diff options
| author | Werner Koch <[email protected]> | 2014-01-31 21:47:11 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-01-31 21:47:11 +0000 |
| commit | 2ba818de1aa311ba8eb27012d69e93dd16e7d4ed (patch) | |
| tree | 5878c51dc8c35046bf6641e9e5c5d2acfff8517d /configure.ac | |
| parent | gpg: Improve --version algo info output. (diff) | |
| download | gnupg-2ba818de1aa311ba8eb27012d69e93dd16e7d4ed.tar.gz gnupg-2ba818de1aa311ba8eb27012d69e93dd16e7d4ed.zip | |
gpg: Add configure options to disable algorithms
* acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New.
* configure.ac: Add --enable-gpg-* options to disable non MUS
algorithms.
* g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options.
(openpgp_pk_test_algo2): Ditto.
(map_md_openpgp_to_gcry): Ditto.
(openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify.
--
We have a similar feature in GnuPG-1. Although we don't shrink the
size of the gpg binary by disabling algorithms (they are implemented
in Libgcrypt), this feature may still be useful for inerop testing.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index f4b2d388c..9476dc48b 100644 --- a/configure.ac +++ b/configure.ac @@ -212,6 +212,39 @@ AC_ARG_ENABLE(selinux-support, selinux_support=$enableval, selinux_support=no) AC_MSG_RESULT($selinux_support) + +# +# Options to disable algorithm +# + +GNUPG_GPG_DISABLE_ALGO([rsa],[RSA public key]) +# Elgamal is a MUST algorithm +# DSA is a MUST algorithm +GNUPG_GPG_DISABLE_ALGO([ecdh],[ECDH public key]) +GNUPG_GPG_DISABLE_ALGO([ecdsa],[ECDSA public key]) +GNUPG_GPG_DISABLE_ALGO([eddsa],[EdDSA public key]) + +GNUPG_GPG_DISABLE_ALGO([idea],[IDEA cipher]) +# 3DES is a MUST algorithm +GNUPG_GPG_DISABLE_ALGO([cast5],[CAST5 cipher]) +GNUPG_GPG_DISABLE_ALGO([blowfish],[BLOWFISH cipher]) +GNUPG_GPG_DISABLE_ALGO([aes128],[AES128 cipher]) +GNUPG_GPG_DISABLE_ALGO([aes192],[AES192 cipher]) +GNUPG_GPG_DISABLE_ALGO([aes256],[AES256 cipher]) +GNUPG_GPG_DISABLE_ALGO([twofish],[TWOFISH cipher]) +GNUPG_GPG_DISABLE_ALGO([camellia128],[CAMELLIA128 cipher]) +GNUPG_GPG_DISABLE_ALGO([camellia192],[CAMELLIA192 cipher]) +GNUPG_GPG_DISABLE_ALGO([camellia256],[CAMELLIA256 cipher]) + +GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash]) +# SHA1 is a MUSt algorithm +GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash]) +GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash]) +GNUPG_GPG_DISABLE_ALGO([sha256],[SHA-256 hash]) +GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash]) +GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash]) + + # Allow disabling of zip support. # This is in general not a good idea because according to rfc4880 OpenPGP # implementations SHOULD support ZLIB. |