[git] GnuPG - branch, master, updated. gnupg-2.1.21-38-ge051e39
by Justus Winter
cvs at cvs.gnupg.org
Wed Jun 7 16:55:28 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via e051e396156211449568afa0ca7505dc13eaa3b4 (commit)
via 21fc2508c979a8202dd8ca7fa7b801e0d62a5ceb (commit)
via f440cf73eab0b0e75e3cb2e8c9e70a77f20ef1dc (commit)
via 842d233d408457cfa9a8473a6748472956f44e84 (commit)
via 027ce4ba37be1d052bca2f6109fe810ef57f4038 (commit)
from 13dc75a4e7cc2959003c08940fc53c6ece7b77e4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e051e396156211449568afa0ca7505dc13eaa3b4
Author: Justus Winter <justus at g10code.com>
Date: Wed Jun 7 16:09:07 2017 +0200
common: Add cipher mode to compliance predicate.
* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/common/compliance.c b/common/compliance.c
index c2daa65..bcf621a 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -193,9 +193,11 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
}
-/* Return true if CIPHER is compliant to the given COMPLIANCE mode. */
+/* Return true if (CIPHER, MODE) is compliant to the given COMPLIANCE mode. */
int
-gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t cipher)
+gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
+ cipher_algo_t cipher,
+ enum gcry_cipher_modes mode)
{
log_assert (initialized);
@@ -208,7 +210,15 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t
case CIPHER_ALGO_AES192:
case CIPHER_ALGO_AES256:
case CIPHER_ALGO_3DES:
- return 1;
+ switch (module)
+ {
+ case GNUPG_MODULE_NAME_GPG:
+ return mode == GCRY_CIPHER_MODE_CFB;
+ case GNUPG_MODULE_NAME_GPGSM:
+ return mode == GCRY_CIPHER_MODE_CBC;
+ }
+ log_assert (!"reached");
+
default:
return 0;
}
diff --git a/common/compliance.h b/common/compliance.h
index 7235b00..e57495d 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -45,7 +45,8 @@ int gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
gcry_mpi_t key[], unsigned int keylength,
const char *curvename);
int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
- cipher_algo_t cipher);
+ cipher_algo_t cipher,
+ enum gcry_cipher_modes mode);
int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
digest_algo_t digest);
const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 21ea6ca..26cd0a9 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -607,7 +607,7 @@ proc_encrypted (CTX c, PACKET *pkt)
/* Overriding session key voids compliance. */
&& opt.override_session_key == NULL
/* Check symmetric cipher. */
- && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo))
+ && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo, GCRY_CIPHER_MODE_CFB))
{
struct kidlist_item *i;
int compliant = 1;
diff --git a/sm/decrypt.c b/sm/decrypt.c
index aa621dd..a36f690 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -359,8 +359,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
}
/* For CMS, CO_DE_VS demands CBC mode. */
- is_de_vs = (mode == GCRY_CIPHER_MODE_CBC
- && gnupg_cipher_is_compliant (CO_DE_VS, algo));
+ is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);
audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo);
dfparm.algo = algo;
commit 21fc2508c979a8202dd8ca7fa7b801e0d62a5ceb
Author: Justus Winter <justus at g10code.com>
Date: Wed Jun 7 15:38:50 2017 +0200
common,gpg,sm: Initialize compliance module.
* common/compliance.c (gnupg_initialize_compliance): New function.
* common/compliance.h (gnupg_initialize_compliance): New prototype.
* g10/gpg.c (main): Use the new function.
* sm/gpgsm.c (main): Likewise.
GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/common/compliance.c b/common/compliance.c
index 0acaf21..c2daa65 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -36,6 +36,57 @@
#include "i18n.h"
#include "compliance.h"
+static int initialized;
+static int module;
+
+/* Initializes the module. Must be called with the current
+ * GNUPG_MODULE_NAME. Checks a few invariants, and tunes the policies
+ * for the given module. */
+void
+gnupg_initialize_compliance (int gnupg_module_name)
+{
+ log_assert (! initialized);
+
+ /* We accept both OpenPGP-style and gcrypt-style algorithm ids.
+ * Assert that they are compatible. */
+ log_assert ((int) GCRY_PK_RSA == (int) PUBKEY_ALGO_RSA);
+ log_assert ((int) GCRY_PK_RSA_E == (int) PUBKEY_ALGO_RSA_E);
+ log_assert ((int) GCRY_PK_RSA_S == (int) PUBKEY_ALGO_RSA_S);
+ log_assert ((int) GCRY_PK_ELG_E == (int) PUBKEY_ALGO_ELGAMAL_E);
+ log_assert ((int) GCRY_PK_DSA == (int) PUBKEY_ALGO_DSA);
+ log_assert ((int) GCRY_PK_ECC == (int) PUBKEY_ALGO_ECDH);
+ log_assert ((int) GCRY_PK_ELG == (int) PUBKEY_ALGO_ELGAMAL);
+ log_assert ((int) GCRY_CIPHER_NONE == (int) CIPHER_ALGO_NONE);
+ log_assert ((int) GCRY_CIPHER_IDEA == (int) CIPHER_ALGO_IDEA);
+ log_assert ((int) GCRY_CIPHER_3DES == (int) CIPHER_ALGO_3DES);
+ log_assert ((int) GCRY_CIPHER_CAST5 == (int) CIPHER_ALGO_CAST5);
+ log_assert ((int) GCRY_CIPHER_BLOWFISH == (int) CIPHER_ALGO_BLOWFISH);
+ log_assert ((int) GCRY_CIPHER_AES == (int) CIPHER_ALGO_AES);
+ log_assert ((int) GCRY_CIPHER_AES192 == (int) CIPHER_ALGO_AES192);
+ log_assert ((int) GCRY_CIPHER_AES256 == (int) CIPHER_ALGO_AES256);
+ log_assert ((int) GCRY_CIPHER_TWOFISH == (int) CIPHER_ALGO_TWOFISH);
+ log_assert ((int) GCRY_MD_MD5 == (int) DIGEST_ALGO_MD5);
+ log_assert ((int) GCRY_MD_SHA1 == (int) DIGEST_ALGO_SHA1);
+ log_assert ((int) GCRY_MD_RMD160 == (int) DIGEST_ALGO_RMD160);
+ log_assert ((int) GCRY_MD_SHA256 == (int) DIGEST_ALGO_SHA256);
+ log_assert ((int) GCRY_MD_SHA384 == (int) DIGEST_ALGO_SHA384);
+ log_assert ((int) GCRY_MD_SHA512 == (int) DIGEST_ALGO_SHA512);
+ log_assert ((int) GCRY_MD_SHA224 == (int) DIGEST_ALGO_SHA224);
+
+ switch (gnupg_module_name)
+ {
+ case GNUPG_MODULE_NAME_GPGSM:
+ case GNUPG_MODULE_NAME_GPG:
+ break;
+
+ default:
+ log_assert (!"no policies for this module");
+ }
+
+ module = gnupg_module_name;
+ initialized = 1;
+}
+
/* Return true if ALGO with a key of KEYLENGTH is compliant to the
* given COMPLIANCE mode. If KEY is not NULL, various bits of
* information will be extracted from it. If CURVENAME is not NULL, it
@@ -49,6 +100,8 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
enum { is_rsa, is_dsa, is_pgp5, is_elg_sign, is_ecc } algotype;
int result = 0;
+ log_assert (initialized);
+
switch (algo)
{
case PUBKEY_ALGO_RSA:
@@ -144,6 +197,8 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
int
gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t cipher)
{
+ log_assert (initialized);
+
switch (compliance)
{
case CO_DE_VS:
@@ -171,6 +226,8 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t
int
gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance, digest_algo_t digest)
{
+ log_assert (initialized);
+
switch (compliance)
{
case CO_DE_VS:
@@ -196,6 +253,8 @@ gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance, digest_algo_t
const char *
gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance)
{
+ log_assert (initialized);
+
switch (compliance)
{
case CO_GNUPG:
@@ -226,6 +285,8 @@ gnupg_parse_compliance_option (const char *string,
{
size_t i;
+ log_assert (initialized);
+
if (! ascii_strcasecmp (string, "help"))
{
log_info (_ ("valid values for option '%s':\n"), "--compliance");
@@ -249,6 +310,8 @@ gnupg_parse_compliance_option (const char *string,
const char *
gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
{
+ log_assert (initialized);
+
switch (compliance)
{
case CO_GNUPG: return "--compliance=gnupg";
diff --git a/common/compliance.h b/common/compliance.h
index 9cbcced..7235b00 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -33,6 +33,8 @@
#include <gcrypt.h>
#include "openpgpdefs.h"
+void gnupg_initialize_compliance (int gnupg_module_name);
+
enum gnupg_compliance_mode
{
CO_GNUPG, CO_RFC4880, CO_RFC2440,
diff --git a/g10/gpg.c b/g10/gpg.c
index fbda424..f01c82d 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2327,6 +2327,9 @@ main (int argc, char **argv)
dotlock_create (NULL, 0); /* Register lock file cleanup. */
+ /* Tell the compliance module who we are. */
+ gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPG);
+
opt.autostart = 1;
opt.session_env = session_env_new ();
if (!opt.session_env)
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 4b80778..f749cfd 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -947,6 +947,9 @@ main ( int argc, char **argv)
dotlock_create (NULL, 0); /* Register lockfile cleanup. */
+ /* Tell the compliance module who we are. */
+ gnupg_initialize_compliance (GNUPG_MODULE_NAME_GPGSM);
+
opt.autostart = 1;
opt.session_env = session_env_new ();
if (!opt.session_env)
commit f440cf73eab0b0e75e3cb2e8c9e70a77f20ef1dc
Author: Justus Winter <justus at g10code.com>
Date: Wed Jun 7 12:33:36 2017 +0200
common,gpg: Move the compliance option printer.
* common/compliance.c (gnupg_compliance_option_string): New function.
* common/compliance.h (gnupg_compliance_option_string): New prototype.
* g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
* g10/gpg.c (main): Likewise.
* g10/keyedit.c (keyedit_menu): Likewise.
* g10/pkclist.c (build_pk_list): Likewise.
* g10/main.h (compliance_option_string): Remove prototype.
* g10/misc.c (compliance_option_string): Remove function.
GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/common/compliance.c b/common/compliance.c
index d81a503..0acaf21 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -243,3 +243,22 @@ gnupg_parse_compliance_option (const char *string,
log_info (_ ("(use \"help\" to list choices)\n"));
return -1;
}
+
+
+/* Return the command line option for the given COMPLIANCE mode. */
+const char *
+gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
+{
+ switch (compliance)
+ {
+ case CO_GNUPG: return "--compliance=gnupg";
+ case CO_RFC4880: return "--compliance=openpgp";
+ case CO_RFC2440: return "--compliance=rfc2440";
+ case CO_PGP6: return "--compliance=pgp6";
+ case CO_PGP7: return "--compliance=pgp7";
+ case CO_PGP8: return "--compliance=pgp8";
+ case CO_DE_VS: return "--compliance=de-vs";
+ }
+
+ log_assert (!"invalid compliance mode");
+}
diff --git a/common/compliance.h b/common/compliance.h
index 198447c..9cbcced 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -58,5 +58,7 @@ int gnupg_parse_compliance_option (const char *string,
struct gnupg_compliance_option options[],
size_t length,
int quiet);
+const char *gnupg_compliance_option_string (enum gnupg_compliance_mode compliance);
+
#endif /*GNUPG_COMMON_COMPLIANCE_H*/
diff --git a/g10/encrypt.c b/g10/encrypt.c
index 57ac8ad..66f49f4 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -932,7 +932,7 @@ write_pubkey_enc_from_list (ctrl_t ctrl, PK_LIST pk_list, DEK *dek, iobuf_t out)
if (opt.throw_keyids && (PGP6 || PGP7 || PGP8))
{
log_info(_("you may not use %s while in %s mode\n"),
- "--throw-keyids",compliance_option_string());
+ "--throw-keyids", gnupg_compliance_option_string (opt.compliance));
compliance_failure();
}
diff --git a/g10/gpg.c b/g10/gpg.c
index 686fcd7..fbda424 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3843,17 +3843,17 @@ main (int argc, char **argv)
case PREFTYPE_SYM:
log_info(_("you may not use cipher algorithm '%s'"
" while in %s mode\n"),
- badalg,compliance_option_string());
+ badalg, gnupg_compliance_option_string (opt.compliance));
break;
case PREFTYPE_HASH:
log_info(_("you may not use digest algorithm '%s'"
" while in %s mode\n"),
- badalg,compliance_option_string());
+ badalg, gnupg_compliance_option_string (opt.compliance));
break;
case PREFTYPE_ZIP:
log_info(_("you may not use compression algorithm '%s'"
" while in %s mode\n"),
- badalg,compliance_option_string());
+ badalg, gnupg_compliance_option_string (opt.compliance));
break;
default:
BUG();
@@ -4072,7 +4072,8 @@ main (int argc, char **argv)
" with --s2k-mode 0\n"));
else if(PGP6 || PGP7)
log_error(_("you cannot use --symmetric --encrypt"
- " while in %s mode\n"),compliance_option_string());
+ " while in %s mode\n"),
+ gnupg_compliance_option_string (opt.compliance));
else
{
if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 1, NULL, -1)) )
@@ -4132,7 +4133,8 @@ main (int argc, char **argv)
" with --s2k-mode 0\n"));
else if(PGP6 || PGP7)
log_error(_("you cannot use --symmetric --sign --encrypt"
- " while in %s mode\n"),compliance_option_string());
+ " while in %s mode\n"),
+ gnupg_compliance_option_string (opt.compliance));
else
{
if( argc )
diff --git a/g10/keyedit.c b/g10/keyedit.c
index ba08d88..9f6add1 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2314,7 +2314,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (RFC2440)
{
tty_printf (_("This command is not allowed while in %s mode.\n"),
- compliance_option_string ());
+ gnupg_compliance_option_string (opt.compliance));
break;
}
photo = 1;
diff --git a/g10/main.h b/g10/main.h
index c406113..33116d2 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -155,7 +155,6 @@ int string_to_compress_algo(const char *string);
int check_compress_algo(int algo);
int default_cipher_algo(void);
int default_compress_algo(void);
-const char *compliance_option_string(void);
void compliance_failure(void);
struct parse_options
diff --git a/g10/misc.c b/g10/misc.c
index d485c94..77c8f26 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1242,24 +1242,6 @@ default_compress_algo(void)
return DEFAULT_COMPRESS_ALGO;
}
-const char *
-compliance_option_string(void)
-{
- char *ver="???";
-
- switch(opt.compliance)
- {
- case CO_GNUPG: return "--gnupg";
- case CO_RFC4880: return "--openpgp";
- case CO_RFC2440: return "--rfc2440";
- case CO_PGP6: return "--pgp6";
- case CO_PGP7: return "--pgp7";
- case CO_PGP8: return "--pgp8";
- case CO_DE_VS: return "--compliance=de-vs";
- }
-
- return ver;
-}
void
compliance_failure(void)
diff --git a/g10/pkclist.c b/g10/pkclist.c
index ab024d9..48cfe45 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1028,7 +1028,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
{
log_info(_("you may not use %s while in %s mode\n"),
"--hidden-recipient",
- compliance_option_string());
+ gnupg_compliance_option_string (opt.compliance));
compliance_failure();
}
@@ -1079,7 +1079,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
{
log_info(_("you may not use %s while in %s mode\n"),
"--hidden-encrypt-to",
- compliance_option_string());
+ gnupg_compliance_option_string (opt.compliance));
compliance_failure();
}
commit 842d233d408457cfa9a8473a6748472956f44e84
Author: Justus Winter <justus at g10code.com>
Date: Wed Jun 7 11:50:54 2017 +0200
common,gpg,sm: Move the compliance option parser.
* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.
GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/common/compliance.c b/common/compliance.c
index 14ba097..d81a503 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -33,6 +33,7 @@
#include "openpgpdefs.h"
#include "logging.h"
#include "util.h"
+#include "i18n.h"
#include "compliance.h"
/* Return true if ALGO with a key of KEYLENGTH is compliant to the
@@ -210,3 +211,35 @@ gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance)
}
log_assert (!"invalid compliance mode");
}
+
+
+/* Parse the value of --compliance. Returns the value corresponding
+ * to the given STRING according to OPTIONS of size LENGTH, or -1
+ * indicating that the lookup was unsuccessful, or the list of options
+ * was printed. If quiet is false, an additional hint to use 'help'
+ * is printed on unsuccessful lookups. */
+int
+gnupg_parse_compliance_option (const char *string,
+ struct gnupg_compliance_option options[],
+ size_t length,
+ int quiet)
+{
+ size_t i;
+
+ if (! ascii_strcasecmp (string, "help"))
+ {
+ log_info (_ ("valid values for option '%s':\n"), "--compliance");
+ for (i = 0; i < length; i++)
+ log_info (" %s\n", options[i].keyword);
+ return -1;
+ }
+
+ for (i = 0; i < length; i++)
+ if (! ascii_strcasecmp (string, options[i].keyword))
+ return options[i].value;
+
+ log_error (_ ("invalid value for option '%s'\n"), "--compliance");
+ if (! quiet)
+ log_info (_ ("(use \"help\" to list choices)\n"));
+ return -1;
+}
diff --git a/common/compliance.h b/common/compliance.h
index 4f78ad4..198447c 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -48,4 +48,15 @@ int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
digest_algo_t digest);
const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);
+struct gnupg_compliance_option
+{
+ const char *keyword;
+ int value;
+};
+
+int gnupg_parse_compliance_option (const char *string,
+ struct gnupg_compliance_option options[],
+ size_t length,
+ int quiet);
+
#endif /*GNUPG_COMMON_COMPLIANCE_H*/
diff --git a/g10/gpg.c b/g10/gpg.c
index cddaf77..686fcd7 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2073,11 +2073,8 @@ parse_tofu_policy (const char *policystr)
}
-/* Parse the value of --compliance. */
-static int
-parse_compliance_option (const char *string)
-{
- struct { const char *keyword; enum cmd_and_opt_values option; } list[] = {
+static struct gnupg_compliance_option compliance_options[] =
+ {
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
{ "rfc4880bis", oRFC4880bis },
@@ -2088,26 +2085,6 @@ parse_compliance_option (const char *string)
{ "pgp8", oPGP8 },
{ "de-vs", oDE_VS }
};
- int i;
-
- if (!ascii_strcasecmp (string, "help"))
- {
- log_info (_("valid values for option '%s':\n"), "--compliance");
- for (i=0; i < DIM (list); i++)
- log_info (" %s\n", list[i].keyword);
- g10_exit (1);
- }
-
- for (i=0; i < DIM (list); i++)
- if (!ascii_strcasecmp (string, list[i].keyword))
- return list[i].option;
-
- log_error (_("invalid value for option '%s'\n"), "--compliance");
- if (!opt.quiet)
- log_info (_("(use \"help\" to list choices)\n"));
- g10_exit (1);
-}
-
/* Helper to set compliance related options. This is a separate
@@ -2862,7 +2839,15 @@ main (int argc, char **argv)
break;
case oCompliance:
- set_compliance_option (parse_compliance_option (pargs.r.ret_str));
+ {
+ int compliance = gnupg_parse_compliance_option (pargs.r.ret_str,
+ compliance_options,
+ DIM (compliance_options),
+ opt.quiet);
+ if (compliance < 0)
+ g10_exit (1);
+ set_compliance_option (compliance);
+ }
break;
case oOpenPGP:
case oRFC2440:
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index cb181e8..4b80778 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -41,6 +41,7 @@
#include "../common/gc-opt-flags.h"
#include "../common/asshelp.h"
#include "../common/init.h"
+#include "../common/compliance.h"
#ifndef O_BINARY
@@ -1443,7 +1444,19 @@ main ( int argc, char **argv)
case oNoAutostart: opt.autostart = 0; break;
case oCompliance:
- /* Dummy option for now. */
+ {
+ struct gnupg_compliance_option compliance_options[] =
+ {
+ { "de-vs", CO_DE_VS }
+ };
+ int compliance = gnupg_parse_compliance_option (pargs.r.ret_str,
+ compliance_options,
+ DIM (compliance_options),
+ opt.quiet);
+ if (compliance < 0)
+ gpgsm_exit (1);
+ opt.compliance = compliance;
+ }
break;
default:
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index df96770..8c1f520 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -34,6 +34,7 @@
#include "../common/audit.h"
#include "../common/session-env.h"
#include "../common/ksba-io-support.h"
+#include "../common/compliance.h"
#define MAX_DIGEST_LEN 64
@@ -144,6 +145,7 @@ struct
OID per string. */
strlist_t ignored_cert_extensions;
+ enum gnupg_compliance_mode compliance;
} opt;
/* Debug values and macros. */
commit 027ce4ba37be1d052bca2f6109fe810ef57f4038
Author: Justus Winter <justus at g10code.com>
Date: Thu Jun 1 15:14:19 2017 +0200
gpg: Improve compliance with CO_DE_VS.
* g10/gpg.c (set_compliance_option): The specification, section 4.1.1,
forbids the use of encryption without integrity protection.
GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus at g10code.com>
diff --git a/g10/gpg.c b/g10/gpg.c
index 80e5197..cddaf77 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2166,6 +2166,7 @@ set_compliance_option (enum cmd_and_opt_values option)
case oDE_VS:
set_compliance_option (oOpenPGP);
opt.compliance = CO_DE_VS;
+ opt.force_mdc = 1;
/* Fixme: Change other options. */
break;
-----------------------------------------------------------------------
Summary of changes:
common/compliance.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++++--
common/compliance.h | 18 +++++++-
g10/encrypt.c | 2 +-
g10/gpg.c | 53 +++++++++------------
g10/keyedit.c | 2 +-
g10/main.h | 1 -
g10/mainproc.c | 2 +-
g10/misc.c | 18 --------
g10/pkclist.c | 4 +-
sm/decrypt.c | 3 +-
sm/gpgsm.c | 18 +++++++-
sm/gpgsm.h | 2 +
12 files changed, 192 insertions(+), 62 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list