[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.7-8-g2f2b1d1
by Werner Koch
cvs at cvs.gnupg.org
Thu May 31 12:20:15 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-2 has been updated
via 2f2b1d1da949e8fce28d3c4a934b4097d6f24295 (commit)
via 866667765f38bf65b612191209d0f0a87fb16393 (commit)
via 3db1b48a2da42942cb5a57281441167901bdcdc8 (commit)
via 26c0d3a3fc903c1a0de644ebcc99d3e665a80941 (commit)
from 64597e1bd9ff54b8cd38e311628ad6f2fb1d0488 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2f2b1d1da949e8fce28d3c4a934b4097d6f24295
Author: Werner Koch <wk at gnupg.org>
Date: Wed May 30 21:45:37 2018 +0200
gpg: Detect multiple literal plaintext packets more reliable.
* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
--
GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 97183b5c0fae05fcda942caa7df14ee6a133d846)
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 5cf1515..044d72c 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -105,16 +105,22 @@ struct mainproc_context
};
+/* Counter with the number of literal data packets seen. Note that
+ * this is also bumped at the end of an encryption. This counter is
+ * used for a basic consistency check of a received PGP message. */
+static int literals_seen;
+
+
/*** Local prototypes. ***/
static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
static void list_node (CTX c, kbnode_t node);
static void proc_tree (CTX c, kbnode_t node);
-static int literals_seen;
/*** Functions. ***/
-
+/* Reset the literal data counter. This is required to setup a new
+ * decryption or verification context. */
void
reset_literals_seen(void)
{
@@ -701,6 +707,12 @@ proc_encrypted (CTX c, PACKET *pkt)
free_packet (pkt, NULL);
c->last_was_session_key = 0;
write_status (STATUS_END_DECRYPTION);
+
+ /* Bump the counter even if we have not seen a literal data packet
+ * inside an encryption container. This acts as a sentinel in case
+ * a misplace extra literal data packets follows after this
+ * encrypted packet. */
+ literals_seen++;
}
@@ -711,6 +723,7 @@ proc_plaintext( CTX c, PACKET *pkt )
int any, clearsig, rc;
kbnode_t n;
+ /* This is a literal data packet. Bumb a counter for later checks. */
literals_seen++;
if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
commit 866667765f38bf65b612191209d0f0a87fb16393
Author: Werner Koch <wk at gnupg.org>
Date: Tue May 29 12:42:44 2018 +0200
gpg: Remove MDC options
* g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
* g10/cipher.c (write_header): Include extra hint and make
translatable.
* g10/options.h (struct opt): Remove fields force_mdc and disable_mdc.
--
The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.
This is a stripped down version of commit
253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be
applied due to the AEAD mechanisms there.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 49a708a..260b9f3 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2580,17 +2580,13 @@ is the default.
These options are obsolete and have no effect since GnuPG 2.1.
@item --force-mdc
+ at itemx --disable-mdc
@opindex force-mdc
-Force the use of encryption with a modification detection code. This
-is always used with the newer ciphers (those with a blocksize greater
-than 64 bits), or if all of the recipient keys indicate MDC support in
-their feature flags.
-
- at item --disable-mdc
@opindex disable-mdc
-Disable the use of the modification detection code. Note that by
-using this option, the encrypted message becomes vulnerable to a
-message modification attack.
+These options are obsolete and have no effect since GnuPG 2.2.8. The
+MDC is always used. But note: If the creation of a legacy non-MDC
+message is exceptionally required, the option @option{--rfc2440}
+allows for this.
@item --disable-signer-uid
@opindex disable-signer-uid
@@ -2710,7 +2706,10 @@ keys or data may not be usable with future GnuPG versions.
@item --rfc2440
@opindex rfc2440
Reset all packet, cipher and digest options to strict RFC-2440
-behavior.
+behavior. Note that by using this option encryption packets are
+created in a legacy mode without MDC protection. This is dangerous
+and should thus only be used for experiments. See also option
+ at option{--ignore-mdc-error}.
@item --pgp6
@opindex pgp6
@@ -2721,7 +2720,7 @@ compression algorithms none and ZIP. This also disables
@option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys.
-This option implies @option{--disable-mdc --escape-from-lines}.
+This option implies @option{--escape-from-lines}.
@item --pgp7
@opindex pgp7
@@ -3186,7 +3185,7 @@ It is required to decrypt old messages which did not use an MDC. It
may also be useful if a message is partially garbled, but it is
necessary to get as much data as possible out of that garbled message.
Be aware that a missing or failed MDC can be an indication of an
-attack. Use with caution.
+attack. Use with great caution; see also option @option{--rfc2440}.
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos
diff --git a/g10/cipher.c b/g10/cipher.c
index 2dc77bf..f10ce48 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -33,6 +33,7 @@
#include "packet.h"
#include "options.h"
#include "main.h"
+#include "../common/i18n.h"
#include "../common/status.h"
@@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
}
else
{
- log_info ("WARNING: "
- "encrypting without integrity protection is dangerous\n");
+ log_info (_("WARNING: "
+ "encrypting without integrity protection is dangerous\n"));
+ log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
}
write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c68d6d5..543f1a7 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -109,57 +109,20 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
}
-/* We try very hard to use a MDC */
+/* Shall we use the MDC? Yes - unless rfc-2440 compatibility is
+ * requested. */
int
use_mdc (pk_list_t pk_list,int algo)
{
- /* RFC-2440 don't has MDC */
- if (RFC2440)
- return 0;
+ (void)pk_list;
+ (void)algo;
- /* --force-mdc overrides --disable-mdc */
- if(opt.force_mdc)
- return 1;
-
- if(opt.disable_mdc)
+ /* RFC-2440 don't has MDC - this is the only way to create a legacy
+ * non-MDC encryption packet. */
+ if (RFC2440)
return 0;
- /* Do the keys really support MDC? */
-
- if(select_mdc_from_pklist(pk_list))
- return 1;
-
- /* The keys don't support MDC, so now we do a bit of a hack - if any
- of the AESes or TWOFISH are in the prefs, we assume that the user
- can handle a MDC. This is valid for PGP 7, which can handle MDCs
- though it will not generate them. 2440bis allows this, by the
- way. */
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES)
- return 1;
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192)
- return 1;
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256)
- return 1;
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH)
- return 1;
-
- /* Last try. Use MDC for the modern ciphers. */
-
- if (openpgp_cipher_get_algo_blklen (algo) != 8)
- return 1;
-
- if (opt.verbose)
- warn_missing_mdc_from_pklist (pk_list);
-
- return 0; /* No MDC */
+ return 1; /* In all other cases we use the MDC */
}
diff --git a/g10/gpg.c b/g10/gpg.c
index aeb62aa..2c181c2 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -297,10 +297,6 @@ enum cmd_and_opt_values
oShowPhotos,
oNoShowPhotos,
oPhotoViewer,
- oForceMDC,
- oNoForceMDC,
- oDisableMDC,
- oNoDisableMDC,
oS2KMode,
oS2KDigest,
oS2KCipher,
@@ -598,11 +594,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oQuiet, "quiet", "@"),
ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
- ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
- ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
- ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
- ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
-
ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
@@ -910,6 +901,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
+ ARGPARSE_s_n (oNoop, "force-mdc", "@"),
+ ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
+ ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
+ ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
+
ARGPARSE_end ()
};
@@ -2158,7 +2154,6 @@ set_compliance_option (enum cmd_and_opt_values option)
case oDE_VS:
set_compliance_option (oOpenPGP);
opt.compliance = CO_DE_VS;
- opt.force_mdc = 1;
/* Fixme: Change other options. */
break;
@@ -2959,11 +2954,6 @@ main (int argc, char **argv)
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
- case oForceMDC: opt.force_mdc = 1; break;
- case oNoForceMDC: opt.force_mdc = 0; break;
- case oDisableMDC: opt.disable_mdc = 1; break;
- case oNoDisableMDC: opt.disable_mdc = 0; break;
-
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
@@ -3734,7 +3724,6 @@ main (int argc, char **argv)
{
/* That does not anymore work because we have no more support
for v3 signatures. */
- opt.disable_mdc=1;
opt.escape_from=1;
opt.ask_sig_expire=0;
}
diff --git a/g10/options.h b/g10/options.h
index 177ba95..6c67265 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -91,8 +91,6 @@ struct
int no_armor;
int list_packets; /* Option --list-packets active. */
int def_cipher_algo;
- int force_mdc;
- int disable_mdc;
int def_digest_algo;
int cert_digest_algo;
int compress_algo;
commit 3db1b48a2da42942cb5a57281441167901bdcdc8
Author: Werner Koch <wk at gnupg.org>
Date: Tue May 15 12:33:03 2018 +0200
gpg: Hard fail on a missing MDC even for legacy algorithms.
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f)
Resolved Conflicts:
g10/mainproc.c - Remove AEAD stuff.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 956ea4d..49a708a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3182,10 +3182,11 @@ to ignore CRC errors.
@item --ignore-mdc-error
@opindex ignore-mdc-error
This option changes a MDC integrity protection failure into a warning.
-This can be useful if a message is partially corrupt, but it is
-necessary to get as much data as possible out of the corrupt message.
-However, be aware that a MDC protection failure may also mean that the
-message was tampered with intentionally by an attacker.
+It is required to decrypt old messages which did not use an MDC. It
+may also be useful if a message is partially garbled, but it is
+necessary to get as much data as possible out of that garbled message.
+Be aware that a missing or failed MDC can be an indication of an
+attack. Use with caution.
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos
diff --git a/g10/mainproc.c b/g10/mainproc.c
index fc5b9e5..5cf1515 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -649,15 +649,12 @@ proc_encrypted (CTX c, PACKET *pkt)
;
else if (!result
&& !opt.ignore_mdc_error
- && !pkt->pkt.encrypted->mdc_method
- && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
- && c->dek->algo != CIPHER_ALGO_TWOFISH)
+ && !pkt->pkt.encrypted->mdc_method)
{
- /* The message has been decrypted but has no MDC despite that a
- modern cipher (blocklength != 64 bit, except for Twofish) is
- used and the option to ignore MDC errors is not used: To
- avoid attacks changing an MDC message to a non-MDC message,
- we fail here. */
+ /* The message has been decrypted but does not carry an MDC.
+ * The option --ignore-mdc-error has also not been used. To
+ * avoid attacks changing an MDC message to a non-MDC message,
+ * we fail here. */
log_error (_("WARNING: message was not integrity protected\n"));
if (opt.verbose > 1)
log_info ("decryption forced to fail\n");
diff --git a/tests/openpgp/defs.scm b/tests/openpgp/defs.scm
index 9537652..7e41d19 100644
--- a/tests/openpgp/defs.scm
+++ b/tests/openpgp/defs.scm
@@ -341,6 +341,7 @@
"no-auto-key-retrieve"
"no-auto-key-locate"
"allow-weak-digest-algos"
+ "ignore-mdc-error"
(if have-opt-always-trust
"no-auto-check-trustdb" "#no-auto-check-trustdb")
(string-append "agent-program "
commit 26c0d3a3fc903c1a0de644ebcc99d3e665a80941
Author: Werner Koch <wk at gnupg.org>
Date: Tue May 15 12:19:40 2018 +0200
gpg: Turn --no-mdc-warn into a NOP.
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--
Users should not be allowed to suppress the warning that they are
shooting into their foot.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 805a01f..956ea4d 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2041,10 +2041,6 @@ place an unsafe gpg.conf file in place, and use this file to suppress
warnings about itself. The @option{--homedir} permissions warning may only be
suppressed on the command line.
- at item --no-mdc-warning
- at opindex no-mdc-warning
-Suppress the warning about missing MDC integrity protection.
-
@item --require-secmem
@itemx --no-require-secmem
@opindex require-secmem
diff --git a/g10/cipher.c b/g10/cipher.c
index b950d0c..2dc77bf 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -64,7 +64,7 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
if (DBG_HASHING)
gcry_md_debug (cfx->mdc_hash, "creatmdc");
}
- else if (!opt.no_mdc_warn)
+ else
{
log_info ("WARNING: "
"encrypting without integrity protection is dangerous\n");
diff --git a/g10/gpg.c b/g10/gpg.c
index aaeddee..aeb62aa 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -264,7 +264,6 @@ enum cmd_and_opt_values
oRequireSecmem,
oNoRequireSecmem,
oNoPermissionWarn,
- oNoMDCWarn,
oNoArmor,
oNoDefKeyring,
oNoKeyring,
@@ -727,7 +726,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
- ARGPARSE_s_n (oNoMDCWarn, "no-mdc-warning", "@"),
ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
@@ -911,6 +909,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
+ ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
ARGPARSE_end ()
};
@@ -3156,7 +3155,6 @@ main (int argc, char **argv)
case oRequireSecmem: require_secmem=1; break;
case oNoRequireSecmem: require_secmem=0; break;
case oNoPermissionWarn: opt.no_perm_warn=1; break;
- case oNoMDCWarn: opt.no_mdc_warn=1; break;
case oDisplayCharset:
if( set_native_charset( pargs.r.ret_str ) )
log_error(_("'%s' is not a valid character set\n"),
diff --git a/g10/mainproc.c b/g10/mainproc.c
index c7deeab..fc5b9e5 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -671,7 +671,7 @@ proc_encrypted (CTX c, PACKET *pkt)
log_info(_("decryption okay\n"));
if (pkt->pkt.encrypted->mdc_method && !result)
write_status (STATUS_GOODMDC);
- else if (!opt.no_mdc_warn)
+ else
log_info (_("WARNING: message was not integrity protected\n"));
}
else if (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE)
diff --git a/g10/options.h b/g10/options.h
index 96b76f8..177ba95 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -180,7 +180,6 @@ struct
prefitem_t *personal_compress_prefs;
struct weakhash *weak_digests;
int no_perm_warn;
- int no_mdc_warn;
char *temp_dir;
int no_encrypt_to;
int encrypt_to_default_key;
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 34 ++++++++++++++------------------
g10/cipher.c | 8 +++++---
g10/encrypt.c | 53 ++++++++------------------------------------------
g10/gpg.c | 25 ++++++------------------
g10/mainproc.c | 32 +++++++++++++++++++-----------
g10/options.h | 3 ---
tests/openpgp/defs.scm | 1 +
7 files changed, 56 insertions(+), 100 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list