diff options
| author | Werner Koch <[email protected]> | 2025-05-12 09:54:50 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-05-12 10:00:30 +0000 |
| commit | 924f09d1f3c811633879ecd185bf7e439d18e4ae (patch) | |
| tree | 0aea391d743adc00968ef0a35645e7bd8302874a | |
| parent | Update distsigkey (diff) | |
| download | gnupg-924f09d1f3c811633879ecd185bf7e439d18e4ae.tar.gz gnupg-924f09d1f3c811633879ecd185bf7e439d18e4ae.zip | |
gpg: Fully implement the group key flag.
* g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit.
(merge_selfsigs_subkey): Ditto/
* g10/keygen.c (ask_key_flags_with_mask): Ditto.
(proc_parameter_file): Ditto.
--
Updates-commit: 202ed9e281d5fb95f166faeb6741c75872be464c
| -rw-r--r-- | g10/getkey.c | 4 | ||||
| -rw-r--r-- | g10/keygen.c | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 105c95232..2ff67fb9c 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3162,7 +3162,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked, /* Check that the usage matches the usage as given by the algo. */ int x = openpgp_pk_algo_usage (pk->pubkey_algo); if (x) /* Mask it down to the actual allowed usage. */ - key_usage &= x; + key_usage &= (x | PUBKEY_USAGE_GROUP); } /* Whatever happens, it's a primary key, so it can certify. */ @@ -3437,7 +3437,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode) /* Check that the usage matches the usage as given by the algo. */ int x = openpgp_pk_algo_usage (subpk->pubkey_algo); if (x) /* Mask it down to the actual allowed usage. */ - key_usage &= x; + key_usage &= (x | PUBKEY_USAGE_GROUP); } subpk->pubkey_usage = key_usage; diff --git a/g10/keygen.c b/g10/keygen.c index c9122f79e..e271ad267 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1980,6 +1980,7 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current, * below for a workaround. */ possible = (openpgp_pk_algo_usage (algo) & mask); possible &= ~PUBKEY_USAGE_RENC; + possible &= ~PUBKEY_USAGE_GROUP; /* However, only primary keys may certify. */ if (subkey) @@ -4210,7 +4211,8 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname, else { r = get_parameter (para, pKEYUSAGE); - if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + if (r && (r->u.usage + & ~(openpgp_pk_algo_usage (algo) | PUBKEY_USAGE_GROUP))) { log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n", fname, r->lnr, algo); @@ -4246,7 +4248,8 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname, else { r = get_parameter (para, pSUBKEYUSAGE); - if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + if (r && (r->u.usage + & ~(openpgp_pk_algo_usage (algo)|PUBKEY_USAGE_GROUP))) { log_error ("%s:%d: specified Subkey-Usage not allowed" " for algo %d\n", fname, r->lnr, algo); |