diff options
| author | Werner Koch <[email protected]> | 2024-05-06 12:34:48 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2024-05-06 12:34:48 +0000 |
| commit | 97b37db144da6c9278786d51a233716e78c1f12c (patch) | |
| tree | ebb957afdc4b7e7406e9f07dcc9f445863fa026e | |
| parent | tests: Avoid new C23 keyword true. (diff) | |
| download | gnupg-97b37db144da6c9278786d51a233716e78c1f12c.tar.gz gnupg-97b37db144da6c9278786d51a233716e78c1f12c.zip | |
gpg,gpgsm: Remove compatibility_flags allow-ecc-encr and vsd-allow-encr.
* g10/options.h (COMPAT_VSD_ALLOW_OCB): Remove.
* g10/gpg.c (compatibility_flags): Remove "vsd-allow_ocb".
(main): Alwas set CO_EXTRA_INFO_VSD_ALLOW_OCB.
* g10/keygen.c (keygen_set_std_prefs): Always set OCB feature flag.
* g10/encrypt.c (use_aead): Always OCB also in de-vs mode.
* sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): Remove.
* sm/gpgsm.c (compatibility_flags): Remove "allow-ecc-encr".
* sm/encrypt.c (encrypt_dek): Always allow ecc encryption.
* sm/certreqgen.c (proc_parameters): Likewise.
--
Both feature are meanwhile approved in de-vs mode thus there is no
more need for the flags.
| -rw-r--r-- | g10/encrypt.c | 4 | ||||
| -rw-r--r-- | g10/gpg.c | 4 | ||||
| -rw-r--r-- | g10/keygen.c | 4 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | sm/certreqgen.c | 3 | ||||
| -rw-r--r-- | sm/encrypt.c | 5 | ||||
| -rw-r--r-- | sm/gpgsm.c | 1 | ||||
| -rw-r--r-- | sm/gpgsm.h | 1 |
8 files changed, 3 insertions, 20 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index a4863fa5d..fbf355ecb 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -262,10 +262,6 @@ use_aead (pk_list_t pk_list, int algo) { int can_use; - if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB) - && opt.compliance == CO_DE_VS) - return 0; /* Not yet allowed. */ - can_use = openpgp_cipher_get_algo_blklen (algo) == 16; /* With --force-aead we want AEAD. */ @@ -1001,7 +1001,6 @@ static struct debug_flags_s debug_flags [] = /* The list of compatibility flags. */ static struct compatibility_flags_s compatibility_flags [] = { - { COMPAT_VSD_ALLOW_OCB, "vsd-allow-ocb" }, { 0, NULL } }; @@ -3825,8 +3824,7 @@ main (int argc, char **argv) parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags); gnupg_set_compliance_extra_info (CO_EXTRA_INFO_MIN_RSA, opt.min_rsa_length); - if ((opt.compat_flags & COMPAT_VSD_ALLOW_OCB)) - gnupg_set_compliance_extra_info (CO_EXTRA_INFO_VSD_ALLOW_OCB, 1); + gnupg_set_compliance_extra_info (CO_EXTRA_INFO_VSD_ALLOW_OCB, 1); if (DBG_CLOCK) log_clock ("start"); diff --git a/g10/keygen.c b/g10/keygen.c index 52fd97a64..26126cde7 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -523,10 +523,6 @@ keygen_set_std_prefs (const char *string,int personal) xfree (prefstringbuf); } - /* For now we require a compat flag to set OCB into the preferences. */ - if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB)) - ocb = 0; - if(!rc) { if(personal) diff --git a/g10/options.h b/g10/options.h index b3cb52003..8234bc731 100644 --- a/g10/options.h +++ b/g10/options.h @@ -354,7 +354,6 @@ EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode; EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; /* Compatibility flags */ -#define COMPAT_VSD_ALLOW_OCB 1 /* Compliance test macors. */ diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 63c35a227..d85dffffd 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -732,8 +732,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, "(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf); } - else if ((opt.compat_flags & COMPAT_ALLOW_ECC_ENCR) - && (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA)) + else if (algo == GCRY_PK_ECC || algo == GCRY_PK_EDDSA) { const char *curve = get_parameter_value (para, pKEYCURVE, 0); const char *flags; diff --git a/sm/encrypt.c b/sm/encrypt.c index 7c8a96481..c6c59cfae 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -483,10 +483,7 @@ encrypt_dek (const DEK dek, ksba_cert_t cert, int pk_algo, s_data = NULL; /* (avoid compiler warning) */ if (pk_algo == GCRY_PK_ECC) { - if (!(opt.compat_flags & COMPAT_ALLOW_ECC_ENCR)) - rc = gpg_error (GPG_ERR_NOT_SUPPORTED); - else - rc = ecdh_encrypt (dek, s_pkey, &s_ciph); + rc = ecdh_encrypt (dek, s_pkey, &s_ciph); } else { diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 8819cc12e..25fdfe57b 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -469,7 +469,6 @@ static struct debug_flags_s debug_flags [] = static struct compatibility_flags_s compatibility_flags [] = { { COMPAT_ALLOW_KA_TO_ENCR, "allow-ka-to-encr" }, - { COMPAT_ALLOW_ECC_ENCR, "allow-ecc-encr" }, { 0, NULL } }; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 4140c9709..3946b5679 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -183,7 +183,6 @@ struct * policies: 1.3.6.1.4.1.7924.1.1:N: */ #define COMPAT_ALLOW_KA_TO_ENCR 1 -#define COMPAT_ALLOW_ECC_ENCR 2 /* Forward declaration for an object defined in server.c */ |