From 113c4a5f1e6d5a904903536275369e2d4a794857 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Fri, 21 Dec 2018 23:46:02 -0500
Subject: [PATCH] Add CAST5 to always-allowed algorithms

Golang's OpenPGP implementation uses CAST5 as its fallback.
(The spec mandates TripleDES as fallback.)

Fixes #819.
---
 src/message.js                           |  3 ++-
 test/security/preferred_algo_mismatch.js | 12 ++++++------
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/message.js b/src/message.js
index 5bdff7ca..1a5f6145 100644
--- a/src/message.js
+++ b/src/message.js
@@ -187,7 +187,8 @@ Message.prototype.decryptSessionKeys = async function(privateKeys, passwords) {
         let algos = [
           enums.symmetric.aes256, // Old OpenPGP.js default fallback
           enums.symmetric.aes128, // RFC4880bis fallback
-          enums.symmetric.tripledes // RFC4880 fallback
+          enums.symmetric.tripledes, // RFC4880 fallback
+          enums.symmetric.cast5 // Golang OpenPGP fallback
         ];
         if (primaryUser && primaryUser.selfCertification.preferredSymmetricAlgorithms) {
           algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);
diff --git a/test/security/preferred_algo_mismatch.js b/test/security/preferred_algo_mismatch.js
index 74cb644d..9df2c1af 100644
--- a/test/security/preferred_algo_mismatch.js
+++ b/test/security/preferred_algo_mismatch.js
@@ -11,12 +11,12 @@ const messageArmor = `-----BEGIN PGP MESSAGE-----
 Version: OpenPGP.js VERSION
 Comment: https://openpgpjs.org
 
-wYwD3eCUoDfD5yoBA/4rhxaaw+E2ma+LdmLVDBRqxglhIgnM6EgNxzf8J5Ty
-ecQBLOf3BjjC72mJ9RqMmvQ16aG4EXXDAUmCP1sBLj+b7V1t4keeyTn+2nXu
-7Wgu2yq9CvZahRLsayt3y8VodZwTi3K/+gmx1f8EhdLPONQgGkYAqZ3Tyyd0
-KF3pknplvdI+AXqRs0n2vVr89oIdmQPJFSHEoJtltbSNxhwShdzDvOor2FKJ
-vhGWNysion2aBg0fIbgDUKeXKp8YN44LDTk=
-=RYrv
+wYwD3eCUoDfD5yoBA/98Ceee8cVOuwZMscnFXzkldJV6Km/Uozcwsx0+Epqb
+31qF6QosSgEBNGet5PXxV3VU5BnjSeMnK3500NFGgLZUYKLqdHmtwj4hIz7S
+VpX1fVpp5n8729Fuv9MhRcFrrIrRj5h6Mj8G7xIgCQm+uJTla3X8wRXss8/p
+y57epbYHO9JGAZsQl6kFLOsgtlV/NPwAtjsH/AzsQs3Y6WcudHh0XB3E+ncK
+BLn6oaBjcnlwdGVk0wJnjV2YZRiZ7V3lUIDdYIMNpL+5qA==
+=IoHy
 -----END PGP MESSAGE-----`;
 
 const privateKeyArmor = `-----BEGIN PGP PRIVATE KEY BLOCK-----