head	1.2;
access;
symbols
	RELEASE_5_4_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.04.24.04.42.08;	author kuriyama;	state dead;
branches;
next	1.1;

1.1
date	2005.02.12.09.29.35;	author kuriyama;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Upgrade to 1.4.1.

PR:		ports/80157
Submitted by:	Vasil Dimov <vd@@datamax.bg>
Kindly knocked by:	dougb
@
text
@Index: include/cipher.h
===================================================================
RCS file: /cvs/gnupg/gnupg/include/cipher.h,v
retrieving revision 1.63
diff -u -r1.63 cipher.h
--- include/cipher.h	29 Nov 2004 21:14:18 -0000	1.63
+++ include/cipher.h	8 Feb 2005 04:10:29 -0000
@@@@ -75,6 +75,7 @@@@
     int keylen;
     int algo_info_printed;
     int use_mdc;
+    int symmetric;
     byte key[32]; /* this is the largest used keylen (256 bit) */
 } DEK;

Index: g10/mainproc.c
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/mainproc.c,v
retrieving revision 1.161
diff -u -r1.161 mainproc.c
--- g10/mainproc.c	21 Oct 2004 19:18:47 -0000	1.161
+++ g10/mainproc.c	8 Feb 2005 04:10:30 -0000
@@@@ -330,6 +330,8 @@@@

 	    if(c->dek)
 	      {
+		c->dek->symmetric=1;
+
 		/* FIXME: This doesn't work perfectly if a symmetric
 		   key comes before a public key in the message - if
 		   the user doesn't know the passphrase, then there is
Index: g10/encr-data.c
===================================================================
RCS file: /cvs/gnupg/gnupg/g10/encr-data.c,v
retrieving revision 1.30
diff -u -r1.30 encr-data.c
--- g10/encr-data.c	8 Oct 2004 21:54:26 -0000	1.30
+++ g10/encr-data.c	8 Feb 2005 04:10:30 -0000
@@@@ -125,7 +125,7 @@@@
     cipher_sync( dfx.cipher_hd );
     p = temp;
 /* log_hexdump( "prefix", temp, nprefix+2 ); */
-    if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
+    if( dek->symmetric && (p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1]) ) {
 	rc = G10ERR_BAD_KEY;
 	goto leave;
     }

@


1.1
log
@Add a workaround patch to avoid protocol attack (but will not be
effective in the real world).

References:	http://lists.gnupg.org/pipermail/gnupg-announce/2005q1/000190.html (broken mailman archive)
		http://www.pgp.com/library/ctocorner/openpgp.html
		http://eprint.iacr.org/2005/033
Reported by:	dougb
@
text
@@

