From 2ba818de1aa311ba8eb27012d69e93dd16e7d4ed Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 31 Jan 2014 22:47:11 +0100 Subject: gpg: Add configure options to disable algorithms * acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New. * configure.ac: Add --enable-gpg-* options to disable non MUS algorithms. * g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options. (openpgp_pk_test_algo2): Ditto. (map_md_openpgp_to_gcry): Ditto. (openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify. -- We have a similar feature in GnuPG-1. Although we don't shrink the size of the gpg binary by disabling algorithms (they are implemented in Libgcrypt), this feature may still be useful for inerop testing. --- configure.ac | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index f4b2d388c..9476dc48b 100644 --- a/configure.ac +++ b/configure.ac @@ -212,6 +212,39 @@ AC_ARG_ENABLE(selinux-support, selinux_support=$enableval, selinux_support=no) AC_MSG_RESULT($selinux_support) + +# +# Options to disable algorithm +# + +GNUPG_GPG_DISABLE_ALGO([rsa],[RSA public key]) +# Elgamal is a MUST algorithm +# DSA is a MUST algorithm +GNUPG_GPG_DISABLE_ALGO([ecdh],[ECDH public key]) +GNUPG_GPG_DISABLE_ALGO([ecdsa],[ECDSA public key]) +GNUPG_GPG_DISABLE_ALGO([eddsa],[EdDSA public key]) + +GNUPG_GPG_DISABLE_ALGO([idea],[IDEA cipher]) +# 3DES is a MUST algorithm +GNUPG_GPG_DISABLE_ALGO([cast5],[CAST5 cipher]) +GNUPG_GPG_DISABLE_ALGO([blowfish],[BLOWFISH cipher]) +GNUPG_GPG_DISABLE_ALGO([aes128],[AES128 cipher]) +GNUPG_GPG_DISABLE_ALGO([aes192],[AES192 cipher]) +GNUPG_GPG_DISABLE_ALGO([aes256],[AES256 cipher]) +GNUPG_GPG_DISABLE_ALGO([twofish],[TWOFISH cipher]) +GNUPG_GPG_DISABLE_ALGO([camellia128],[CAMELLIA128 cipher]) +GNUPG_GPG_DISABLE_ALGO([camellia192],[CAMELLIA192 cipher]) +GNUPG_GPG_DISABLE_ALGO([camellia256],[CAMELLIA256 cipher]) + +GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash]) +# SHA1 is a MUSt algorithm +GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash]) +GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash]) +GNUPG_GPG_DISABLE_ALGO([sha256],[SHA-256 hash]) +GNUPG_GPG_DISABLE_ALGO([sha384],[SHA-384 hash]) +GNUPG_GPG_DISABLE_ALGO([sha512],[SHA-512 hash]) + + # Allow disabling of zip support. # This is in general not a good idea because according to rfc4880 OpenPGP # implementations SHOULD support ZLIB. -- cgit v1.2.3