diff options
| author | Werner Koch <[email protected]> | 2022-10-31 14:51:21 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-10-31 14:51:21 +0000 |
| commit | 5a2cef801d3506bedd700db1a5d88b7a75c4083b (patch) | |
| tree | 594b305eb753bbcb2bf1e5a6ea7d2cde190ebbd3 /g10/encrypt.c | |
| parent | gpg: New option --compatibility-flags (diff) | |
| download | gnupg-5a2cef801d3506bedd700db1a5d88b7a75c4083b.tar.gz gnupg-5a2cef801d3506bedd700db1a5d88b7a75c4083b.zip | |
gpg: Allow only OCB for AEAD encryption.
* g10/gpg.c (opts): New option--force-ocb as alias for force-aead.
Turn --aead-algo and --personal-aead-preferences into dummy options.
(build_list_md_test_algo, build_list_aead_algo_name): Remove.
(my_strusage): Remove output of AEAD algos.
(main): Remove code from the --aead options.
* g10/encrypt.c (encrypt_seskey): Make file local.
(use_aead): Remove requirement for rfc4880bis. Always return
AEAD_ALGO_OCB.
* g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro.
* g10/misc.c (default_aead_algo): Remove.
* g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0.
(select_algo_from_prefs): Remove personal AEAD algo setting.
* g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option
parsing.
* g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs.
--
Due to the meanwhile expired patent on OCB there is no more reason for
using EAX. Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
Diffstat (limited to 'g10/encrypt.c')
| -rw-r--r-- | g10/encrypt.c | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index 019bf0be4..33a5126d0 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -219,7 +219,7 @@ check_encryption_compliance (DEK *dek, pk_list_t pk_list) * stored at R_SESKEY. If AEAD_ALGO is not 0 the given AEAD algorithm * is used for encryption. */ -gpg_error_t +static gpg_error_t encrypt_seskey (DEK *dek, aead_algo_t aead_algo, DEK **r_seskey, void **r_enckey, size_t *r_enckeylen) { @@ -344,14 +344,6 @@ use_aead (pk_list_t pk_list, int algo) { int can_use; - if (!opt.flags.rfc4880bis) - { - if (opt.force_aead) - log_info ("Warning: Option %s currently requires option '%s'\n", - "--force-aead", "--rfc4880bis"); - return 0; - } - can_use = openpgp_cipher_get_algo_blklen (algo) == 16; /* With --force-aead we want AEAD. */ @@ -363,7 +355,7 @@ use_aead (pk_list_t pk_list, int algo) openpgp_cipher_algo_name (algo)); return 0; } - return default_aead_algo (); + return AEAD_ALGO_OCB; } /* AEAD does only work with 128 bit cipher blocklength. */ |