Index: dist/src/lib/create.c =================================================================== RCS file: /cvsroot/src/crypto/external/bsd/netpgp/dist/src/lib/create.c,v retrieving revision 1.38 diff -u -p -r1.38 create.c --- dist/src/lib/create.c 15 Nov 2010 08:03:39 -0000 1.38 +++ dist/src/lib/create.c 24 Mar 2020 22:02:16 -0000 @@ -959,8 +959,17 @@ pgp_create_pk_sesskey(const pgp_key_t *k } /* allocate unencoded_m_buf here */ (void) memset(&cipherinfo, 0x0, sizeof(cipherinfo)); - pgp_crypt_any(&cipherinfo, - cipher = pgp_str_to_cipher((ciphername) ? ciphername : "cast5")); + + cipher = pgp_str_to_cipher(ciphername); + + if (cipher == PGP_SA_UNKNOWN) { + (void) fprintf(stderr, + "pgp_create_pk_sesskey: invalid cipher\n"); + return NULL; + } + + pgp_crypt_any(&cipherinfo, cipher); + unencoded_m_buf = calloc(1, cipherinfo.keysize + 1 + 2); if (unencoded_m_buf == NULL) { (void) fprintf(stderr, Index: dist/src/lib/misc.c =================================================================== RCS file: /cvsroot/src/crypto/external/bsd/netpgp/dist/src/lib/misc.c,v retrieving revision 1.42 diff -u -p -r1.42 misc.c --- dist/src/lib/misc.c 13 Nov 2018 14:52:30 -0000 1.42 +++ dist/src/lib/misc.c 24 Mar 2020 22:02:16 -0000 @@ -833,7 +833,7 @@ pgp_str_to_cipher(const char *cipher) return sp->i; } } - return PGP_SA_DEFAULT_CIPHER; + return PGP_SA_UNKNOWN; } void Index: dist/src/lib/netpgp.c =================================================================== RCS file: /cvsroot/src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c,v retrieving revision 1.103 diff -u -p -r1.103 netpgp.c --- dist/src/lib/netpgp.c 21 Mar 2020 01:07:21 -0000 1.103 +++ dist/src/lib/netpgp.c 24 Mar 2020 22:02:16 -0000 @@ -801,6 +801,7 @@ netpgp_init(netpgp_t *netpgp) char id[MAX_ID_LENGTH]; char *homedir; char *userid; + char *ciphername; char *stream; char *passfd; char *results; @@ -868,6 +869,14 @@ netpgp_init(netpgp_t *netpgp) (void) fprintf(io->errs, "netpgp: bad homedir\n"); return 0; } + + if ((ciphername = netpgp_getvar(netpgp, "cipher")) != NULL) { + if (pgp_str_to_cipher(ciphername) == PGP_SA_UNKNOWN) { + (void) fprintf(io->errs, "netpgp: invalid cipher\n"); + return 0; + } + } + if (netpgp_getvar(netpgp, "ssh keys") == NULL) { /* read from ordinary pgp keyrings */ netpgp->pubring = readkeyring(netpgp, "pubring"); Index: dist/src/lib/packet.h =================================================================== RCS file: /cvsroot/src/crypto/external/bsd/netpgp/dist/src/lib/packet.h,v retrieving revision 1.31 diff -u -p -r1.31 packet.h --- dist/src/lib/packet.h 13 Nov 2018 14:52:30 -0000 1.31 +++ dist/src/lib/packet.h 24 Mar 2020 22:02:16 -0000 @@ -471,6 +471,7 @@ typedef enum { * \see RFC4880 9.2 */ typedef enum { + PGP_SA_UNKNOWN = -1, /* used to indicate errors */ PGP_SA_PLAINTEXT = 0, /* Plaintext or unencrypted data */ PGP_SA_IDEA = 1, /* IDEA */ PGP_SA_TRIPLEDES = 2, /* TripleDES */