[git] GnuPG - branch, master, updated. gnupg-2.2.5-107-gcbc7bac

by Werner Koch cvs at cvs.gnupg.org
Fri Feb 23 10:55:29 CET 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  cbc7bacf2ff95aebb427bb244c719143a9001f3c (commit)
      from  7853190cfe2953fdac066b4f3256edc206896144 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit cbc7bacf2ff95aebb427bb244c719143a9001f3c
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Feb 23 10:49:19 2018 +0100

    gpg: Try to mitigate the problem of wrong CFB symkey passphrases.
    
    * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
    --
    
    GnuPG-bug-id: 3795
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index f2a28df..1af89c5 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -315,6 +315,21 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
   else
     {
       gcry_cipher_decrypt (hd, seskey, slen, NULL, 0 );
+      /* Here we can only test whether the algo given in decrypted
+       * session key is a valid OpenPGP algo.  With 11 defined
+       * symmetric algorithms we will miss 4.3% of wrong passphrases
+       * here.  The actual checking is done later during bulk
+       * decryption; we can't bring this check forward easily.  We
+       * need to use the GPG_ERR_CHECKSUM so that we won't run into
+       * the gnupg < 2.2 bug compatible case which would terminate the
+       * process on GPG_ERR_CIPHER_ALGO.  Note that with AEAD (above)
+       * we will have a reliable test here.  */
+      if (openpgp_cipher_test_algo (seskey[0]))
+        {
+          err = gpg_error (GPG_ERR_CHECKSUM);
+          goto leave;
+        }
+
       /* Now we replace the dek components with the real session key to
        * decrypt the contents of the sequencing packet. */
       keylen = slen-1;

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list