mirror of
git://git.gnupg.org/gnupg.git
synced 2025-02-01 16:33:02 +01:00
gpg: Add compatibility flag "vsd-allow-ocb"
* common/compliance.h (enum gnupg_co_extra_infos): New. * common/compliance.c (vsd_allow_ocb): New. (gnupg_cipher_is_compliant): Allow OCB if flag is set. (gnupg_cipher_is_allowed): Ditto. (gnupg_set_compliance_extra_info): Change to take two args. Adjust callers. * g10/gpg.c (compatibility_flags): Add "vsd-allow-ocb". (main): And set it. * g10/options.h (COMPAT_VSD_ALLOW_OCB): NEw. -- This is a temporary flag until the new mode has been evaluated and can always be enabled. GnuPG-bug-id: 6263
This commit is contained in:
Werner Koch
parent
4a9f3f94c6
commit
0a355b2fe7
@ -45,6 +45,9 @@ static int module;
|
|||||||
* using a confue file. */
|
* using a confue file. */
|
||||||
static unsigned int min_compliant_rsa_length;
|
static unsigned int min_compliant_rsa_length;
|
||||||
|
|
||||||
|
/* Temporary hack to allow OCB mode in de-vs mode. */
|
||||||
|
static unsigned int vsd_allow_ocb;
|
||||||
|
|
||||||
/* Return the address of a compliance cache variable for COMPLIANCE.
|
/* Return the address of a compliance cache variable for COMPLIANCE.
|
||||||
* If no such variable exists NULL is returned. FOR_RNG returns the
|
* If no such variable exists NULL is returned. FOR_RNG returns the
|
||||||
* cache variable for the RNG compliance check. */
|
* cache variable for the RNG compliance check. */
|
||||||
@ -380,7 +383,8 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
|
|||||||
switch (module)
|
switch (module)
|
||||||
{
|
{
|
||||||
case GNUPG_MODULE_NAME_GPG:
|
case GNUPG_MODULE_NAME_GPG:
|
||||||
return mode == GCRY_CIPHER_MODE_CFB;
|
return (mode == GCRY_CIPHER_MODE_CFB
|
||||||
|
|| (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB));
|
||||||
case GNUPG_MODULE_NAME_GPGSM:
|
case GNUPG_MODULE_NAME_GPGSM:
|
||||||
return mode == GCRY_CIPHER_MODE_CBC;
|
return mode == GCRY_CIPHER_MODE_CBC;
|
||||||
}
|
}
|
||||||
@ -424,7 +428,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
|
|||||||
{
|
{
|
||||||
case GNUPG_MODULE_NAME_GPG:
|
case GNUPG_MODULE_NAME_GPG:
|
||||||
return (mode == GCRY_CIPHER_MODE_NONE
|
return (mode == GCRY_CIPHER_MODE_NONE
|
||||||
|| mode == GCRY_CIPHER_MODE_CFB);
|
|| mode == GCRY_CIPHER_MODE_CFB
|
||||||
|
|| (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB));
|
||||||
case GNUPG_MODULE_NAME_GPGSM:
|
case GNUPG_MODULE_NAME_GPGSM:
|
||||||
return (mode == GCRY_CIPHER_MODE_NONE
|
return (mode == GCRY_CIPHER_MODE_NONE
|
||||||
|| mode == GCRY_CIPHER_MODE_CBC
|
|| mode == GCRY_CIPHER_MODE_CBC
|
||||||
@ -441,7 +446,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
|
|||||||
case CIPHER_ALGO_TWOFISH:
|
case CIPHER_ALGO_TWOFISH:
|
||||||
return (module == GNUPG_MODULE_NAME_GPG
|
return (module == GNUPG_MODULE_NAME_GPG
|
||||||
&& (mode == GCRY_CIPHER_MODE_NONE
|
&& (mode == GCRY_CIPHER_MODE_NONE
|
||||||
|| mode == GCRY_CIPHER_MODE_CFB)
|
|| mode == GCRY_CIPHER_MODE_CFB
|
||||||
|
|| (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB))
|
||||||
&& ! producer);
|
&& ! producer);
|
||||||
default:
|
default:
|
||||||
return 0;
|
return 0;
|
||||||
@ -696,7 +702,15 @@ gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
|
|||||||
|
|
||||||
/* Set additional infos for example taken from config files at startup. */
|
/* Set additional infos for example taken from config files at startup. */
|
||||||
void
|
void
|
||||||
gnupg_set_compliance_extra_info (unsigned int min_rsa)
|
gnupg_set_compliance_extra_info (enum gnupg_co_extra_infos what,
|
||||||
|
unsigned int value)
|
||||||
{
|
{
|
||||||
min_compliant_rsa_length = min_rsa;
|
switch (what)
|
||||||
|
{
|
||||||
|
case CO_EXTRA_INFO_MIN_RSA:
|
||||||
|
min_compliant_rsa_length = value;
|
||||||
|
break;
|
||||||
|
case CO_EXTRA_INFO_VSD_ALLOW_OCB:
|
||||||
|
vsd_allow_ocb = value;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -36,12 +36,14 @@
|
|||||||
|
|
||||||
void gnupg_initialize_compliance (int gnupg_module_name);
|
void gnupg_initialize_compliance (int gnupg_module_name);
|
||||||
|
|
||||||
|
|
||||||
enum gnupg_compliance_mode
|
enum gnupg_compliance_mode
|
||||||
{
|
{
|
||||||
CO_GNUPG, CO_RFC4880, CO_RFC2440,
|
CO_GNUPG, CO_RFC4880, CO_RFC2440,
|
||||||
CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
|
CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
enum pk_use_case
|
enum pk_use_case
|
||||||
{
|
{
|
||||||
PK_USE_ENCRYPTION, PK_USE_DECRYPTION,
|
PK_USE_ENCRYPTION, PK_USE_DECRYPTION,
|
||||||
@ -91,7 +93,14 @@ int gnupg_parse_compliance_option (const char *string,
|
|||||||
const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
|
const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
|
||||||
compliance);
|
compliance);
|
||||||
|
|
||||||
void gnupg_set_compliance_extra_info (unsigned int min_rsa);
|
enum gnupg_co_extra_infos
|
||||||
|
{
|
||||||
|
CO_EXTRA_INFO_MIN_RSA,
|
||||||
|
CO_EXTRA_INFO_VSD_ALLOW_OCB
|
||||||
|
};
|
||||||
|
|
||||||
|
void gnupg_set_compliance_extra_info (enum gnupg_co_extra_infos what,
|
||||||
|
unsigned int value);
|
||||||
|
|
||||||
|
|
||||||
#endif /*GNUPG_COMMON_COMPLIANCE_H*/
|
#endif /*GNUPG_COMMON_COMPLIANCE_H*/
|
||||||
|
|||||||
@ -993,6 +993,7 @@ static struct debug_flags_s debug_flags [] =
|
|||||||
/* The list of compatibility flags. */
|
/* The list of compatibility flags. */
|
||||||
static struct compatibility_flags_s compatibility_flags [] =
|
static struct compatibility_flags_s compatibility_flags [] =
|
||||||
{
|
{
|
||||||
|
{ COMPAT_VSD_ALLOW_OCB, "vsd-allow-ocb" },
|
||||||
{ 0, NULL }
|
{ 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -3796,7 +3797,9 @@ main (int argc, char **argv)
|
|||||||
set_debug (debug_level);
|
set_debug (debug_level);
|
||||||
if (opt.verbose) /* Print the compatibility flags. */
|
if (opt.verbose) /* Print the compatibility flags. */
|
||||||
parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
|
parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
|
||||||
gnupg_set_compliance_extra_info (opt.min_rsa_length);
|
gnupg_set_compliance_extra_info (CO_EXTRA_INFO_MIN_RSA, opt.min_rsa_length);
|
||||||
|
if ((opt.compat_flags & COMPAT_VSD_ALLOW_OCB))
|
||||||
|
gnupg_set_compliance_extra_info (CO_EXTRA_INFO_VSD_ALLOW_OCB, 1);
|
||||||
if (DBG_CLOCK)
|
if (DBG_CLOCK)
|
||||||
log_clock ("start");
|
log_clock ("start");
|
||||||
|
|
||||||
|
|||||||
@ -351,7 +351,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
|
|||||||
EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
||||||
|
|
||||||
/* Compatibility flags */
|
/* Compatibility flags */
|
||||||
/* #define COMPAT_FOO 1 */
|
#define COMPAT_VSD_ALLOW_OCB 1
|
||||||
|
|
||||||
|
|
||||||
/* Compliance test macors. */
|
/* Compliance test macors. */
|
||||||
|
|||||||
@ -1531,7 +1531,7 @@ main ( int argc, char **argv)
|
|||||||
set_debug ();
|
set_debug ();
|
||||||
if (opt.verbose) /* Print the compatibility flags. */
|
if (opt.verbose) /* Print the compatibility flags. */
|
||||||
parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
|
parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags);
|
||||||
gnupg_set_compliance_extra_info (opt.min_rsa_length);
|
gnupg_set_compliance_extra_info (CO_EXTRA_INFO_MIN_RSA, opt.min_rsa_length);
|
||||||
|
|
||||||
/* Although we always use gpgsm_exit, we better install a regualr
|
/* Although we always use gpgsm_exit, we better install a regualr
|
||||||
exit handler so that at least the secure memory gets wiped
|
exit handler so that at least the secure memory gets wiped
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user