From b4599a0449ead7dc5c0d922aa78b6168e625e15e Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 6 Jul 2018 08:24:57 +0200 Subject: gpg: Allow decryption using several passphrases in may cases. * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm. (proc_symkey_enc): Clear passpharse on error from above function. -- This does not work reliable as stated in bug 3795 but we can try to fix ~95% of all cases. The real fix is to use AEAD which will come with 2.3 GnuPG-bug-id: 3795, 4050 Signed-off-by: Werner Koch --- g10/mainproc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/g10/mainproc.c b/g10/mainproc.c index 5fea86787..f4e3db6c7 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -271,6 +271,14 @@ symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen) gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 ); gcry_cipher_close ( hd ); + /* Here we can only test whether the algo given in decrypted + * session key is a valid OpenPGP algo. With 11 defined + * symmetric algorithms we will miss 4.3% of wrong passphrases + * here. The actual checking is done later during bulk + * decryption; we can't bring this check forward easily. */ + if (openpgp_cipher_test_algo (seskey[0])) + return gpg_error (GPG_ERR_BAD_KEY); + /* Now we replace the dek components with the real session key to decrypt the contents of the sequencing packet. */ @@ -353,6 +361,13 @@ proc_symkey_enc (CTX c, PACKET *pkt) if (symkey_decrypt_seskey (c->dek, enc->seskey, enc->seskeylen)) { + if (c->dek->s2k_cacheid[0]) + { + if (opt.debug) + log_debug ("cleared passphrase cached with ID:" + " %s\n", c->dek->s2k_cacheid); + passphrase_clear_cache (c->dek->s2k_cacheid); + } xfree (c->dek); c->dek = NULL; } -- cgit v1.2.3