diff options
| author | Werner Koch <[email protected]> | 2025-05-12 09:54:50 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-05-12 09:54:50 +0000 |
| commit | 8833a34bf08765a71deab1efe8421a2c701f20d4 (patch) | |
| tree | fa0fbf74dffebe124fffd9f6491ec6d6ec1c1900 | |
| parent | Update distsigkey (diff) | |
| download | gnupg-8833a34bf08765a71deab1efe8421a2c701f20d4.tar.gz gnupg-8833a34bf08765a71deab1efe8421a2c701f20d4.zip | |
gpg: Fully implement the group key flag.
* g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit.
(merge_selfsigs_subkey): Ditto/
* g10/keygen.c (ask_key_flags_with_mask): Ditto.
(proc_parameter_file): Ditto.
--
Updates-commit: 0988e49c45d0fb73d0b536aa027bd114f9dc65a7
| -rw-r--r-- | g10/getkey.c | 4 | ||||
| -rw-r--r-- | g10/keygen.c | 7 |
2 files changed, 7 insertions, 4 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 0fe17d054..e438859f4 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3182,7 +3182,7 @@ merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked, /* Check that the usage matches the usage as given by the algo. */ int x = openpgp_pk_algo_usage (pk->pubkey_algo); if (x) /* Mask it down to the actual allowed usage. */ - key_usage &= x; + key_usage &= (x | PUBKEY_USAGE_GROUP); } /* Whatever happens, it's a primary key, so it can certify. */ @@ -3457,7 +3457,7 @@ merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode) /* Check that the usage matches the usage as given by the algo. */ int x = openpgp_pk_algo_usage (subpk->pubkey_algo); if (x) /* Mask it down to the actual allowed usage. */ - key_usage &= x; + key_usage &= (x | PUBKEY_USAGE_GROUP); } subpk->pubkey_usage = key_usage; diff --git a/g10/keygen.c b/g10/keygen.c index 8ca50a1a1..6658bbbc4 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2438,6 +2438,7 @@ ask_key_flags_with_mask (int algo, int subkey, unsigned int current, * below for a workaround. */ possible = (openpgp_pk_algo_usage (algo) & mask); possible &= ~PUBKEY_USAGE_RENC; + possible &= ~PUBKEY_USAGE_GROUP; if (algo == PUBKEY_ALGO_ECDH) possible |= (current & (PUBKEY_USAGE_ENC |PUBKEY_USAGE_CERT @@ -4972,7 +4973,8 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname, else { r = get_parameter (para, pKEYUSAGE); - if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + if (r && (r->u.usage + & ~(openpgp_pk_algo_usage (algo) | PUBKEY_USAGE_GROUP))) { log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n", fname, r->lnr, algo); @@ -5009,7 +5011,8 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname, else { r = get_parameter (para, pSUBKEYUSAGE); - if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + if (r && (r->u.usage + & ~(openpgp_pk_algo_usage (algo)|PUBKEY_USAGE_GROUP))) { log_error ("%s:%d: specified Subkey-Usage not allowed" " for algo %d\n", fname, r->lnr, algo); |