diff options
| author | Noah Misch <noah@leadboat.com> | 2015-05-18 10:02:31 -0400 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2015-05-18 10:02:37 -0400 |
| commit | 7b758b7d605aca10b36aa1c26bbf16c33f8ac726 (patch) | |
| tree | 9b21e63a2062ca83dc80eb43e38664c4fc0653fe /contrib/pgcrypto/pgp.h | |
| parent | c669915fd978c5667ce209a827635befb52819c7 (diff) | |
pgcrypto: Report errant decryption as "Wrong key or corrupt data".
This has been the predominant outcome. When the output of decrypting
with a wrong key coincidentally resembled an OpenPGP packet header,
pgcrypto could instead report "Corrupt data", "Not text data" or
"Unsupported compression algorithm". The distinct "Corrupt data"
message added no value. The latter two error messages misled when the
decrypted payload also exhibited fundamental integrity problems. Worse,
error message variance in other systems has enabled cryptologic attacks;
see RFC 4880 section "14. Security Considerations". Whether these
pgcrypto behaviors are likewise exploitable is unknown.
In passing, document that pgcrypto does not resist side-channel attacks.
Back-patch to 9.0 (all supported versions).
Security: CVE-2015-3167
Diffstat (limited to 'contrib/pgcrypto/pgp.h')
| -rw-r--r-- | contrib/pgcrypto/pgp.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/contrib/pgcrypto/pgp.h b/contrib/pgcrypto/pgp.h index efcfa943bd1..dad7c8d8790 100644 --- a/contrib/pgcrypto/pgp.h +++ b/contrib/pgcrypto/pgp.h @@ -148,7 +148,9 @@ struct PGP_Context * internal variables */ int mdc_checked; - int corrupt_prefix; + int corrupt_prefix; /* prefix failed RFC 4880 "quick check" */ + int unsupported_compr; /* has bzip2 compression */ + int unexpected_binary; /* binary data seen in text_mode */ int in_mdc_pkt; int use_mdcbuf_filter; PX_MD *mdc_ctx; |