security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpg: --compliance=gnupg restores default for policy-affected options

Browse Source 
* g10/gpg.c (set_compliance_option): oGnuPG restores default
policy-affected options, moved from...
(main): ...here.  Invoke set_compliance_option(oGnuPG) directly
instead of just setting opt.compliance.

--

Some of these default option values (flags.dsa2, rfc2440_text,
allow_non_selfsigned_uid, allow_freeform_uid) had to be inferrerd from
the fact that the opt struct is static and therefore initialized to
zero by the compiler.

With this change, --compliance=gnupg now completely reverts to the
defaults that were changed from other --compliance= options.

GnuPG-bug-id: T7501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
Daniel Kahn Gillmor via Gnupg-devel 2025-01-31 12:37:17 -05:00 committed by Werner Koch
parent 54a8770aeb
commit 0bdf585993
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
g10/gpg.c
View File

@ -2320,7 +2320,22 @@ set_compliance_option (enum cmd_and_opt_values option)
case oPGP7: opt.compliance = CO_PGP7; break;
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG:
/* set up default options affected by policy compliance: */
opt.compliance = CO_GNUPG;
opt.flags.dsa2 = 0;
opt.flags.require_cross_cert = 1;
opt.rfc2440_text = 0;
opt.allow_non_selfsigned_uid = 0;
opt.allow_freeform_uid = 0;
opt.escape_from = 1;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
opt.cert_digest_algo = 0;
opt.compress_algo = -1;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = 0;
opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
break;
case oDE_VS:
@ -2476,19 +2491,10 @@ main (int argc, char **argv)
opt.command_fd = -1; /* no command fd */
opt.compress_level = -1; /* defaults to standard compress level */
opt.bz2_compress_level = -1; /* defaults to standard compress level */
/* note: if you change these lines, look at oOpenPGP */
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
opt.cert_digest_algo = 0;
opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_count = 0; /* Auto-calibrate when needed. */
opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.max_cert_depth = 5;
opt.escape_from = 1;
opt.flags.require_cross_cert = 1;
opt.import_options = (IMPORT_REPAIR_KEYS
| IMPORT_COLLAPSE_UIDS
| IMPORT_COLLAPSE_SUBKEYS);
@ -2524,7 +2530,7 @@ main (int argc, char **argv)
opt.emit_version = 0;
opt.weak_digests = NULL;
opt.with_subkey_fingerprint = 1;
opt.compliance = CO_GNUPG;
set_compliance_option (oGnuPG);
/* Check special options given on the command line. */
orig_argc = argc;