[PATCH 1/8] g10/decrypt-data: use fill_buffer in more places
Jussi Kivilinna
jussi.kivilinna at iki.fi
Wed Nov 7 18:38:44 CET 2018
Hello,
On 29.10.2018 15.45, Werner Koch wrote:
> Hi!
>
> All patches look fine to me. After applying we should however run
> extensive tests against another implementation to see whether we have
> any breakage. With the current code this has been with the help of
> the www.rnpgp.com folks.
Should I push this patch set to new branch in gnupg repo?
I've also looked at disabling extra hash contexts when decrypting
non-signed files. Could those contexts be disabled when any AEAD or
MDC encrypted packet is seen? Such patch would look something this:
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 5b7bc9555..4309b52ac 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -91,6 +91,8 @@ struct mainproc_context
has been seen. */
unsigned int data:1; /* Any data packet seen */
unsigned int uncompress_failed:1;
+ unsigned int seen_encrypted_mdc:1; /* Any PKT_ENCRYPTED_MDC packet seen */
+ unsigned int seen_encrypted_aead:1; /* Any PKT_ENCRYPTED_AEAD packet seen */
} any;
};
@@ -536,6 +538,9 @@ proc_encrypted (CTX c, PACKET *pkt)
int result = 0;
int early_plaintext = literals_seen;
+ c->any.seen_encrypted_mdc |= (pkt->pkttype == PKT_ENCRYPTED_MDC);
+ c->any.seen_encrypted_aead |= (pkt->pkttype == PKT_ENCRYPTED_AEAD);
+
if (early_plaintext)
{
log_info (_("WARNING: multiple plaintexts seen\n"));
@@ -874,7 +878,8 @@ proc_plaintext( CTX c, PACKET *pkt )
}
}
- if (!any && !opt.skip_verify)
+ if (!any && !opt.skip_verify && !c->any.seen_encrypted_mdc &&
+ !c->any.seen_encrypted_aead)
{
/* This is for the old GPG LITERAL+SIG case. It's not legal
according to 2440, so hopefully it won't come up that often.
-Jussi
More information about the Gnupg-devel
mailing list