security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-05-14 08:13:25 +02:00
Code Activity

gpg: Fully implement the group key flag.

Browse Source 
* g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit.
(merge_selfsigs_subkey): Ditto/
* g10/keygen.c (ask_key_flags_with_mask): Ditto.
(proc_parameter_file): Ditto.
--

Updates-commit: 0988e49c45d0fb73d0b536aa027bd114f9dc65a7
This commit is contained in:
Werner Koch 2025-05-12 11:54:50 +02:00
parent b5a763fff1
commit edd01d8fc4
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/getkey.c
View File

@ -3183,7 +3183,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
/* Check that the usage matches the usage as given by the algo. */ /* Check that the usage matches the usage as given by the algo. */
int x = openpgp_pk_algo_usage (pk->pubkey_algo); int x = openpgp_pk_algo_usage (pk->pubkey_algo);
if (x) /* Mask it down to the actual allowed usage. */ if (x) /* Mask it down to the actual allowed usage. */
key_usage &= x; key_usage &= (x | PUBKEY_USAGE_GROUP);
} }
/* Whatever happens, it's a primary key, so it can certify. */ /* Whatever happens, it's a primary key, so it can certify. */
@ -3458,7 +3458,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
/* Check that the usage matches the usage as given by the algo. */ /* Check that the usage matches the usage as given by the algo. */
int x = openpgp_pk_algo_usage (subpk->pubkey_algo); int x = openpgp_pk_algo_usage (subpk->pubkey_algo);
if (x) /* Mask it down to the actual allowed usage. */ if (x) /* Mask it down to the actual allowed usage. */
key_usage &= x; key_usage &= (x | PUBKEY_USAGE_GROUP);
} }
subpk->pubkey_usage = key_usage; subpk->pubkey_usage = key_usage;

7
g10/keygen.c
View File

@ -2131,6 +2131,7 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current,
* below for a workaround. */ * below for a workaround. */
possible = (openpgp_pk_algo_usage (algo) & mask); possible = (openpgp_pk_algo_usage (algo) & mask);
possible &= ~PUBKEY_USAGE_RENC; possible &= ~PUBKEY_USAGE_RENC;
possible &= ~PUBKEY_USAGE_GROUP;
if (algo == PUBKEY_ALGO_ECDH) if (algo == PUBKEY_ALGO_ECDH)
possible |= (current & (PUBKEY_USAGE_ENC possible |= (current & (PUBKEY_USAGE_ENC
|PUBKEY_USAGE_CERT |PUBKEY_USAGE_CERT
@ -4480,7 +4481,8 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
else else
{ {
r = get_parameter (para, pKEYUSAGE); r = get_parameter (para, pKEYUSAGE);
if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) if (r && (r->u.usage
& ~(openpgp_pk_algo_usage (algo) | PUBKEY_USAGE_GROUP)))
{ {
log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n", log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
fname, r->lnr, algo); fname, r->lnr, algo);
@ -4517,7 +4519,8 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
else else
{ {
r = get_parameter (para, pSUBKEYUSAGE); r = get_parameter (para, pSUBKEYUSAGE);
if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) if (r && (r->u.usage
& ~(openpgp_pk_algo_usage (algo)|PUBKEY_USAGE_GROUP)))
{ {
log_error ("%s:%d: specified Subkey-Usage not allowed" log_error ("%s:%d: specified Subkey-Usage not allowed"
" for algo %d\n", fname, r->lnr, algo); " for algo %d\n", fname, r->lnr, algo);