Disable the "quick check" bytes for PK decryptions. This is in

regards to the Mister and Zuccherato attack on OpenPGP CFB mode.
author: David Shaw <[email protected]> 2005-02-10 04:06:30 +0000
committer: David Shaw <[email protected]> 2005-02-10 04:06:30 +0000
commit: a3ea9626797ecf9ce5dba230c9617db84c159e5a (patch)
tree: 2909fa96f02e1f9af1d1bf21c7b790b8886fd9c2 /g10/encr-data.c
parent: * trustdb.h, trustdb.c (trustdb_check_or_update): New. If the trustdb (diff)
download: gnupg-a3ea9626797ecf9ce5dba230c9617db84c159e5a.tar.gz
gnupg-a3ea9626797ecf9ce5dba230c9617db84c159e5a.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/g10/encr-data.c b/g10/encr-data.c
index e05994535..f9fabc8f0 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -1,5 +1,5 @@
 /* encr-data.c -  process an encrypted data packet
- * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2005 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -125,10 +125,12 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
     cipher_sync( dfx.cipher_hd );
     p = temp;
 /* log_hexdump( "prefix", temp, nprefix+2 ); */
-    if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
+    if(dek->symmetric
+       && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) )
+      {
 	rc = G10ERR_BAD_KEY;
 	goto leave;
-    }
+      }
 
     if( dfx.mdc_hash )
 	md_write( dfx.mdc_hash, temp, nprefix+2 );
author	David Shaw <[email protected]>	2005-02-10 04:06:30 +0000
committer	David Shaw <[email protected]>	2005-02-10 04:06:30 +0000
commit	a3ea9626797ecf9ce5dba230c9617db84c159e5a (patch)
tree	2909fa96f02e1f9af1d1bf21c7b790b8886fd9c2 /g10/encr-data.c
parent	* trustdb.h, trustdb.c (trustdb_check_or_update): New. If the trustdb (diff)
download	gnupg-a3ea9626797ecf9ce5dba230c9617db84c159e5a.tar.gz gnupg-a3ea9626797ecf9ce5dba230c9617db84c159e5a.zip