diff options
| author | Werner Koch <wk@gnupg.org> | 2018-05-29 12:42:44 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2018-05-29 12:42:52 +0200 |
| commit | 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 (patch) | |
| tree | ce2d7b23b0025145cfdf722d27a7501b81f9b0b7 /g10/encrypt.c | |
| parent | gpg: Fix detection of the AEAD feature flag. (diff) | |
| download | gnupg2-253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709.tar.xz gnupg2-253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709.zip | |
gpg: Remove MDC options
* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--
The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/encrypt.c')
| -rw-r--r-- | g10/encrypt.c | 63 |
1 files changed, 13 insertions, 50 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index c6c9e3a03..7de07d234 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -212,11 +212,7 @@ use_aead (pk_list_t pk_list, int algo) can_use = openpgp_cipher_get_algo_blklen (algo) == 16; - /* With --force-mdc we clearly do not want AEAD. */ - if (opt.force_mdc) - return 0; - - /* However with --force-aead we want AEAD. */ + /* With --force-aead we want AEAD. */ if (opt.force_aead) { if (!can_use) @@ -232,62 +228,29 @@ use_aead (pk_list_t pk_list, int algo) if (!can_use) return 0; + /* Note the user which keys have no AEAD feature flag set. */ + if (opt.verbose) + warn_missing_aead_from_pklist (pk_list); + /* If all keys support AEAD we can use it. */ return select_aead_from_pklist (pk_list); } -/* We try very hard to use a MDC */ +/* Shall we use the MDC? Yes - unless rfc-2440 compatibility is + * requested. */ int use_mdc (pk_list_t pk_list,int algo) { - /* RFC-2440 don't has MDC */ - if (RFC2440) - return 0; - - /* --force-mdc overrides --disable-mdc */ - if(opt.force_mdc) - return 1; + (void)pk_list; + (void)algo; - if(opt.disable_mdc) + /* RFC-2440 don't has MDC - this is the only way to create a legacy + * non-MDC encryption packet. */ + if (RFC2440) return 0; - /* Do the keys really support MDC? */ - - if(select_mdc_from_pklist(pk_list)) - return 1; - - /* The keys don't support MDC, so now we do a bit of a hack - if any - of the AESes or TWOFISH are in the prefs, we assume that the user - can handle a MDC. This is valid for PGP 7, which can handle MDCs - though it will not generate them. 2440bis allows this, by the - way. */ - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH) - return 1; - - /* Last try. Use MDC for the modern ciphers. */ - - if (openpgp_cipher_get_algo_blklen (algo) != 8) - return 1; - - if (opt.verbose) - warn_missing_mdc_from_pklist (pk_list); - - return 0; /* No MDC */ + return 1; /* In all other cases we use the MDC */ } |