[git] GnuPG - branch, master, updated. gnupg-2.2.7-135-g874e391

by Werner Koch cvs at cvs.gnupg.org
Thu May 31 13:11:51 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  874e391665405fc413a69f2ffacdb94bb08da7ff (commit)
      from  d3d41146b33040eb65eaaaffcfc7b4211e60bd95 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 874e391665405fc413a69f2ffacdb94bb08da7ff
Author: Werner Koch <wk at gnupg.org>
Date:   Thu May 31 12:59:40 2018 +0200

    gpg: Print a hint on how to decrypt a non-mdc message anyway.
    
    * g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
    MDC.  Also print a dedicated status error code
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 0303a52..cf22210 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -751,8 +751,25 @@ proc_encrypted (CTX c, PACKET *pkt)
        * used.  To avoid attacks changing an MDC message to a non-MDC
        * message, we fail here.  */
       log_error (_("WARNING: message was not integrity protected\n"));
-      if (opt.verbose > 1)
-        log_info ("decryption forced to fail\n");
+      if (!pkt->pkt.encrypted->mdc_method
+          && (openpgp_cipher_get_algo_blklen (c->dek->algo) == 8
+              || c->dek->algo == CIPHER_ALGO_TWOFISH))
+        {
+          /* Before 2.2.8 we did not fail hard for a missing MDC if
+           * one of the old ciphers where used.  Although these cases
+           * are rare in practice we print a hint on how to decrypt
+           * such messages.  */
+          log_string
+            (GPGRT_LOGLVL_INFO,
+             _("Hint: If this message was created before the year 2003 it is\n"
+               "likely that this message is legitimate.  This is because back\n"
+               "then integrity protection was not widely used.\n"));
+          log_info (_("Use the option '%s' to decrypt anyway.\n"),
+                     "--ignore-mdc-error");
+          write_status_errcode ("nomdc_with_legacy_cipher",
+                                GPG_ERR_DECRYPT_FAILED);
+        }
+      log_info (_("decryption forced to fail!\n"));
       write_status (STATUS_DECRYPTION_FAILED);
     }
   else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list