mainproc.c
View File

@ -607,7 +607,7 @@ proc_encrypted (CTX c, PACKET *pkt)
/* Overriding session key voids compliance. */ /* Overriding session key voids compliance. */
&& opt.override_session_key == NULL && opt.override_session_key == NULL
/* Check symmetric cipher. */ /* Check symmetric cipher. */
&& gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo)) && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo, GCRY_CIPHER_MODE_CFB))
{ {
struct kidlist_item *i; struct kidlist_item *i;
int compliant = 1; int compliant = 1;

3
sm/decrypt.c
View File

@ -359,8 +359,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
} }
/* For CMS, CO_DE_VS demands CBC mode. */ /* For CMS, CO_DE_VS demands CBC mode. */
is_de_vs = (mode == GCRY_CIPHER_MODE_CBC is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);
&& gnupg_cipher_is_compliant (CO_DE_VS, algo));
audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo); audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo);
dfparm.algo = algo; dfparm.algo = algo;