BUG() in symmetric decryption mode

Tavis Ormandy taviso at gmail.com
Wed Jan 27 06:05:15 CET 2021

Hello, I happened to notice this hit's a BUG() in 2.2.27, it's no big
deal just a bad algorithm not handled gracefully:

$ printf "\x8c\x49\x05\x0e\x0a\x03\x01" | gpg --decrypt --pinentry-mode loopback --passphrase secret
gpg: encrypted with unknown algorithm 14
gpg: Ohhhh jeeee: ... this is a bug (passphrase.c:433:passphrase_to_dek)

(It works.. uh, fails gracefully, in 2.2.19)

Thanks, Tavis.

 _o)            $ lynx lock.cmpxchg8b.com
 /\\  _o)  _o)  $ finger taviso at sdf.org
_\_V _( ) _( )  @taviso

More information about the Gnupg-devel mailing list