diff options
| author | Werner Koch <[email protected]> | 2022-03-18 10:13:23 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-03-18 10:14:54 +0000 |
| commit | 8631d4cfe251f9936d6cbc11b4c4623397b1aeb6 (patch) | |
| tree | d91d8ac698e813aa8a066fa6bbbead108ab087c0 /g10/mainproc.c | |
| parent | common: New flags for gnupg_spawn_process (diff) | |
| download | gnupg-8631d4cfe251f9936d6cbc11b4c4623397b1aeb6.tar.gz gnupg-8631d4cfe251f9936d6cbc11b4c4623397b1aeb6.zip | |
gpg: Allow decryption of symencr even for non-compliant cipher.
* g10/decrypt-data.c (decrypt_data): Add arg compliance_error. Adjust
all callers. Fail on compliance error only in --require-compliance
mode. Make sure to return an error if the buffer is missing; actually
that should be an assert.
* g10/mainproc.c (proc_encrypted): Delay printing of the compliance
mode status. Consult the compliance error now returned by
decrypt_data.
--
The actual case here is that we fail hard if a message has been AEAD
encrypted with one AEAD capable key and also with one passphrase. In
general the preference system takes care of not using AEAD if one
recipient's key does not support it. However, if the sender uses her
own AEAD-capable key _and_ a passphrase the message will be AEAD
encrypted. This change allows to decrypt that anyway along with a
warning message.
Note that this does currently not work in 2.3 due to a non-compliant
libgcrypt. We will however, backport this to 2.2.
Diffstat (limited to 'g10/mainproc.c')
| -rw-r--r-- | g10/mainproc.c | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index 70685fab9..cd62737a4 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -722,16 +722,17 @@ proc_encrypted (CTX c, PACKET *pkt) xfree (pk); if (compliant) - { - write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE, - gnupg_status_compliance_flag (CO_DE_VS), - NULL); - compliance_de_vs |= 1; - } + compliance_de_vs |= 1; } if (!result) - result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek ); + { + int compl_error; + result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek, + &compl_error); + if (!result && !compl_error) + compliance_de_vs |= 2; + } /* Trigger the deferred error. */ if (!result && early_plaintext) @@ -784,12 +785,12 @@ proc_encrypted (CTX c, PACKET *pkt) if (pkt->pkt.encrypted->aead_algo) { write_status (STATUS_GOODMDC); - compliance_de_vs |= 2; + compliance_de_vs |= 4; } else if (pkt->pkt.encrypted->mdc_method && !result) { write_status (STATUS_GOODMDC); - compliance_de_vs |= 2; + compliance_de_vs |= 4; } else log_info (_("WARNING: message was not integrity protected\n")); @@ -821,6 +822,16 @@ proc_encrypted (CTX c, PACKET *pkt) * ways to specify the session key (symmmetric and PK). */ } + + /* If we concluded that the decryption was compliant, issue a + * compliance status before the thed end of decryption status. */ + if (compliance_de_vs == (4|2|1)) + { + write_status_strings (STATUS_DECRYPTION_COMPLIANCE_MODE, + gnupg_status_compliance_flag (CO_DE_VS), + NULL); + } + xfree (c->dek); c->dek = NULL; free_packet (pkt, NULL); @@ -837,7 +848,7 @@ proc_encrypted (CTX c, PACKET *pkt) * de-vs compliance mode by just looking at the exit status. */ if (opt.flags.require_compliance && opt.compliance == CO_DE_VS - && compliance_de_vs != (2|1)) + && compliance_de_vs != (4|2|1)) { log_error (_("operation forced to fail due to" " unfulfilled compliance rules\n")); |