mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-09 23:39:51 +02:00
Add tweaks for the not anymore patented IDEA algorithm.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2 compatibility mode. * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers. * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this status anymore. -- To keep the number of actually used algorithms low, we want to support IDEA only in a basically read-only way (unless --pgp2 is used during key generation). It does not make sense to suggest the use of this old 64 bit blocksize algorithm. However, there is old data available where it might be helpful to have IDEA available.
This commit is contained in:
Werner Koch
parent
14cfd45d38
commit
b4d9f8dbc8
|
|
@ -32,8 +32,6 @@ enum
|
||||||
|
|
||||||
STATUS_BADARMOR,
|
STATUS_BADARMOR,
|
||||||
|
|
||||||
STATUS_RSA_OR_IDEA,
|
|
||||||
|
|
||||||
STATUS_TRUST_UNDEFINED,
|
STATUS_TRUST_UNDEFINED,
|
||||||
STATUS_TRUST_NEVER,
|
STATUS_TRUST_NEVER,
|
||||||
STATUS_TRUST_MARGINAL,
|
STATUS_TRUST_MARGINAL,
|
||||||
|
|
|
||||||
|
|
@ -381,11 +381,9 @@ more arguments in future versions.
|
||||||
The ASCII armor is corrupted. No arguments yet.
|
The ASCII armor is corrupted. No arguments yet.
|
||||||
|
|
||||||
RSA_OR_IDEA
|
RSA_OR_IDEA
|
||||||
The IDEA algorithms has been used in the data. A
|
Obsolete. This status message used to be emitted for requests
|
||||||
program might want to fallback to another program to handle
|
to use the IDEA or RSA algorithms. It has been dropped from
|
||||||
the data if GnuPG failed. This status message used to be emitted
|
GnuPG 2.1 after the respective patents expired.
|
||||||
also for RSA but this has been dropped after the RSA patent expired.
|
|
||||||
However we can't change the name of the message.
|
|
||||||
|
|
||||||
SHM_INFO
|
SHM_INFO
|
||||||
SHM_GET
|
SHM_GET
|
||||||
|
|
|
||||||
|
|
@ -3149,7 +3149,6 @@ main (int argc, char **argv)
|
||||||
{
|
{
|
||||||
log_info(_("encrypting a message in --pgp2 mode requires "
|
log_info(_("encrypting a message in --pgp2 mode requires "
|
||||||
"the IDEA cipher\n"));
|
"the IDEA cipher\n"));
|
||||||
idea_cipher_warn(1);
|
|
||||||
unusable=1;
|
unusable=1;
|
||||||
}
|
}
|
||||||
else if(cmd==aSym)
|
else if(cmd==aSym)
|
||||||
|
|
@ -3208,10 +3207,6 @@ main (int argc, char **argv)
|
||||||
|
|
||||||
if( def_cipher_string ) {
|
if( def_cipher_string ) {
|
||||||
opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
|
opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
|
||||||
if(opt.def_cipher_algo==0 &&
|
|
||||||
(ascii_strcasecmp(def_cipher_string,"idea")==0
|
|
||||||
|| ascii_strcasecmp(def_cipher_string,"s1")==0))
|
|
||||||
idea_cipher_warn(1);
|
|
||||||
xfree(def_cipher_string); def_cipher_string = NULL;
|
xfree(def_cipher_string); def_cipher_string = NULL;
|
||||||
if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
|
if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
|
||||||
log_error(_("selected cipher algorithm is invalid\n"));
|
log_error(_("selected cipher algorithm is invalid\n"));
|
||||||
|
|
|
||||||
|
|
@ -1434,12 +1434,6 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
|
||||||
log_error (_("key %s: error sending to agent: %s\n"),
|
log_error (_("key %s: error sending to agent: %s\n"),
|
||||||
keystr_from_pk_with_sub (main_pk, pk),
|
keystr_from_pk_with_sub (main_pk, pk),
|
||||||
gpg_strerror (err));
|
gpg_strerror (err));
|
||||||
if (ski->algo == GCRY_CIPHER_IDEA
|
|
||||||
&& gpg_err_code (err) == GPG_ERR_CIPHER_ALGO)
|
|
||||||
{
|
|
||||||
write_status (STATUS_RSA_OR_IDEA);
|
|
||||||
idea_cipher_warn (0);
|
|
||||||
}
|
|
||||||
if (gpg_err_code (err) == GPG_ERR_CANCELED
|
if (gpg_err_code (err) == GPG_ERR_CANCELED
|
||||||
|| gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
|
|| gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
|
||||||
break; /* Don't try the other subkeys. */
|
break; /* Don't try the other subkeys. */
|
||||||
|
|
|
||||||
|
|
@ -349,7 +349,7 @@ keygen_set_std_prefs (const char *string,int personal)
|
||||||
break PGP2, but that is difficult with the current
|
break PGP2, but that is difficult with the current
|
||||||
code, and not really worth checking as a non-RSA <=2048
|
code, and not really worth checking as a non-RSA <=2048
|
||||||
bit key wouldn't be usable by PGP2 anyway. -dms */
|
bit key wouldn't be usable by PGP2 anyway. -dms */
|
||||||
if ( !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
|
if (PGP2 && !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
|
||||||
strcat(dummy_string,"S1 ");
|
strcat(dummy_string,"S1 ");
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -442,12 +442,6 @@ keygen_set_std_prefs (const char *string,int personal)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
log_info (_("invalid item `%s' in preference string\n"),tok);
|
log_info (_("invalid item `%s' in preference string\n"),tok);
|
||||||
|
|
||||||
/* Complain if IDEA is not available. */
|
|
||||||
if(ascii_strcasecmp(tok,"s1")==0
|
|
||||||
|| ascii_strcasecmp(tok,"idea")==0)
|
|
||||||
idea_cipher_warn(1);
|
|
||||||
|
|
||||||
rc=-1;
|
rc=-1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -105,12 +105,6 @@ int openpgp_md_test_algo( int algo );
|
||||||
const char *openpgp_pk_algo_name (int algo);
|
const char *openpgp_pk_algo_name (int algo);
|
||||||
const char *openpgp_md_algo_name (int algo);
|
const char *openpgp_md_algo_name (int algo);
|
||||||
|
|
||||||
#ifdef USE_IDEA
|
|
||||||
void idea_cipher_warn( int show );
|
|
||||||
#else
|
|
||||||
#define idea_cipher_warn(a) do { } while (0)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
struct expando_args
|
struct expando_args
|
||||||
{
|
{
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
|
|
|
||||||
|
|
@ -250,12 +250,6 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
|
||||||
if(dek->keylen > DIM(dek->key))
|
if(dek->keylen > DIM(dek->key))
|
||||||
BUG ();
|
BUG ();
|
||||||
|
|
||||||
/* This is not completely accurate, since a bad passphrase may have
|
|
||||||
resulted in a garbage algorithm byte, but it's close enough since
|
|
||||||
a bogus byte here will fail later. */
|
|
||||||
if(dek->algo==CIPHER_ALGO_IDEA)
|
|
||||||
idea_cipher_warn(0);
|
|
||||||
|
|
||||||
memcpy(dek->key, seskey + 1, dek->keylen);
|
memcpy(dek->key, seskey + 1, dek->keylen);
|
||||||
|
|
||||||
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
|
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
|
||||||
|
|
@ -541,7 +535,6 @@ proc_encrypted( CTX c, PACKET *pkt )
|
||||||
algo = opt.def_cipher_algo;
|
algo = opt.def_cipher_algo;
|
||||||
if (!algo)
|
if (!algo)
|
||||||
algo = opt.s2k_cipher_algo;
|
algo = opt.s2k_cipher_algo;
|
||||||
idea_cipher_warn(1);
|
|
||||||
log_info (_("IDEA cipher unavailable, "
|
log_info (_("IDEA cipher unavailable, "
|
||||||
"optimistically attempting to use %s instead\n"),
|
"optimistically attempting to use %s instead\n"),
|
||||||
openpgp_cipher_algo_name (algo));
|
openpgp_cipher_algo_name (algo));
|
||||||
|
|
|
||||||
18
g10/misc.c
18
g10/misc.c
|
|
@ -546,24 +546,6 @@ openpgp_md_algo_name (int algo)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef USE_IDEA
|
|
||||||
/* Special warning for the IDEA cipher */
|
|
||||||
void
|
|
||||||
idea_cipher_warn(int show)
|
|
||||||
{
|
|
||||||
static int warned=0;
|
|
||||||
|
|
||||||
if(!warned || show)
|
|
||||||
{
|
|
||||||
log_info(_("the IDEA cipher plugin is not present\n"));
|
|
||||||
log_info(_("please see %s for more information\n"),
|
|
||||||
"http://www.gnupg.org/faq/why-not-idea.html");
|
|
||||||
warned=1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
|
|
||||||
static unsigned long
|
static unsigned long
|
||||||
get_signature_count (PKT_public_key *pk)
|
get_signature_count (PKT_public_key *pk)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -292,8 +292,6 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
|
||||||
|
|
||||||
dek->keylen = nframe - (n + 1) - 2;
|
dek->keylen = nframe - (n + 1) - 2;
|
||||||
dek->algo = frame[n++];
|
dek->algo = frame[n++];
|
||||||
if (dek->algo == CIPHER_ALGO_IDEA)
|
|
||||||
write_status (STATUS_RSA_OR_IDEA);
|
|
||||||
err = openpgp_cipher_test_algo (dek->algo);
|
err = openpgp_cipher_test_algo (dek->algo);
|
||||||
if (err)
|
if (err)
|
||||||
{
|
{
|
||||||
|
|
@ -302,8 +300,6 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
|
||||||
log_info (_("cipher algorithm %d%s is unknown or disabled\n"),
|
log_info (_("cipher algorithm %d%s is unknown or disabled\n"),
|
||||||
dek->algo,
|
dek->algo,
|
||||||
dek->algo == CIPHER_ALGO_IDEA ? " (IDEA)" : "");
|
dek->algo == CIPHER_ALGO_IDEA ? " (IDEA)" : "");
|
||||||
if (dek->algo == CIPHER_ALGO_IDEA)
|
|
||||||
idea_cipher_warn (0);
|
|
||||||
}
|
}
|
||||||
dek->algo = 0;
|
dek->algo = 0;
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
|
||||||
|
|
@ -62,11 +62,6 @@ xxxx_do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
|
||||||
if( openpgp_cipher_test_algo( sk->protect.algo ) ) {
|
if( openpgp_cipher_test_algo( sk->protect.algo ) ) {
|
||||||
log_info(_("protection algorithm %d%s is not supported\n"),
|
log_info(_("protection algorithm %d%s is not supported\n"),
|
||||||
sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
|
sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
|
||||||
if (sk->protect.algo==CIPHER_ALGO_IDEA)
|
|
||||||
{
|
|
||||||
write_status (STATUS_RSA_OR_IDEA);
|
|
||||||
idea_cipher_warn (0);
|
|
||||||
}
|
|
||||||
return G10ERR_CIPHER_ALGO;
|
return G10ERR_CIPHER_ALGO;
|
||||||
}
|
}
|
||||||
if(gcry_md_test_algo (sk->protect.s2k.hash_algo))
|
if(gcry_md_test_algo (sk->protect.s2k.hash_algo))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user