[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.8-24-gb4599a0

by Werner Koch cvs at cvs.gnupg.org
Fri Jul 6 08:37:34 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  b4599a0449ead7dc5c0d922aa78b6168e625e15e (commit)
      from  833738a316977ee774399bd658d535216dff22e9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b4599a0449ead7dc5c0d922aa78b6168e625e15e
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Jul 6 08:24:57 2018 +0200

    gpg: Allow decryption using several passphrases in may cases.
    
    * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
    (proc_symkey_enc): Clear passpharse on error from above function.
    --
    
    This does not work reliable as stated in bug 3795 but we can try to
    fix ~95% of all cases.  The real fix is to use AEAD which will come
    with 2.3
    
    GnuPG-bug-id: 3795, 4050
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 5fea867..f4e3db6 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -271,6 +271,14 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
   gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
   gcry_cipher_close ( hd );
 
+  /* Here we can only test whether the algo given in decrypted
+   * session key is a valid OpenPGP algo.  With 11 defined
+   * symmetric algorithms we will miss 4.3% of wrong passphrases
+   * here.  The actual checking is done later during bulk
+   * decryption; we can't bring this check forward easily.  */
+  if (openpgp_cipher_test_algo (seskey[0]))
+    return gpg_error (GPG_ERR_BAD_KEY);
+
   /* Now we replace the dek components with the real session key to
      decrypt the contents of the sequencing packet. */
 
@@ -353,6 +361,13 @@ proc_symkey_enc (CTX c, PACKET *pkt)
                   if (symkey_decrypt_seskey (c->dek,
                                              enc->seskey, enc->seskeylen))
                     {
+                      if (c->dek->s2k_cacheid[0])
+                        {
+                          if (opt.debug)
+                            log_debug ("cleared passphrase cached with ID:"
+                                       " %s\n", c->dek->s2k_cacheid);
+                          passphrase_clear_cache (c->dek->s2k_cacheid);
+                        }
                       xfree (c->dek);
                       c->dek = NULL;
                     }

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list