Updated ZH po file.

Allow de/encryption using legacy type 20 keys. Updated config.{sub,guess}
2025-07-03 22:56:33 +02:00 · 2007-12-12 18:26:25 +00:00 · 2007-12-12 18:26:25 +00:00 · 81685cc799
commit 81685cc799
parent 2e7eadbc1e
12 changed files with 1839 additions and 1512 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,10 @@
+2007-12-12  Werner Koch  <wk@g10code.com>
+
+	* misc.c (print_pubkey_algo_note): Print a warning for type 20 keys.
+	(openpgp_pk_test_algo, openpgp_pk_algo_usage): Allow type 20 fro
+	encryption only with option --rfc2440.
+	* mainproc.c (proc_pubkey_enc): Ditto.
+
 2007-12-12  David Shaw  <dshaw@jabberwocky.com>

 	* trustdb.c (sanitize_regexp): New.  Protect against dangerous
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -2137,8 +2137,11 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
    subpk->has_expired = key_expire >= curtime? 0 : key_expire;
    subpk->expiredate = key_expire;

-    /* algo doesn't exist */
-    if(check_pubkey_algo(subpk->pubkey_algo))
+    /* Check that algo exists.  Elgamal sign+encrypt are only allowed
+       with option --rfc2440. */
+    if (RFC2440 && subpk->pubkey_algo == PUBKEY_ALGO_ELGAMAL)
+      ;
+    else if(check_pubkey_algo(subpk->pubkey_algo))
      return;

    subpk->is_valid = 1;
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -404,7 +404,7 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
    else if( is_ELGAMAL(enc->pubkey_algo)
             || enc->pubkey_algo == PUBKEY_ALGO_DSA
             || is_RSA(enc->pubkey_algo)  
-             || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
+             || (RFC2440 && enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)) {
      /* Note that we also allow type 20 Elgamal keys for decryption.
         There are still a couple of those keys in active use as a
         subkey.  */
--- a/g10/misc.c
+++ b/g10/misc.c
@ -315,6 +315,10 @@ print_pubkey_algo_note( int algo )
 		   pubkey_algo_to_string(algo));
 	}
    }
+  else if (algo == 20)
+    {
+      log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n"));
+    }
 }

 void
@ -392,6 +396,9 @@ openpgp_cipher_test_algo( int algo )
 int
 openpgp_pk_test_algo( int algo, unsigned int usage_flags )
 {
+    /* Dont't allow type 20 keys unless in rfc2440 mode.  */
+    if (!RFC2440 && algo == 20)
+        return G10ERR_PUBKEY_ALGO;
    if( algo < 0 || algo > 110 )
 	return G10ERR_PUBKEY_ALGO;
    return check_pubkey_algo2( algo, usage_flags );
@ -414,6 +421,12 @@ openpgp_pk_algo_usage ( int algo )
          use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
          break;
      case PUBKEY_ALGO_ELGAMAL:
+          /* Allow encryption with type 20 keys if RFC-2440 compliance
+             has been selected.  Signing is broken thus we won't allow
+             this.  */  
+          if (RFC2440)
+            use = PUBKEY_USAGE_ENC;
+          break;
      case PUBKEY_ALGO_ELGAMAL_E:
          use = PUBKEY_USAGE_ENC;
          break;