aboutsummaryrefslogtreecommitdiffstats
path: root/lang/cpp/src/data.cpp
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2018-05-17 07:14:40 +0000
committerWerner Koch <[email protected]>2018-05-17 07:16:05 +0000
commit8a0c8c52510d9c2d934f85159f04b666286b1786 (patch)
tree6ed642a0363706399ffdef6eef5405ac7a50d7f7 /lang/cpp/src/data.cpp
parentjson: Improve auto-base64 encoding to not split UTF-8 chars. (diff)
downloadgpgme-8a0c8c52510d9c2d934f85159f04b666286b1786.tar.gz
gpgme-8a0c8c52510d9c2d934f85159f04b666286b1786.zip
core: Always fail if an OpenPG message is not integrity protected.
* src/decrypt.c (struct op_data_t): Add field not_integrity_protected. (parse_decryption_info): Set this. Also rename mode to aead_algo for clarity. (_gpgme_decrypt_status_handler): Force failure in case of a missing MDC. -- This extra check makes sure that a missing or stripped MDC in - gpg < 2.1 - or gpg 2.2 with an old cipher algorithm will lead to a decryption failure. gpg 2.3 will always fail in this case. Implementing this check here and not backporting the 2.3 change to 2.2 has the benefit that all GPGME using applications are protected but scripts relying on rfc2440 (i.e. without MDC) will only break when migrating to 2.3. Note that S/MIME has no integrity protection mechanism but gpgsm neither emits a DECRYPTION_INFO status line, so an error will not be triggered. If in the future gpgsm supports authenticated encryption it may issue a DECRYPTION_INFO line to force a failure here but it will in that case also emit a DECRYPTION_FAILED anyway. GnuPG-bug-id: 3981 Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions