security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10
History
Werner Koch e542c4af18
gpg: Make symmetric + pubkey encryption de-vs compliant. 
* g10/mainproc.c (proc_encrypted): Make symmetric + pubkey encryption
de-vs compliant.

* g10/mainproc.c (struct symlist_item): New.
(struct mainproc_context): Add field symenc_list.
(release_list): Free that list.
(proc_symkey_enc): Record infos from symmetric session packet.
(proc_encrypted): Check symkey packet algos
--

The original check was too strong because it is in fact compliant to
encrypt with a symmetric key and and public key.  Thus decryption
should issue a compliance status.

In addition we now check that the cipher algorithms used to
symmetrically encrypt the session key are all compliant.  This is
similar to our check for all public key encrypted session key packets.

GnuPG-bug-id: 6119
Fixes-commit: b03fab09e1

Backported from 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
 		2022-08-02 18:41:23 +02:00
..
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
Makefile.am gpg: Remove more or less useless tool gpgcompose. 2021-02-02 13:06:33 +01:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c gpg: Allow --dearmor to decode all kinds of armor files. 2022-01-28 12:09:34 +01:00
build-packet.c gpg: Replace an assert by a log_fatal. 2022-04-14 13:56:10 +02:00
call-agent.c gpg: Print Yubikey version correctly. 2022-01-18 08:03:27 +01:00
call-agent.h gpg: Print Yubikey version correctly. 2022-01-18 08:03:27 +01:00
call-dirmngr.c gpg,sm: Simplify keyserver spec parsing. 2021-06-16 12:03:13 +02:00
call-dirmngr.h gpg: Lookup a missing public key of the current card via LDAP. 2021-04-16 20:21:23 +02:00
call-keyboxd.c keyboxd: Fix searching for exact mail addresses. 2021-04-21 14:40:08 +02:00
card-util.c gpg: Print Yubikey version correctly. 2022-01-18 08:03:27 +01:00
cipher-aead.c g10/cipher-aead: add fast path for avoid memcpy when AEAD encrypting 2022-03-08 20:00:31 +02:00
cipher-cfb.c gpg: Remove MDC options 2018-05-29 12:42:52 +02:00
compress-bz2.c gpg: fix --enarmor with zero length source file 2022-03-08 20:03:08 +02:00
compress.c gpg,tools: Remove use of repo only zlib-riscos.h. 2022-03-29 12:07:18 +09:00
cpr.c g10: Fix garbled status messages in NOTATION_DATA 2022-06-14 11:34:17 +02:00
dearmor.c g10/dearmor: use iobuf_copy 2022-03-02 21:12:28 +02:00
decrypt-data.c gpg: Print info about the used AEAD algorithm in the compliance msg. 2022-03-18 14:19:24 +01:00
decrypt.c Remove remaining support for WindowsCE 2022-06-03 10:08:21 +02:00
dek.h gpg: More check for symmetric key encryption. 2019-07-18 11:02:34 +09:00
delkey.c gpg: Fix the previous commit. 2020-11-11 09:13:13 +09:00
distsigkey.gpg Update release signing keys 2021-11-13 21:03:02 +01:00
ecdh.c gpg: Don't use malloc for kek_params. 2021-11-12 15:39:30 +09:00
encrypt.c gpg: New option --require-compliance. 2022-03-08 19:26:01 +01:00
exec.c Remove remaining support for WindowsCE 2022-06-03 10:08:21 +02:00
exec.h gpg: photoid: Move functions from exec.c. 2019-07-25 11:21:58 +09:00
expand-group.c gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
export.c gpg: Setup the 'usage' filter property for export. 2022-05-28 17:38:13 +02:00
filter.h gpg: Allow --dearmor to decode all kinds of armor files. 2022-01-28 12:09:34 +01:00
free-packet.c gpg: Skip the packet when not used for AEAD. 2021-09-28 14:49:21 +09:00
getkey.c gpg: Handle backsig for v5 signature. 2021-09-29 11:30:00 +09:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c agent: Do not consider --min-passphrase-len for the magic wand. 2022-06-27 18:06:40 +02:00
gpg.h gpg: Improve speed of secret key listing. 2021-05-19 02:42:35 +02:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c gpg: Allow decryption of symencr even for non-compliant cipher. 2022-03-18 11:14:54 +01:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Print a warning when importing a bad cv25519 secret key. 2021-09-14 13:00:40 +02:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-15 20:41:38 +01:00
key-check.c gpg: Fix debug output for key_check_all_keysigs with opaque MPI. 2020-11-02 11:32:27 +09:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c gpg: Sort the signatures in standard key listings. 2020-10-27 17:21:19 +01:00
key-clean.h headers: fix spelling 2018-10-25 16:53:05 -04:00
keydb-private.h gpg: Set the found-by flags in the keyblock in keyboxd mode. 2020-09-22 16:20:41 +02:00
keydb.c w32: Replace some fopen by es_fopen. 2020-11-11 15:23:22 +01:00
keydb.h gpg: Allow passing a keygrip as description to pinentry. 2021-12-20 19:34:34 +01:00
keyedit.c gpg: Look up user ID to revoke by UID hash 2022-04-26 11:48:47 +02:00
keyedit.h gpg: New command --quick-revoke-sig 2020-10-28 17:06:27 +01:00
keygen.c keygen: Fix reading AEAD preference 2022-06-14 15:37:15 +09:00
keyid.c gpg: Fix format_keyid. 2021-11-24 10:43:38 +09:00
keylist.c gpg: Fix printing of binary notations. 2021-10-22 15:42:09 +02:00
keyring.c gpg: Support KEYGRIP search with traditional keyring. 2021-06-03 13:32:25 +09:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg,sm: Simplify keyserver spec parsing. 2021-06-16 12:03:13 +02:00
keyserver.c gpg,build: Fix message for newer gettext. 2022-07-05 13:27:41 +09:00
main.h gpg: Print info about the used AEAD algorithm in the compliance msg. 2022-03-18 14:19:24 +01:00
mainproc.c gpg: Make symmetric + pubkey encryption de-vs compliant. 2022-08-02 18:41:23 +02:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Replace most of the remaining stdio calls by estream calls. 2020-10-20 12:15:56 +02:00
misc.c gpg: Print info about the used AEAD algorithm in the compliance msg. 2022-03-18 14:19:24 +01:00
objcache.c Spelling cleanup. 2020-02-18 18:07:46 -05:00
objcache.h gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
openfile.c gpg: Partial fix for Unicode problem in output files. 2021-05-25 13:39:59 +02:00
options.h gpg: New option --require-compliance. 2022-03-08 19:26:01 +01:00
packet.h gpg: Allow decryption of symencr even for non-compliant cipher. 2022-03-18 11:14:54 +01:00
parse-packet.c gpg: Avoid NULL ptr access due to corrupted packets. 2022-04-25 15:21:05 +02:00
passphrase.c gpg: Allow passing a keygrip as description to pinentry. 2021-12-20 19:34:34 +01:00
photoid.c gpg: Keep temp files when opening images via xdg-open 2021-03-01 09:43:26 +01:00
photoid.h gpg: A little clean up. 2019-07-23 12:04:21 +09:00
pkclist.c gpg: For de-vs use SHA-256 instead of SHA-1 as implicit preference. 2022-07-28 10:41:02 +02:00
pkglue.c gpg: Emit compatible Ed25519 signature. 2021-12-10 15:43:28 +09:00
pkglue.h gpg: Emit compatible Ed25519 signature. 2021-12-10 15:43:28 +09:00
plaintext.c g10/plaintext: disable estream buffering in binary mode 2022-03-08 20:00:31 +02:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Support ECDH with v5 key. 2021-03-24 14:51:42 +09:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c g10: Fix memory leaks 2021-05-20 13:38:39 +02:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c gpg,ecc: Handle external representation as SOS with opaque MPI. 2020-06-09 10:32:47 +09:00
sig-check.c gpg: New option --override-compliance-check 2021-10-13 17:25:28 +02:00
sign.c gpg: Always use version >= 4 to generate signature. 2022-03-19 13:38:37 +09:00
skclist.c gpg: Allow decryption w/o public key but with correct card inserted. 2021-04-23 08:50:39 +02:00
t-keydb-get-keyblock.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c gpg: Remove stale ultimately trusted keys from the trustdb. 2021-11-13 20:34:06 +01:00
tdbio.c Remove remaining support for WindowsCE 2022-06-03 10:08:21 +02:00
tdbio.h gpg: Remove stale ultimately trusted keys from the trustdb. 2021-11-13 20:34:06 +01:00
test-stubs.c gpg: Allow decryption of symencr even for non-compliant cipher. 2022-03-18 11:14:54 +01:00
test.c build: Always use EXTERN_UNLESS_MAIN_MODULE pattern. 2020-02-10 16:50:47 +01:00
textfilter.c gpg: Initialize a parameter to silence valgrind. 2020-09-04 11:32:47 +02:00
tofu.c g10: Fix memory leaks 2021-05-20 13:38:39 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Fix adding the list of ultimate trusted keys. 2022-01-12 13:34:31 +09:00
trustdb.c gpg: Fix adding the list of ultimate trusted keys. 2022-01-12 13:34:31 +09:00
trustdb.h gpg: Fix adding the list of ultimate trusted keys. 2022-01-12 13:34:31 +09:00
verify.c gpg: Make really sure that --verify-files always returns an error. 2020-02-10 15:32:55 +01:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00