diff options
Diffstat (limited to 'debian/patches/update-defaults')
| -rw-r--r-- | debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff | 26 | ||||
| -rw-r--r-- | debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff | 44 |
2 files changed, 70 insertions, 0 deletions
diff --git a/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff new file mode 100644 index 0000000..13f020f --- /dev/null +++ b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff @@ -0,0 +1,26 @@ +From: Andreas Metzler <ametzler@debian.org> +Date: Thu, 9 May 2024 13:57:27 +0200 +Subject: Do not set AEAD: OCB key preference on new keys. + +Origin: vendor +Forwarded: not-needed +Last-Update: 2024-05-09 +--- + g10/keygen.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/g10/keygen.c b/g10/keygen.c +index 6612352..dfaa591 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -527,6 +527,10 @@ keygen_set_std_prefs (const char *string,int personal) + if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB)) + ocb = 0; + ++ /* Do not set AEAD: OCB on newly generated key, it is a LibrePGP ++ * feature. */ ++ ocb = 0; ++ + if(!rc) + { + if(personal) diff --git a/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff new file mode 100644 index 0000000..821038f --- /dev/null +++ b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff @@ -0,0 +1,44 @@ +From: Andreas Metzler <ametzler@debian.org> +Date: Thu, 9 May 2024 13:57:27 +0200 +Subject: Do not use OCB mode even if AEAD: OCB key preference is set. + +Origin: vendor +Forwarded: not-needed +Last-Update: 2024-05-09 + +(overrideable with --force-ocb) +--- + g10/encrypt.c | 6 ++++++ + tests/openpgp/encrypt.scm | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/g10/encrypt.c b/g10/encrypt.c +index a4863fa..d2ad3fe 100644 +--- a/g10/encrypt.c ++++ b/g10/encrypt.c +@@ -279,6 +279,12 @@ use_aead (pk_list_t pk_list, int algo) + } + return AEAD_ALGO_OCB; + } ++ else ++ { ++ /* Ignore AEAD: OCB key preference unless --force-ocb is set. It is ++ * a LibrePGP feature. */ ++ return 0; ++ } + + /* AEAD does only work with 128 bit cipher blocklength. */ + if (!can_use) +diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm +index ef2f7b0..a44f5ca 100755 +--- a/tests/openpgp/encrypt.scm ++++ b/tests/openpgp/encrypt.scm +@@ -88,7 +88,7 @@ + (lambda (source) + (tr:do + (tr:open source) +- (tr:gpgstatus "" `(--yes -e ++ (tr:gpgstatus "" `(--yes -e --force-ocb + -r ,"patrice.lumumba" + -r ,"mahsa.amini")) + (tr:call-with-content |