[commits] Crypt branch master updated. 1d95aeff1674f8bfe534ffb2d5376368d328862e

jan at horde.org jan at horde.org
Tue May 15 20:35:21 UTC 2018


The branch "master" has been updated.
The following is a summary of the commits.

from: f3bceee701eb5f6c6f69c718e1f4ad578b8d0d7a

ef329a8 mitigate efail
7a3a722 Enforce MDC when encrypting symmetrically.
1c054ce Always check STDERR.
64d67c7 Add unit tests for MDC verification.
1d95aef [jan] Enforce MDC verification when decrypting PGP messages to mitigatet EFAIL attacks (Immerda <admin at immerda.ch>).

Summary: https://github.com/horde/Crypt/compare/f3bceee701eb...1d95aeff1674

-----------------------------------------------------------------------

commit ef329a890572c6381ddf6d491a55423d9de0a0cb
Author: Immerda <admin at immerda.ch>
Date:   Mon, 14 May 2018 22:47:33 +0200

mitigate efail

This commit prevents the gpg backend from decrypting non integrity
protected messages. The efail [0] vurneability relies on the attacker
being able to inject content into an encrypted mail.

According to [1], the correct way of detecting if decryption succeeded
is not to check the return code. Instead the `--status-fd` should be
checked for DECRYPTION_OKAY.

Imp currently displays the decrypted body (including the gpg warning)
in the message pane. This opens up decryption oracle attacks.

[0] https://efail.de/
[1] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS

 M lib/Horde/Crypt/Pgp/Backend/Binary.php

https://github.com/horde/Crypt/commit/ef329a890572c6381ddf6d491a55423d9de0a0cb

-----------------------------------------------------------------------

commit 7a3a722de2f6f9c99c155dede41571e954524c95
Author: Jan Schneider <jan at horde.org>
Date:   Tue, 15 May 2018 22:30:46 +0200

Enforce MDC when encrypting symmetrically.

 M lib/Horde/Crypt/Pgp/Backend/Binary.php
 M test/Horde/Crypt/fixtures/pgp_encrypted_symmetric.txt

https://github.com/horde/Crypt/commit/7a3a722de2f6f9c99c155dede41571e954524c95

-----------------------------------------------------------------------

commit 1c054ce750c99229cadb75e81b80b49047d1cfb9
Author: Jan Schneider <jan at horde.org>
Date:   Tue, 15 May 2018 22:31:13 +0200

Always check STDERR.

 M lib/Horde/Crypt/Pgp/Backend/Binary.php

https://github.com/horde/Crypt/commit/1c054ce750c99229cadb75e81b80b49047d1cfb9

-----------------------------------------------------------------------

commit 64d67c72ed26a380f21cd7542cb0f8d1197c10ed
Author: Jan Schneider <jan at horde.org>
Date:   Tue, 15 May 2018 22:31:46 +0200

Add unit tests for MDC verification.

 M test/Horde/Crypt/Pgp/TestBase.php
 A test/Horde/Crypt/fixtures/mdc/correct
 A test/Horde/Crypt/fixtures/mdc/correct-withoutcrc
 A test/Horde/Crypt/fixtures/mdc/manipulated-withoutmdc
 A test/Horde/Crypt/fixtures/mdc/manmessage
 A test/Horde/Crypt/fixtures/mdc/public-key.gpg
 A test/Horde/Crypt/fixtures/mdc/secret-key.gpg
 A test/Horde/Crypt/fixtures/mdc/testmessage
 A test/Horde/Crypt/fixtures/mdc/withoutmdc
 A test/Horde/Crypt/fixtures/mdc/wrongmdc

https://github.com/horde/Crypt/commit/64d67c72ed26a380f21cd7542cb0f8d1197c10ed

-----------------------------------------------------------------------

commit 1d95aeff1674f8bfe534ffb2d5376368d328862e
Author: Jan Schneider <jan at horde.org>
Date:   Tue, 15 May 2018 22:35:12 +0200

[jan] Enforce MDC verification when decrypting PGP messages to mitigatet EFAIL attacks (Immerda <admin at immerda.ch>).

 M doc/Horde/Crypt/CHANGES
 M doc/Horde/Crypt/changelog.yml
 M package.xml

https://github.com/horde/Crypt/commit/1d95aeff1674f8bfe534ffb2d5376368d328862e


More information about the commits mailing list