summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/gpg.texi29
-rw-r--r--g10/cipher-cfb.c6
-rw-r--r--g10/encrypt.c63
-rw-r--r--g10/gpg.c21
-rw-r--r--g10/keydb.h2
-rw-r--r--g10/pkclist.c11
-rw-r--r--po/POTFILES.in2
7 files changed, 46 insertions, 88 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 544ed1817..baad58657 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2596,21 +2596,18 @@ modern and faster way to do authenticated encrytion than the old MDC
method. See also options @option{--aead-algo} and
@option{--chunk-size}.
-This option requires the use of option @option{--rfc4880bis} to
-declare that a not yet standardized feature is used.
+As of now this option requires the use of option @option{--rfc4880bis}
+to declare that a not yet standardized feature is used.
@item --force-mdc
+@itemx --disable-mdc
@opindex force-mdc
-Force the use of encryption with a modification detection code. This
-is always used with the newer ciphers (those with a blocksize greater
-than 64 bits), or if all of the recipient keys indicate MDC support in
-their feature flags.
-
-@item --disable-mdc
@opindex disable-mdc
-Disable the use of the modification detection code. Note that by
-using this option, the encrypted message becomes vulnerable to a
-message modification attack.
+These options are obsolete and have no effect since GnuPG 2.2.8. The
+MDC is always used unless the keys indicate that an AEAD algorithm can
+be used in which case AEAD is used. But note: If the creation or of a
+legacy non-MDC message is exceptionally required, the option
+@option{--rfc2440} allows for this.
@item --disable-signer-uid
@opindex disable-signer-uid
@@ -2740,7 +2737,10 @@ keys or data may not be usable with future GnuPG versions.
@item --rfc2440
@opindex rfc2440
Reset all packet, cipher and digest options to strict RFC-2440
-behavior.
+behavior. Note that by using this option encryption packets are
+created in a legacy mode without MDC protection. This is dangerous
+and should thus only be used for experiments. See also option
+@option{--ignore-mdc-error}.
@item --pgp6
@opindex pgp6
@@ -2750,8 +2750,9 @@ restricts you to the ciphers IDEA (if the IDEA plugin is installed),
compression algorithms none and ZIP. This also disables
@option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys.
+FIXME: remove this options.
-This option implies @option{--disable-mdc --escape-from-lines}.
+This option implies @option{--escape-from-lines}.
@item --pgp7
@opindex pgp7
@@ -3234,7 +3235,7 @@ It is required to decrypt old messages which did not use an MDC. It
may also be useful if a message is partially garbled, but it is
necessary to get as much data as possible out of that garbled message.
Be aware that a missing or failed MDC can be an indication of an
-attack. Use with caution.
+attack. Use with great caution; see also option @option{--rfc2440}.
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos
diff --git a/g10/cipher-cfb.c b/g10/cipher-cfb.c
index 48927c558..3ba8eb738 100644
--- a/g10/cipher-cfb.c
+++ b/g10/cipher-cfb.c
@@ -33,6 +33,7 @@
#include "packet.h"
#include "options.h"
#include "main.h"
+#include "../common/i18n.h"
#include "../common/status.h"
@@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
}
else
{
- log_info ("WARNING: "
- "encrypting without integrity protection is dangerous\n");
+ log_info (_("WARNING: "
+ "encrypting without integrity protection is dangerous\n"));
+ log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
}
write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c6c9e3a03..7de07d234 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -212,11 +212,7 @@ use_aead (pk_list_t pk_list, int algo)
can_use = openpgp_cipher_get_algo_blklen (algo) == 16;
- /* With --force-mdc we clearly do not want AEAD. */
- if (opt.force_mdc)
- return 0;
-
- /* However with --force-aead we want AEAD. */
+ /* With --force-aead we want AEAD. */
if (opt.force_aead)
{
if (!can_use)
@@ -232,62 +228,29 @@ use_aead (pk_list_t pk_list, int algo)
if (!can_use)
return 0;
+ /* Note the user which keys have no AEAD feature flag set. */
+ if (opt.verbose)
+ warn_missing_aead_from_pklist (pk_list);
+
/* If all keys support AEAD we can use it. */
return select_aead_from_pklist (pk_list);
}
-/* We try very hard to use a MDC */
+/* Shall we use the MDC? Yes - unless rfc-2440 compatibility is
+ * requested. */
int
use_mdc (pk_list_t pk_list,int algo)
{
- /* RFC-2440 don't has MDC */
- if (RFC2440)
- return 0;
-
- /* --force-mdc overrides --disable-mdc */
- if(opt.force_mdc)
- return 1;
+ (void)pk_list;
+ (void)algo;
- if(opt.disable_mdc)
+ /* RFC-2440 don't has MDC - this is the only way to create a legacy
+ * non-MDC encryption packet. */
+ if (RFC2440)
return 0;
- /* Do the keys really support MDC? */
-
- if(select_mdc_from_pklist(pk_list))
- return 1;
-
- /* The keys don't support MDC, so now we do a bit of a hack - if any
- of the AESes or TWOFISH are in the prefs, we assume that the user
- can handle a MDC. This is valid for PGP 7, which can handle MDCs
- though it will not generate them. 2440bis allows this, by the
- way. */
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES)
- return 1;
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192)
- return 1;
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256)
- return 1;
-
- if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
- CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH)
- return 1;
-
- /* Last try. Use MDC for the modern ciphers. */
-
- if (openpgp_cipher_get_algo_blklen (algo) != 8)
- return 1;
-
- if (opt.verbose)
- warn_missing_mdc_from_pklist (pk_list);
-
- return 0; /* No MDC */
+ return 1; /* In all other cases we use the MDC */
}
diff --git a/g10/gpg.c b/g10/gpg.c
index e718fe45e..1a419f7e7 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -301,10 +301,6 @@ enum cmd_and_opt_values
oShowPhotos,
oNoShowPhotos,
oPhotoViewer,
- oForceMDC,
- oNoForceMDC,
- oDisableMDC,
- oNoDisableMDC,
oForceAEAD,
oS2KMode,
oS2KDigest,
@@ -605,11 +601,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oQuiet, "quiet", "@"),
ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
- ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
- ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
- ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
- ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
-
ARGPARSE_s_n (oForceAEAD, "force-aead", "@"),
ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
@@ -924,6 +915,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
+ ARGPARSE_s_n (oNoop, "force-mdc", "@"),
+ ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
+ ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
+ ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
+
ARGPARSE_end ()
};
@@ -2201,7 +2197,6 @@ set_compliance_option (enum cmd_and_opt_values option)
case oDE_VS:
set_compliance_option (oOpenPGP);
opt.compliance = CO_DE_VS;
- opt.force_mdc = 1;
opt.def_aead_algo = 0;
/* Fixme: Change other options. */
break;
@@ -3019,11 +3014,6 @@ main (int argc, char **argv)
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
- case oForceMDC: opt.force_mdc = 1; break;
- case oNoForceMDC: opt.force_mdc = 0; break;
- case oDisableMDC: opt.disable_mdc = 1; break;
- case oNoDisableMDC: opt.disable_mdc = 0; break;
-
case oForceAEAD: opt.force_aead = 1; break;
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
@@ -3802,7 +3792,6 @@ main (int argc, char **argv)
{
/* That does not anymore work because we have no more support
for v3 signatures. */
- opt.disable_mdc=1;
opt.escape_from=1;
opt.ask_sig_expire=0;
}
diff --git a/g10/keydb.h b/g10/keydb.h
index c65af0204..bd156a6a3 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -236,7 +236,7 @@ int select_algo_from_prefs( PK_LIST pk_list, int preftype,
int request, const union pref_hint *hint);
int select_mdc_from_pklist (PK_LIST pk_list);
aead_algo_t select_aead_from_pklist (pk_list_t pk_list);
-void warn_missing_mdc_from_pklist (PK_LIST pk_list);
+void warn_missing_aead_from_pklist (PK_LIST pk_list);
void warn_missing_aes_from_pklist (PK_LIST pk_list);
/*-- skclist.c --*/
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 8b5d0422a..05bbea52d 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1677,9 +1677,10 @@ select_aead_from_pklist (PK_LIST pk_list)
}
-/* Print a warning for all keys in PK_LIST missing the MDC feature. */
+/* Print a warning for all keys in PK_LIST missing the AEAD feature
+ * flag or AEAD algorithms. */
void
-warn_missing_mdc_from_pklist (PK_LIST pk_list)
+warn_missing_aead_from_pklist (PK_LIST pk_list)
{
PK_LIST pkr;
@@ -1688,12 +1689,12 @@ warn_missing_mdc_from_pklist (PK_LIST pk_list)
int mdc;
if (pkr->pk->user_id) /* selected by user ID */
- mdc = pkr->pk->user_id->flags.mdc;
+ mdc = pkr->pk->user_id->flags.aead;
else
- mdc = pkr->pk->flags.mdc;
+ mdc = pkr->pk->flags.aead;
if (!mdc)
log_info (_("Note: key %s has no %s feature\n"),
- keystr_from_pk (pkr->pk), "MDC");
+ keystr_from_pk (pkr->pk), "AEAD");
}
}
diff --git a/po/POTFILES.in b/po/POTFILES.in
index f071651cc..f19cb49c4 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -75,6 +75,8 @@ g10/tofu.c
g10/trustdb.c
g10/trust.c
g10/verify.c
+g10/cipher-cfb.c
+g10/cipher-aead.c
kbx/kbxutil.c