diff options
| author | David Shaw <[email protected]> | 2003-10-01 15:15:58 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2003-10-01 15:15:58 +0000 |
| commit | b0fe35f60e48012866b5b7b01ada50ef84971ebd (patch) | |
| tree | af0384aef505902e12542b269474695a4626ae49 /g10/parse-packet.c | |
| parent | * samplekeys.asc: Update 99242560. (diff) | |
| download | gnupg-b0fe35f60e48012866b5b7b01ada50ef84971ebd.tar.gz gnupg-b0fe35f60e48012866b5b7b01ada50ef84971ebd.zip | |
* g10.c (main): Add --no-groups to zero --group list.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically
encrypted session key. Use --s2k-cipher-algo to choose cipher, rather
than the default cipher.
* parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically
encrypted session key is seen without salt. Show in --list-packets if a
symetrically encrypted session key is present.
* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless
--quiet is set. Use text name of cipher in warning.
Diffstat (limited to '')
| -rw-r--r-- | g10/parse-packet.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e84609e47..6bffdda52 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -678,19 +678,32 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) k->s2k.count = iobuf_get(inp); pktlen--; } k->seskeylen = seskeylen; - for(i=0; i < seskeylen && pktlen; i++, pktlen-- ) - k->seskey[i] = iobuf_get_noeof(inp); + if(k->seskeylen) + { + for(i=0; i < seskeylen && pktlen; i++, pktlen-- ) + k->seskey[i] = iobuf_get_noeof(inp); + + /* What we're watching out for here is a session key decryptor + with no salt. The RFC says that using salt for this is a + MUST. */ + if(s2kmode!=1 && s2kmode!=3) + log_info(_("WARNING: potentially insecure symmetrically" + " encrypted session key\n")); + } assert( !pktlen ); if( list_mode ) { - printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d\n", - version, cipher_algo, s2kmode, hash_algo); + printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d", + version, cipher_algo, s2kmode, hash_algo); + if(seskeylen) + printf(", seskey %d bits",(seskeylen-1)*8); + printf("\n"); if( s2kmode == 1 || s2kmode == 3 ) { printf("\tsalt "); for(i=0; i < 8; i++ ) printf("%02x", k->s2k.salt[i]); if( s2kmode == 3 ) - printf(", count %lu\n", (ulong)k->s2k.count ); + printf(", count %lu", (ulong)k->s2k.count ); printf("\n"); } } |