1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-09 23:39:51 +02:00

gpg: Add compatibility flag "vsd-allow-ocb"

* common/compliance.h (enum gnupg_co_extra_infos): New.
* common/compliance.c (vsd_allow_ocb): New.
(gnupg_cipher_is_compliant): Allow OCB if flag is set.
(gnupg_cipher_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): Change to take two args.  Adjust
callers.
* g10/gpg.c (compatibility_flags): Add "vsd-allow-ocb".
(main): And set it.
* g10/options.h (COMPAT_VSD_ALLOW_OCB): NEw.
--

This is a temporary flag until the new mode has been evaluated and can
always be enabled.

GnuPG-bug-id: 6263
This commit is contained in:
Werner Koch 2022-10-31 17:23:41 +01:00
parent 4a9f3f94c6
commit 0a355b2fe7
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
5 changed files with 35 additions and 9 deletions

View File

@ -45,6 +45,9 @@ static int module;
* using a confue file. */
static unsigned int min_compliant_rsa_length;
/* Temporary hack to allow OCB mode in de-vs mode. */
static unsigned int vsd_allow_ocb;
/* Return the address of a compliance cache variable for COMPLIANCE.
* If no such variable exists NULL is returned. FOR_RNG returns the
* cache variable for the RNG compliance check. */
@ -380,7 +383,8 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
switch (module)
{
case GNUPG_MODULE_NAME_GPG:
return mode == GCRY_CIPHER_MODE_CFB;
return (mode == GCRY_CIPHER_MODE_CFB
|| (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB));
case GNUPG_MODULE_NAME_GPGSM:
return mode == GCRY_CIPHER_MODE_CBC;
}
@ -424,7 +428,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
{
case GNUPG_MODULE_NAME_GPG:
return (mode == GCRY_CIPHER_MODE_NONE
|| mode == GCRY_CIPHER_MODE_CFB);
|| mode == GCRY_CIPHER_MODE_CFB
|| (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB));
case GNUPG_MODULE_NAME_GPGSM:
return (mode == GCRY_CIPHER_MODE_NONE
|| mode == GCRY_CIPHER_MODE_CBC
@ -441,7 +446,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
case CIPHER_ALGO_TWOFISH:
return (module == GNUPG_MODULE_NAME_GPG
&& (mode == GCRY_CIPHER_MODE_NONE
|| mode == GCRY_CIPHER_MODE_CFB)
|| mode == GCRY_CIPHER_MODE_CFB
|| (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB))
&& ! producer);
default:
return 0;
@ -696,7 +702,15 @@ gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
/* Set additional infos for example taken from config files at startup. */
void
gnupg_set_compliance_extra_info (unsigned int min_rsa)
gnupg_set_compliance_extra_info (enum gnupg_co_extra_infos what,
unsigned int value)
{
min_compliant_rsa_length = min_rsa;
switch (what)
{
case CO_EXTRA_INFO_MIN_RSA:
min_compliant_rsa_length = value;
break;
case CO_EXTRA_INFO_VSD_ALLOW_OCB:
vsd_allow_ocb = value;
}
}

View File

@ -36,12 +36,14 @@
void gnupg_initialize_compliance (int gnupg_module_name);
enum gnupg_compliance_mode
{
CO_GNUPG, CO_RFC4880, CO_RFC2440,
CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
};
enum pk_use_case
{
PK_USE_ENCRYPTION, PK_USE_DECRYPTION,
@ -91,7 +93,14 @@ int gnupg_parse_compliance_option (const char *string,
const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
compliance);
void gnupg_set_compliance_extra_info (unsigned int min_rsa);
enum gnupg_co_extra_infos
{
CO_EXTRA_INFO_MIN_RSA,
CO_EXTRA_INFO_VSD_ALLOW_OCB
};
void gnupg_set_compliance_extra_info (enum gnupg_co_extra_infos what,
unsigned int value);
#endif /*GNUPG_COMMON_COMPLIANCE_H*/

View File

@ -993,6 +993,7 @@ static struct debug_flags_s debug_flags [] =
/* The list of compatibility flags. */
static struct compatibility_flags_s compatibility_flags [] =
{
{ COMPAT_VSD_ALLOW_OCB, "vsd-allow-ocb" },
{ 0, NULL }
};
@ -3796,7 +3797,9 @@ main (int argc, char **argv)
set_debug (debug_level);
if (opt.verbose) /* Print the compatibility flags. */
parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
gnupg_set_compliance_extra_info (opt.min_rsa_length);
gnupg_set_compliance_extra_info (CO_EXTRA_INFO_MIN_RSA, opt.min_rsa_length);
if ((opt.compat_flags & COMPAT_VSD_ALLOW_OCB))
gnupg_set_compliance_extra_info (CO_EXTRA_INFO_VSD_ALLOW_OCB, 1);
if (DBG_CLOCK)
log_clock ("start");

View File

@ -351,7 +351,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
/* Compatibility flags */
/* #define COMPAT_FOO 1 */
#define COMPAT_VSD_ALLOW_OCB 1
/* Compliance test macors. */

View File

@ -1531,7 +1531,7 @@ main ( int argc, char **argv)
set_debug ();
if (opt.verbose) /* Print the compatibility flags. */
parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
gnupg_set_compliance_extra_info (opt.min_rsa_length);
gnupg_set_compliance_extra_info (CO_EXTRA_INFO_MIN_RSA, opt.min_rsa_length);
/* Although we always use gpgsm_exit, we better install a regualr
exit handler so that at least the secure memory gets wiped