aboutsummaryrefslogtreecommitdiff
path: root/security/gnupg1/files/patch-getkey.c
diff options
context:
space:
mode:
authorJun Kuriyama <kuriyama@FreeBSD.org>2003-11-28 00:05:27 +0000
committerJun Kuriyama <kuriyama@FreeBSD.org>2003-11-28 00:05:27 +0000
commit660205cc0e3dab7b8c6dee8d7433393584338418 (patch)
treecbe0255df574fa3f543db28e63be88934e4afc8d /security/gnupg1/files/patch-getkey.c
parenta860f902fba494095629f726d86b423886b69b2b (diff)
downloadports-660205cc0e3dab7b8c6dee8d7433393584338418.tar.gz
ports-660205cc0e3dab7b8c6dee8d7433393584338418.zip
*** Security Update (not fix, only workaround) ***
Disable the ability to create signatures using the ElGamal sign+encrypt (type 20) keys as well as to remove the option to create such keys. Reported by: se References: http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020569.html Approved by portmgr (will)
Notes
Notes: svn path=/head/; revision=94812
Diffstat (limited to 'security/gnupg1/files/patch-getkey.c')
-rw-r--r--security/gnupg1/files/patch-getkey.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/security/gnupg1/files/patch-getkey.c b/security/gnupg1/files/patch-getkey.c
new file mode 100644
index 000000000000..fdbb5ec441aa
--- /dev/null
+++ b/security/gnupg1/files/patch-getkey.c
@@ -0,0 +1,28 @@
+--- g10/getkey.c.orig Tue Jul 29 03:34:41 2003
++++ g10/getkey.c Thu Nov 27 18:54:55 2003
+@@ -1655,6 +1655,11 @@
+ if ( x ) /* mask it down to the actual allowed usage */
+ key_usage &= x;
+ }
++
++ /* Type 20 Elgamal keys are not usable. */
++ if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
++ key_usage=0;
++
+ pk->pubkey_usage = key_usage;
+
+ if ( !key_expire_seen ) {
+@@ -1869,6 +1874,13 @@
+ if ( x ) /* mask it down to the actual allowed usage */
+ key_usage &= x;
+ }
++
++ /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
++ not usable. */
++ if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
++ || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
++ key_usage=0;
++
+ subpk->pubkey_usage = key_usage;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);