aboutsummaryrefslogtreecommitdiffstats
path: root/common
diff options
context:
space:
mode:
Diffstat (limited to 'common')
-rw-r--r--common/compliance.c24
-rw-r--r--common/compliance.h11
-rw-r--r--common/openpgpdefs.h4
3 files changed, 31 insertions, 8 deletions
diff --git a/common/compliance.c b/common/compliance.c
index eaecee7b0..9f407fad2 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -45,6 +45,9 @@ static int module;
* using a confue file. */
static unsigned int min_compliant_rsa_length;
+/* Temporary hack to allow OCB mode in de-vs mode. */
+static unsigned int vsd_allow_ocb;
+
/* Return the address of a compliance cache variable for COMPLIANCE.
* If no such variable exists NULL is returned. FOR_RNG returns the
* cache variable for the RNG compliance check. */
@@ -380,7 +383,8 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
switch (module)
{
case GNUPG_MODULE_NAME_GPG:
- return mode == GCRY_CIPHER_MODE_CFB;
+ return (mode == GCRY_CIPHER_MODE_CFB
+ || (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB));
case GNUPG_MODULE_NAME_GPGSM:
return mode == GCRY_CIPHER_MODE_CBC;
}
@@ -424,7 +428,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
{
case GNUPG_MODULE_NAME_GPG:
return (mode == GCRY_CIPHER_MODE_NONE
- || mode == GCRY_CIPHER_MODE_CFB);
+ || mode == GCRY_CIPHER_MODE_CFB
+ || (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB));
case GNUPG_MODULE_NAME_GPGSM:
return (mode == GCRY_CIPHER_MODE_NONE
|| mode == GCRY_CIPHER_MODE_CBC
@@ -441,7 +446,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
case CIPHER_ALGO_TWOFISH:
return (module == GNUPG_MODULE_NAME_GPG
&& (mode == GCRY_CIPHER_MODE_NONE
- || mode == GCRY_CIPHER_MODE_CFB)
+ || mode == GCRY_CIPHER_MODE_CFB
+ || (vsd_allow_ocb && mode == GCRY_CIPHER_MODE_OCB))
&& ! producer);
default:
return 0;
@@ -696,7 +702,15 @@ gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
/* Set additional infos for example taken from config files at startup. */
void
-gnupg_set_compliance_extra_info (unsigned int min_rsa)
+gnupg_set_compliance_extra_info (enum gnupg_co_extra_infos what,
+ unsigned int value)
{
- min_compliant_rsa_length = min_rsa;
+ switch (what)
+ {
+ case CO_EXTRA_INFO_MIN_RSA:
+ min_compliant_rsa_length = value;
+ break;
+ case CO_EXTRA_INFO_VSD_ALLOW_OCB:
+ vsd_allow_ocb = value;
+ }
}
diff --git a/common/compliance.h b/common/compliance.h
index e29ff4ee2..bd805258a 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -36,12 +36,14 @@
void gnupg_initialize_compliance (int gnupg_module_name);
+
enum gnupg_compliance_mode
{
CO_GNUPG, CO_RFC4880, CO_RFC2440,
CO_PGP6, CO_PGP7, CO_PGP8, CO_DE_VS
};
+
enum pk_use_case
{
PK_USE_ENCRYPTION, PK_USE_DECRYPTION,
@@ -91,7 +93,14 @@ int gnupg_parse_compliance_option (const char *string,
const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
compliance);
-void gnupg_set_compliance_extra_info (unsigned int min_rsa);
+enum gnupg_co_extra_infos
+ {
+ CO_EXTRA_INFO_MIN_RSA,
+ CO_EXTRA_INFO_VSD_ALLOW_OCB
+ };
+
+void gnupg_set_compliance_extra_info (enum gnupg_co_extra_infos what,
+ unsigned int value);
#endif /*GNUPG_COMMON_COMPLIANCE_H*/
diff --git a/common/openpgpdefs.h b/common/openpgpdefs.h
index 05f362159..f7ea0b52c 100644
--- a/common/openpgpdefs.h
+++ b/common/openpgpdefs.h
@@ -130,8 +130,8 @@ sigsubpkttype_t;
typedef enum
{
AEAD_ALGO_NONE = 0,
- AEAD_ALGO_EAX = 1,
- AEAD_ALGO_OCB = 2
+ AEAD_ALGO_EAX = 1, /* Deprecated. */
+ AEAD_ALGO_OCB = 2 /* The one and only. */
}
aead_algo_t;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 07:38:05 +0000