diff options
| author | David Shaw <[email protected]> | 2002-08-13 19:00:23 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-08-13 19:00:23 +0000 |
| commit | 1111da19a858ba517898dcd34680ea40ee3b3ab9 (patch) | |
| tree | d4b1153ef1332a05089d91e1ef3b3904ac150f08 /g10/cipher.c | |
| parent | * cipher.h: Add AES aliases for RIJNDAEL algo numbers. (diff) | |
| download | gnupg-1111da19a858ba517898dcd34680ea40ee3b3ab9.tar.gz gnupg-1111da19a858ba517898dcd34680ea40ee3b3ab9.zip | |
* encode.c (encode_simple): Fix problem with using compression algo 2 and
symmetric compressed files.
* encode.c (encode_simple, encode_crypt): If we are not using a MDC,
compress even if a file is already compressed. This is to help against
the chosen ciphertext attack.
* pkclist.c (select_algo_from_prefs): Fix requested algorithm bug so the
request succeeds even if the requested algorithm is not the first found.
* cipher.c (write_header), encode.c (use_mdc, encode_simple, encode_crypt,
encrypt_filter), g10.c (main): Be more eager to use a MDC. We use a MDC
if the keys directly support it, if the keys list AES (any) or TWOFISH
anywhere in the prefs, or if the cipher chosen does not have a 64 bit
blocksize.
Diffstat (limited to '')
| -rw-r--r-- | g10/cipher.c | 21 |
1 files changed, 3 insertions, 18 deletions
diff --git a/g10/cipher.c b/g10/cipher.c index 2af8750c8..cb9f14916 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -47,31 +47,16 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) byte temp[18]; unsigned blocksize; unsigned nprefix; - int use_mdc; blocksize = cipher_get_blocksize( cfx->dek->algo ); if( blocksize < 8 || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); - use_mdc = cfx->dek->use_mdc; - - if( blocksize != 8 ) - use_mdc = 1; /* Hack: enable it for all modern ciphers */ - /* Note: We should remove this hack as soon as a reasonable number of keys - are carrying the MDC flag. But always keep the hack for conventional - encryption */ - - if (opt.force_mdc) - use_mdc = 1; - - if( opt.rfc2440 || opt.rfc1991 || opt.disable_mdc ) - use_mdc = 0; /* override - rfc2440 does not know about MDC */ - memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.extralen = blocksize+2; ed.new_ctb = !ed.len && !opt.rfc1991; - if( use_mdc ) { + if( cfx->dek->use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); if ( DBG_HASHING ) @@ -86,7 +71,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) } init_packet( &pkt ); - pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; + pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; if( build_packet( a, &pkt )) log_bug("build_packet(ENCR_DATA) failed\n"); @@ -96,7 +81,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); cfx->cipher_hd = cipher_open( cfx->dek->algo, - use_mdc? CIPHER_MODE_CFB + cfx->dek->use_mdc? CIPHER_MODE_CFB : CIPHER_MODE_AUTO_CFB, 1 ); /* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/ cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); |