Loading...

Type: Bug
Resolution: Fixed
Priority: Normal
Fix Version/s: None
Component/s: None
Labels:
- security

Reproduction Steps:

Hide
echo "abcd" >foo.txt
./mcrypt foo.txt
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

File foo.txt was encrypted.
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ls -la foo.txt.nc
-rw------- 1 russtopia russtopia 48 Feb 20 22:09 foo.txt.nc

### NOTE foo.txt.nc is 48 bytes

russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ./mcrypt -z foo.txt
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

File foo.txt was encrypted.
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ mcrypt -dz foo.txt.gz.nc
Enter passphrase:
File foo.txt.gz.nc was decrypted.
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ file foo.txt.gz
foo.txt.gz: ASCII text
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ls -la foo.txt.gz.nc
-rw------- 1 russtopia russtopia 48 Feb 20 22:09 foo.txt.gz.nc

### NOTE output file foo.txt.gz.nc is *also* 48 bytes, no gzip was applied.

russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ mcrypt -dz foo.txt.gz.nc
Enter passphrase:
File foo.txt.gz.nc was decrypted.
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ file foo.txt.gz
foo.txt.gz: ASCII text

### NOTE the decrypted file should have been named foo.txt, not foo.txt.gz, as no gzip was originally applied.

russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ rm foo.txt.gz.nc
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ./mcrypt -z --no-openpgp foo.txt
Enter the passphrase (maximum of 512 characters)
Please use a combination of upper and lower case letters and numbers.
Enter passphrase:
Enter passphrase:

File foo.txt was encrypted.
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ls -la foo.txt.gz.nc
-rw------- 1 russtopia russtopia 141 Feb 20 22:09 foo.txt.gz.nc
russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ file foo.txt.gz.nc
foo.txt.gz.nc: mcrypt 2.5 encrypted data, algorithm: rijndael-128, keysize: 32 bytes, mode: cbc,

### turning off RFC2440 mode (--no-openpgp) allows proper operation of -z gzip option.

### I didn't dig into how to demonstrate that the -m option is ignored when outputting RFC2440 PGP message format, but examination of code indicates it is. Users are not told it is inactive for --openpgp rfc2440 operations.

Show
echo "abcd" >foo.txt ./mcrypt foo.txt Enter the passphrase (maximum of 512 characters) Please use a combination of upper and lower case letters and numbers. Enter passphrase: Enter passphrase: File foo.txt was encrypted. russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ls -la foo.txt.nc -rw------- 1 russtopia russtopia 48 Feb 20 22:09 foo.txt.nc ### NOTE foo.txt.nc is 48 bytes russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ./mcrypt -z foo.txt Enter the passphrase (maximum of 512 characters) Please use a combination of upper and lower case letters and numbers. Enter passphrase: Enter passphrase: File foo.txt was encrypted. russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ mcrypt -dz foo.txt.gz.nc Enter passphrase: File foo.txt.gz.nc was decrypted. russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ file foo.txt.gz foo.txt.gz: ASCII text russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ls -la foo.txt.gz.nc -rw------- 1 russtopia russtopia 48 Feb 20 22:09 foo.txt.gz.nc ### NOTE output file foo.txt.gz.nc is *also* 48 bytes, no gzip was applied. russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ mcrypt -dz foo.txt.gz.nc Enter passphrase: File foo.txt.gz.nc was decrypted. russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ file foo.txt.gz foo.txt.gz: ASCII text ### NOTE the decrypted file should have been named foo.txt, not foo.txt.gz, as no gzip was originally applied. russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ rm foo.txt.gz.nc russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ./mcrypt -z --no-openpgp foo.txt Enter the passphrase (maximum of 512 characters) Please use a combination of upper and lower case letters and numbers. Enter passphrase: Enter passphrase: File foo.txt was encrypted. russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ ls -la foo.txt.gz.nc -rw------- 1 russtopia russtopia 141 Feb 20 22:09 foo.txt.gz.nc russtopia@drek ~/pkgs/mcrypt-2.6.8/src $ file foo.txt.gz.nc foo.txt.gz.nc: mcrypt 2.5 encrypted data, algorithm: rijndael-128, keysize: 32 bytes, mode: cbc, ### turning off RFC2440 mode (--no-openpgp) allows proper operation of -z gzip option. ### I didn't dig into how to demonstrate that the -m option is ignored when outputting RFC2440 PGP message format, but examination of code indicates it is. Users are not told it is inactive for --openpgp rfc2440 operations.

Presumptive Root Cause:

Hide
No checks for conflicting -z/-p compression flags while --openpgp is set;
No check to warn user that -m will be ignored when --openpgp is set.

Show
No checks for conflicting -z/-p compression flags while --openpgp is set; No check to warn user that -m will be ignored when --openpgp is set.

The three options -z, -m and --openpgp interact in unexpected ways:

Background

The --openpgp option is set by default in code, and unless the user explicitly gives --no-openpgp rfc2440 format will be used.
The -z and -p options (use external gzip or bzip compression) only work when not using rfc2440 mode (ie., --no-openpgp) but current code will not complain that -z or -p are specified with --openpgp set. Output file will be named "output.gz.nc" when it should be "output.nc" to indicate no gzip or bzip compression was applied.
The -m mode to specify encryption mode (eg., cbc, cfb, ctr, ...) is ignored when using rfc2440 mode but current code will not prevent or complain if -m is set with --openpgp.

Details

Description

Attachments

Activity

People

Dates