Diffusion GPGME 8a0c8c52510d

core: Always fail if an OpenPG message is not integrity protected.

Authored by werner on May 17 2018, 9:14 AM.

Description

core: Always fail if an OpenPG message is not integrity protected.

* src/decrypt.c (struct op_data_t): Add field not_integrity_protected.
(parse_decryption_info): Set this.  Also rename mode to aead_algo for
clarity.
(_gpgme_decrypt_status_handler): Force failure in case of a missing
MDC.

This extra check makes sure that a missing or stripped MDC in

  • gpg < 2.1
  • or gpg 2.2 with an old cipher algorithm

will lead to a decryption failure. gpg 2.3 will always fail in this
case. Implementing this check here and not backporting the 2.3 change
to 2.2 has the benefit that all GPGME using applications are protected
but scripts relying on rfc2440 (i.e. without MDC) will only break when
migrating to 2.3.

Note that S/MIME has no integrity protection mechanism but gpgsm
neither emits a DECRYPTION_INFO status line, so an error will not be
triggered. If in the future gpgsm supports authenticated encryption
it may issue a DECRYPTION_INFO line to force a failure here but it
will in that case also emit a DECRYPTION_FAILED anyway.

  • GnuPG-bug-id: T3981
  • Signed-off-by: Werner Koch <wk@gnupg.org>