[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.7-9-g825909e

Thu May 31 13:13:10 CEST 2018

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  825909e9cd5f344ece6c0b0ea3a9475df1d643de (commit)
      from  2f2b1d1da949e8fce28d3c4a934b4097d6f24295 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 825909e9cd5f344ece6c0b0ea3a9475df1d643de
Author: Werner Koch <wk at gnupg.org>
Date:   Thu May 31 12:59:40 2018 +0200

    gpg: Print a hint on how to decrypt a non-mdc message anyway.
    
    * g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
    MDC.  Also print a dedicated status error code
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 044d72c..e3be894 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -662,8 +662,25 @@ proc_encrypted (CTX c, PACKET *pkt)
        * avoid attacks changing an MDC message to a non-MDC message,
        * we fail here.  */
       log_error (_("WARNING: message was not integrity protected\n"));
-      if (opt.verbose > 1)
-        log_info ("decryption forced to fail\n");
+      if (!pkt->pkt.encrypted->mdc_method
+          && (openpgp_cipher_get_algo_blklen (c->dek->algo) == 8
+              || c->dek->algo == CIPHER_ALGO_TWOFISH))
+        {
+          /* Before 2.2.8 we did not fail hard for a missing MDC if
+           * one of the old ciphers where used.  Although these cases
+           * are rare in practice we print a hint on how to decrypt
+           * such messages.  */
+          log_string
+            (GPGRT_LOGLVL_INFO,
+             _("Hint: If this message was created before the year 2003 it is\n"
+               "likely that this message is legitimate.  This is because back\n"
+               "then integrity protection was not widely used.\n"));
+          log_info (_("Use the option '%s' to decrypt anyway.\n"),
+                     "--ignore-mdc-error");
+          write_status_errcode ("nomdc_with_legacy_cipher",
+                                GPG_ERR_DECRYPT_FAILED);
+        }
+      log_info (_("decryption forced to fail!\n"));
       write_status (STATUS_DECRYPTION_FAILED);
     }
   else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org


