1 files changed, 19 insertions, 14 deletions

diff --git a/g10/pkclist.c b/g10/pkclist.c
index 393087a5c..26be90f74 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -955,18 +955,19 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 
 /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
    CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
-   and all compressions except none (0) and ZIP (1).  For a true PGP6
-   key all of this is unneeded as they are the only items present in
-   the preferences subpacket, but checking here covers the weird case
-   of encrypting to a key that had preferences from a different
-   implementation which was then used with PGP6.  I am not completely
-   comfortable with this as the right thing to do, as it slightly
-   alters the list of what the user is supposedly requesting.  It is
-   not against the RFC however, as the preference chosen will never be
-   one that the user didn't specify somewhere ("The implementation may
-   use any mechanism to pick an algorithm in the intersection"), and
-   PGP6 has no mechanism to fix such a broken preference list, so I'm
-   including it. -dms */
+   and all compressions except none (0) and ZIP (1).  pgp7 mode
+   expands the cipher list to include AES128 (7), AES192 (8), AES256
+   (9), and TWOFISH (10).  For a true PGP key all of this is unneeded
+   as they are the only items present in the preferences subpacket,
+   but checking here covers the weird case of encrypting to a key that
+   had preferences from a different implementation which was then used
+   with PGP.  I am not completely comfortable with this as the right
+   thing to do, as it slightly alters the list of what the user is
+   supposedly requesting.  It is not against the RFC however, as the
+   preference chosen will never be one that the user didn't specify
+   somewhere ("The implementation may use any mechanism to pick an
+   algorithm in the intersection"), and PGP has no mechanism to fix
+   such a broken preference list, so I'm including it. -dms */
 
 static int
 algo_available( int preftype, int algo )
@@ -975,16 +976,20 @@ algo_available( int preftype, int algo )
         if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;
 
+        if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 &&
+			 algo != 7 && algo != 8 && algo != 9 && algo != 10) )
+	  return 0;
+
 	return algo && !check_cipher_algo( algo );
     }
     else if( preftype == PREFTYPE_HASH ) {
-        if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
+        if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;
 
 	return algo && !check_digest_algo( algo );
     }
     else if( preftype == PREFTYPE_ZIP ) {
-        if ( opt.pgp6 && ( algo !=0 && algo != 1) )
+        if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) )
 	  return 0;
 
 	return !algo || algo == 1 || algo == 2;