gnupg (5 files)

Thu Feb 10 04:56:35 CET 2005

Date: Thursday, February 10, 2005 @ 05:06:30
  Author: dshaw
    Path: /cvs/gnupg/gnupg

Modified: g10/ChangeLog g10/encr-data.c g10/mainproc.c include/ChangeLog
          include/cipher.h

Disable the "quick check" bytes for PK decryptions.  This is in
regards to the Mister and Zuccherato attack on OpenPGP CFB mode.


-------------------+
 g10/ChangeLog     |    9 +++++++++
 g10/encr-data.c   |    8 +++++---
 g10/mainproc.c    |    6 ++++--
 include/ChangeLog |    4 ++++
 include/cipher.h  |   18 ++++++++++--------
 5 files changed, 32 insertions(+), 13 deletions(-)


Index: gnupg/g10/ChangeLog
diff -u gnupg/g10/ChangeLog:1.695 gnupg/g10/ChangeLog:1.696

--- gnupg/g10/ChangeLog:1.695	Sun Feb  6 18:38:43 2005
+++ gnupg/g10/ChangeLog	Thu Feb 10 05:06:30 2005
@@ -1,3 +1,12 @@
+2005-02-09  David Shaw  <dshaw at jabberwocky.com>
+
+	* encr-data.c (decrypt_data): Use it here to turn off the "quick
+	check" bytes for PK decryptions.  This is in regards to the Mister
+	and Zuccherato attack on OpenPGP CFB mode.
+
+	* mainproc.c (proc_symkey_enc): Set a flag to indicate that a
+	particular session key came from a passphrase and not a PK.
+
 2005-02-06  David Shaw  <dshaw at jabberwocky.com>
 
 	* trustdb.h, trustdb.c (trustdb_check_or_update): New.  If the
Index: gnupg/g10/encr-data.c
diff -u gnupg/g10/encr-data.c:1.30 gnupg/g10/encr-data.c:1.31
--- gnupg/g10/encr-data.c:1.30	Fri Oct  8 23:54:26 2004
+++ gnupg/g10/encr-data.c	Thu Feb 10 05:06:30 2005
@@ -1,5 +1,5 @@
 /* encr-data.c -  process an encrypted data packet
- * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -125,10 +125,12 @@
     cipher_sync( dfx.cipher_hd );
     p = temp;
 /* log_hexdump( "prefix", temp, nprefix+2 ); */
-    if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
+    if(dek->symmetric
+       && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) )
+      {
 	rc = G10ERR_BAD_KEY;
 	goto leave;
-    }
+      }
 
     if( dfx.mdc_hash )
 	md_write( dfx.mdc_hash, temp, nprefix+2 );
Index: gnupg/g10/mainproc.c
diff -u gnupg/g10/mainproc.c:1.162 gnupg/g10/mainproc.c:1.163
--- gnupg/g10/mainproc.c:1.162	Thu Feb  3 10:32:53 2005
+++ gnupg/g10/mainproc.c	Thu Feb 10 05:06:30 2005
@@ -1,6 +1,6 @@
 /* mainproc.c - handle packets
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
- *               2004 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -330,6 +330,8 @@
 
 	    if(c->dek)
 	      {
+		c->dek->symmetric=1;
+
 		/* FIXME: This doesn't work perfectly if a symmetric
 		   key comes before a public key in the message - if
 		   the user doesn't know the passphrase, then there is
Index: gnupg/include/ChangeLog
diff -u gnupg/include/ChangeLog:1.81 gnupg/include/ChangeLog:1.82
--- gnupg/include/ChangeLog:1.81	Thu Dec 16 06:16:08 2004
+++ gnupg/include/ChangeLog	Thu Feb 10 05:06:30 2005
@@ -1,3 +1,7 @@
+2005-02-09  David Shaw  <dshaw at jabberwocky.com>
+
+	* cipher.h: Add a flag for a symmetric DEK.
+
 2004-12-16  David Shaw  <dshaw at jabberwocky.com>
 
 	* memory.h: Return a flag to indicate whether we got the lock.
Index: gnupg/include/cipher.h
diff -u gnupg/include/cipher.h:1.63 gnupg/include/cipher.h:1.64
--- gnupg/include/cipher.h:1.63	Mon Nov 29 22:14:18 2004
+++ gnupg/include/cipher.h	Thu Feb 10 05:06:30 2005
@@ -1,6 +1,6 @@
 /* cipher.h
- * Copyright (C) 1998, 1999, 2000, 2001, 2003,
- *               2004 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004,
+ *               2005 Free Software Foundation, Inc.
  *
  * This file is part of GNUPG.
  *
@@ -70,12 +70,14 @@
 #define is_ELGAMAL(a) ((a)==PUBKEY_ALGO_ELGAMAL_E)
 #define is_DSA(a)     ((a)==PUBKEY_ALGO_DSA)
 
-typedef struct {
-    int algo;
-    int keylen;
-    int algo_info_printed;
-    int use_mdc;
-    byte key[32]; /* this is the largest used keylen (256 bit) */
+typedef struct
+{
+  int algo;
+  int keylen;
+  int algo_info_printed;
+  int use_mdc;
+  int symmetric;
+  byte key[32]; /* this is the largest used keylen (256 bit) */
 } DEK;
 
 struct cipher_handle_s;


