[git] GnuPG - branch, master, updated. gnupg-2.1.19-105-gd243752

by Werner Koch cvs at cvs.gnupg.org
Sun Apr 2 20:09:15 CEST 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d24375271b97e45deaeb1ef0a8434c64066ba2e8 (commit)
      from  0039d7107bcdfce6f3b02b46ff0495cfba07882a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d24375271b97e45deaeb1ef0a8434c64066ba2e8
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Apr 2 20:02:55 2017 +0200

    agent: Use OCB for key protection with --enable-extended-key-format.
    
    * agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
    (agent_protect): Make the default protection mode depend on the extend
    key format option.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/agent/protect.c b/agent/protect.c
index 09aa503..a9de732 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -42,11 +42,6 @@
 #include "../common/sexp-parse.h"
 
 
-/* To use the openpgp-s2k3-ocb-aes scheme by default set the value of
- * this macro to 1.  Note that the caller of agent_protect may
- * override this default.  */
-#define PROT_DEFAULT_TO_OCB 0
-
 /* The protection mode for encryption.  The supported modes for
    decryption are listed in agent_unprotect().  */
 #define PROT_CIPHER        GCRY_CIPHER_AES128
@@ -580,7 +575,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
   int have_curve = 0;
 
   if (use_ocb == -1)
-    use_ocb = PROT_DEFAULT_TO_OCB;
+    use_ocb = opt.enable_extended_key_format;
 
   /* Create an S-expression with the protected-at timestamp.  */
   memcpy (timestamp_exp, "(12:protected-at15:", 19);
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index ca9d469..6aab646 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -579,7 +579,8 @@ the passphrase of a key will also convert the key to that new format.
 Using this option makes the private keys unreadable for gpg-agent
 versions before 2.1.12.  The advantage of the extended private key
 format is that it is text based and can carry additional meta data.
-
+Note that this option also changes the key protection format to use
+OCB mode.
 
 @anchor{option --enable-ssh-support}
 @item --enable-ssh-support

-----------------------------------------------------------------------

Summary of changes:
 agent/protect.c    | 7 +------
 doc/gpg-agent.texi | 3 ++-
 2 files changed, 3 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list