diff options
Diffstat (limited to 'agent')
| -rw-r--r-- | agent/agent.h | 6 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 11 | ||||
| -rw-r--r-- | agent/protect.c | 2 |
3 files changed, 15 insertions, 4 deletions
diff --git a/agent/agent.h b/agent/agent.h index 3a29dc817..0f804cd8b 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -124,7 +124,11 @@ struct passphrase change. */ int enable_passphrase_history; - /* If set the extended key format is used for new keys. */ + /* If set the extended key format is used for new keys. Note that + * this may vave the value 2 in which case + * --disable-extended-key-format won't have any effect and thus + * effectivley locking it. This is required to support existing + * profiles which lock the use of --enable-extended-key-format. */ int enable_extended_key_format; int running_detached; /* We are running detached from the tty. */ diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 27a3f7135..d9e2bbf25 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -113,6 +113,7 @@ enum cmd_and_opt_values oMaxPassphraseDays, oEnablePassphraseHistory, oDisableExtendedKeyFormat, + oEnableExtendedKeyFormat, oUseStandardSocket, oNoUseStandardSocket, oExtraSocket, @@ -254,6 +255,7 @@ static ARGPARSE_OPTS opts[] = { #endif ), ARGPARSE_s_n (oDisableExtendedKeyFormat, "disable-extended-key-format", "@"), + ARGPARSE_s_n (oEnableExtendedKeyFormat, "enable-extended-key-format", "@"), ARGPARSE_s_u (oS2KCount, "s2k-count", "@"), ARGPARSE_s_u (oS2KCalibration, "s2k-calibration", "@"), @@ -268,7 +270,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoUseStandardSocket, "no-use-standard-socket", "@"), /* Dummy options. */ - ARGPARSE_s_n (oNoop, "enable-extended-key-format", "@"), ARGPARSE_end () /* End of list */ @@ -906,7 +907,13 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.enable_passphrase_history = 1; break; - case oDisableExtendedKeyFormat: opt.enable_extended_key_format = 0; break; + case oEnableExtendedKeyFormat: + opt.enable_extended_key_format = 2; + break; + case oDisableExtendedKeyFormat: + if (opt.enable_extended_key_format != 2) + opt.enable_extended_key_format = 0; + break; case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break; diff --git a/agent/protect.c b/agent/protect.c index eda247f27..61fb8f45d 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -623,7 +623,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase, int have_curve = 0; if (use_ocb == -1) - use_ocb = opt.enable_extended_key_format; + use_ocb = !!opt.enable_extended_key_format; /* Create an S-expression with the protected-at timestamp. */ memcpy (timestamp_exp, "(12:protected-at15:", 19); |