diff options
| author | Werner Koch <[email protected]> | 2017-12-13 12:02:34 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-12-13 12:02:34 +0000 |
| commit | 416cf9e9be5d2daf0ef629208031989699b3653f (patch) | |
| tree | cf0dab23d018a81924a3a97547ae456e0d790cb4 | |
| parent | gpg: Simplify cipher:write_header. (diff) | |
| download | gnupg-416cf9e9be5d2daf0ef629208031989699b3653f.tar.gz gnupg-416cf9e9be5d2daf0ef629208031989699b3653f.zip | |
gpg: Print a warning for too much data encrypted with 3DES et al.
* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'. Turn field 'header' into a bit field. Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--
Note that to test this warning in a reliable way compression needs to
be disabled.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | g10/cipher.c | 26 | ||||
| -rw-r--r-- | g10/filter.h | 5 |
2 files changed, 26 insertions, 5 deletions
diff --git a/g10/cipher.c b/g10/cipher.c index 409d0adef..b950d0c3f 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -64,6 +64,11 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) if (DBG_HASHING) gcry_md_debug (cfx->mdc_hash, "creatmdc"); } + else if (!opt.no_mdc_warn) + { + log_info ("WARNING: " + "encrypting without integrity protection is dangerous\n"); + } write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d", ed.mdc_method, cfx->dek->algo); @@ -91,7 +96,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) BUG(); } - /* log_hexdump ("thekey", cfx->dek->key, cfx->dek->keylen); */ gcry_cipher_setkey (cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen); gcry_cipher_setiv (cfx->cipher_hd, NULL, 0); @@ -101,7 +105,11 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) gcry_cipher_encrypt (cfx->cipher_hd, temp, nprefix+2, NULL, 0); gcry_cipher_sync (cfx->cipher_hd); iobuf_write (a, temp, nprefix+2); - cfx->header = 1; + + cfx->short_blklen_warn = (blocksize < 16); + cfx->short_blklen_count = nprefix+2; + + cfx->wrote_header = 1; } @@ -122,11 +130,23 @@ cipher_filter (void *opaque, int control, iobuf_t a, byte *buf, size_t *ret_len) else if (control == IOBUFCTRL_FLUSH) /* encrypt */ { log_assert (a); - if (!cfx->header) + if (!cfx->wrote_header) write_header (cfx, a); if (cfx->mdc_hash) gcry_md_write (cfx->mdc_hash, buf, size); gcry_cipher_encrypt (cfx->cipher_hd, buf, size, NULL, 0); + if (cfx->short_blklen_warn) + { + cfx->short_blklen_count += size; + if (cfx->short_blklen_count > (150 * 1024 * 1024)) + { + log_info ("WARNING: encrypting more than %d MiB with algorithm " + "%s should be avoided\n", 150, + openpgp_cipher_algo_name (cfx->dek->algo)); + cfx->short_blklen_warn = 0; /* Don't show again. */ + } + } + rc = iobuf_write (a, buf, size); } else if (control == IOBUFCTRL_FREE) diff --git a/g10/filter.h b/g10/filter.h index 275608d4a..9e4b1e538 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -92,10 +92,11 @@ typedef struct { DEK *dek; u32 datalen; gcry_cipher_hd_t cipher_hd; - int header; + unsigned int wrote_header : 1; + unsigned int short_blklen_warn : 1; + unsigned long short_blklen_count; gcry_md_hd_t mdc_hash; byte enchash[20]; - int create_mdc; /* flag will be set by the cipher filter */ } cipher_filter_context_t; |