gpgme, symmetrically signed and MDC

Werner Koch wk at gnupg.org
Mon Oct 12 09:37:08 CEST 2015


On Sat, 10 Oct 2015 01:25, bjk at luxsci.net said:

> The recent commit to gnupg (commit 625e292) breaks decrypting
> symmetrically signed data when using gpgme. Adding "force-mdc" to

Good catch.  I just pushed the fix below. 

Should we backport those MDC changes to 2.0?


Salam-Shalom,

   Werner


>From 4584125802be11833a5b289e864b45eedc2b45fd Mon Sep 17 00:00:00 2001
From: Werner Koch <wk at gnupg.org>
Date: Mon, 12 Oct 2015 09:31:44 +0200
Subject: [PATCH] gpg: Try hard to use MDC also for sign+symenc.

* g10/encrypt.c (use_mdc): Make it a global func.
* g10/sign.c (sign_symencrypt_file): Use that function to decide
whether to use an MDC.
* tests/openpgp/conventional-mdc.test: Add a simple test case.
--

We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc.
That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all
uses of modern ciphers are using MDC.

Reported-by: Ben Kibbey <bjk at luxsci.net>
Signed-off-by: Werner Koch <wk at gnupg.org>
---
 g10/encrypt.c                       |  4 ++--
 g10/main.h                          |  1 +
 g10/sign.c                          | 13 ++++++-------
 tests/openpgp/conventional-mdc.test | 11 ++++++++++-
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/g10/encrypt.c b/g10/encrypt.c
index e2e1c05..8bdbe8c 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -101,8 +101,8 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
 
 
 /* We try very hard to use a MDC */
-static int
-use_mdc(PK_LIST pk_list,int algo)
+int
+use_mdc (pk_list_t pk_list,int algo)
 {
   /* RFC-2440 don't has MDC */
   if (RFC2440)
diff --git a/g10/main.h b/g10/main.h
index 0bace61..c9521ad 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -211,6 +211,7 @@ void display_online_help( const char *keyword );
 
 /*-- encode.c --*/
 int setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek);
+int use_mdc (pk_list_t pk_list,int algo);
 int encrypt_symmetric (const char *filename );
 int encrypt_store (const char *filename );
 int encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
diff --git a/g10/sign.c b/g10/sign.c
index 782b9fc..fadf4cc 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1261,12 +1261,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
         goto leave;
     }
 
-    /* We have no way to tell if the recipient can handle messages
-       with an MDC, so this defaults to no.  Perhaps in a few years,
-       this can be defaulted to yes.  Note that like regular
-       encrypting, --force-mdc overrides --disable-mdc. */
-    if(opt.force_mdc)
-      cfx.dek->use_mdc=1;
+    cfx.dek->use_mdc = use_mdc (NULL, cfx.dek->algo);
 
     /* now create the outfile */
     rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
@@ -1309,7 +1304,11 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
 
     /* Push the compress filter */
     if (default_compress_algo())
-      push_compress_filter(out,&zfx,default_compress_algo());
+      {
+        if (cfx.dek && cfx.dek->use_mdc)
+          zfx.new_ctb = 1;
+        push_compress_filter (out, &zfx,default_compress_algo() );
+      }
 
     /* Write the one-pass signature packets */
     /*(current filters: zip - encrypt - armor)*/
diff --git a/tests/openpgp/conventional-mdc.test b/tests/openpgp/conventional-mdc.test
index 744e11e..031fc0e 100755
--- a/tests/openpgp/conventional-mdc.test
+++ b/tests/openpgp/conventional-mdc.test
@@ -31,5 +31,14 @@ for ciph in `all_cipher_algos`; do
     cmp z y || error "$ciph/$i: mismatch"
   done
 done
-
 progress_end
+
+#info Checking sign+symencrypt
+for i in $plain_files $data_files; do
+    echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k -cs -o x --yes $i
+    echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k     -o y --yes x
+    cmp $i y || error "$i: mismatch in sign+symenc"
+done
+
+
+# eof
-- 
2.1.4


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list