[git] GnuPG - branch, master, updated. gnupg-2.2.7-127-gd143190
by Werner Koch
cvs at cvs.gnupg.org
Tue May 15 12:47:09 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via d1431901f0143cdc7af8d1a23387e0c6b5bb613f (commit)
from 96350c5d5afcbc7f66c535e38b9fcc7355622855 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f
Author: Werner Koch <wk at gnupg.org>
Date: Tue May 15 12:33:03 2018 +0200
gpg: Hard fail on a missing MDC even for legacy algorithms.
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 7b142cc..544ed18 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3230,10 +3230,11 @@ to ignore CRC errors.
@item --ignore-mdc-error
@opindex ignore-mdc-error
This option changes a MDC integrity protection failure into a warning.
-This can be useful if a message is partially corrupt, but it is
-necessary to get as much data as possible out of the corrupt message.
-However, be aware that a MDC protection failure may also mean that the
-message was tampered with intentionally by an attacker.
+It is required to decrypt old messages which did not use an MDC. It
+may also be useful if a message is partially garbled, but it is
+necessary to get as much data as possible out of that garbled message.
+Be aware that a missing or failed MDC can be an indication of an
+attack. Use with caution.
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos
diff --git a/g10/mainproc.c b/g10/mainproc.c
index ea3721a..a991203 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -738,15 +738,12 @@ proc_encrypted (CTX c, PACKET *pkt)
else if (!result
&& !opt.ignore_mdc_error
&& !pkt->pkt.encrypted->mdc_method
- && !pkt->pkt.encrypted->aead_algo
- && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
- && c->dek->algo != CIPHER_ALGO_TWOFISH)
- {
- /* The message has been decrypted but has no MDC despite that a
- modern cipher (blocklength != 64 bit, except for Twofish) is
- used and the option to ignore MDC errors is not used: To
- avoid attacks changing an MDC message to a non-MDC message,
- we fail here. */
+ && !pkt->pkt.encrypted->aead_algo)
+ {
+ /* The message has been decrypted but does not carry an MDC or
+ * uses AEAD encryption. --ignore-mdc-error has also not been
+ * used. To avoid attacks changing an MDC message to a non-MDC
+ * message, we fail here. */
log_error (_("WARNING: message was not integrity protected\n"));
if (opt.verbose > 1)
log_info ("decryption forced to fail\n");
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index afd69a0..186efe0 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -341,6 +341,7 @@
"no-auto-key-retrieve"
"no-auto-key-locate"
"allow-weak-digest-algos"
+ "ignore-mdc-error"
(if have-opt-always-trust
"no-auto-check-trustdb" "#no-auto-check-trustdb")
(string-append "agent-program "
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 9 +++++----
g10/mainproc.c | 15 ++++++---------
tests/openpgp/defs.scm | 1 +
3 files changed, 12 insertions(+), 13 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list