diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 7 | ||||
| -rw-r--r-- | g10/getkey.c | 7 | ||||
| -rw-r--r-- | g10/mainproc.c | 2 | ||||
| -rw-r--r-- | g10/misc.c | 13 |
4 files changed, 26 insertions, 3 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index ff4281df0..688d69829 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2007-12-12 Werner Koch <[email protected]> + + * misc.c (print_pubkey_algo_note): Print a warning for type 20 keys. + (openpgp_pk_test_algo, openpgp_pk_algo_usage): Allow type 20 fro + encryption only with option --rfc2440. + * mainproc.c (proc_pubkey_enc): Ditto. + 2007-12-12 David Shaw <[email protected]> * trustdb.c (sanitize_regexp): New. Protect against dangerous diff --git a/g10/getkey.c b/g10/getkey.c index 776bed2e1..934691c42 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2137,8 +2137,11 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) subpk->has_expired = key_expire >= curtime? 0 : key_expire; subpk->expiredate = key_expire; - /* algo doesn't exist */ - if(check_pubkey_algo(subpk->pubkey_algo)) + /* Check that algo exists. Elgamal sign+encrypt are only allowed + with option --rfc2440. */ + if (RFC2440 && subpk->pubkey_algo == PUBKEY_ALGO_ELGAMAL) + ; + else if(check_pubkey_algo(subpk->pubkey_algo)) return; subpk->is_valid = 1; diff --git a/g10/mainproc.c b/g10/mainproc.c index 56494cbfb..2a91f0f62 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -404,7 +404,7 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) else if( is_ELGAMAL(enc->pubkey_algo) || enc->pubkey_algo == PUBKEY_ALGO_DSA || is_RSA(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) { + || (RFC2440 && enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)) { /* Note that we also allow type 20 Elgamal keys for decryption. There are still a couple of those keys in active use as a subkey. */ diff --git a/g10/misc.c b/g10/misc.c index 54de3abfc..004dd901e 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -315,6 +315,10 @@ print_pubkey_algo_note( int algo ) pubkey_algo_to_string(algo)); } } + else if (algo == 20) + { + log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n")); + } } void @@ -392,6 +396,9 @@ openpgp_cipher_test_algo( int algo ) int openpgp_pk_test_algo( int algo, unsigned int usage_flags ) { + /* Dont't allow type 20 keys unless in rfc2440 mode. */ + if (!RFC2440 && algo == 20) + return G10ERR_PUBKEY_ALGO; if( algo < 0 || algo > 110 ) return G10ERR_PUBKEY_ALGO; return check_pubkey_algo2( algo, usage_flags ); @@ -414,6 +421,12 @@ openpgp_pk_algo_usage ( int algo ) use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; case PUBKEY_ALGO_ELGAMAL: + /* Allow encryption with type 20 keys if RFC-2440 compliance + has been selected. Signing is broken thus we won't allow + this. */ + if (RFC2440) + use = PUBKEY_USAGE_ENC; + break; case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; |