Allow multiple policy URLs on a given signature.

Split "--notation-data" into "--cert-notation" and "--sig-notation" so the user can set different policies for key and data signing. For backwards compatibility, "--notation-data" sets both, as before.
2025-02-03 16:53:03 +01:00 · 2002-05-02 13:25:59 +00:00 · 2002-05-02 13:25:59 +00:00 · 0d63a076b0
commit 0d63a076b0
parent 1b65d681ff
6 changed files with 141 additions and 86 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,14 @@
 2002-05-02  David Shaw  <dshaw@jabberwocky.com>
 	* build-packet.c (build_sig_subpkt), keyedit.c (sign_uids),
 	options.h, sign.c (mk_notation_and_policy), g10.c (main,
 	add_notation_data, add_policy_url (new), check_policy_url
 	(removed)): Allow multiple policy URLs on a given signature.
 	Split "--notation-data" into "--cert-notation" and
 	"--sig-notation" so the user can set different policies for key
 	and data signing.  For backwards compatibility, "--notation-data"
 	sets both, as before.
 2002-05-02  Werner Koch  <wk@gnupg.org>
 	* options.skel: Removed the comment on trusted-keys because this
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@ -709,6 +709,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
    switch(type)
      {
      case SIGSUBPKT_NOTATION:
      case SIGSUBPKT_POLICY:
 	/* we do allow multiple subpackets */
 	break;
--- a/g10/g10.c
+++ b/g10/g10.c
@ -69,9 +69,11 @@ enum cmd_and_opt_values { aNull = 0,
    oVerbose	  = 'v',
    oCompress	  = 'z',
    oNotation	  = 'N',
    oBatch	  = 500,
    oSigNotation,
    oCertNotation,
    oShowNotation,
    oNoShowNotation,
    oBatch	  = 500,
    aDecryptFiles,                          
    aClearsign,
    aStore,
@ -428,7 +430,9 @@ static ARGPARSE_OPTS opts[] = {
    { oShowPhotos,   "show-photos", 0, N_("Show Photo IDs")},
    { oNoShowPhotos, "no-show-photos", 0, N_("Don't show Photo IDs")},
    { oPhotoViewer,  "photo-viewer", 2, N_("Set command line to view Photo IDs")},
-    { oNotation,   "notation-data", 2, N_("|NAME=VALUE|use this notation data")},
+    { oNotation,   "notation-data", 2, "@" },
    { oSigNotation,   "sig-notation", 2, "@" },
    { oCertNotation,  "cert-notation", 2, "@" },
    { 302, NULL, 0, N_(
  "@\n(See the man page for a complete listing of all commands and options)\n"
@ -562,8 +566,8 @@ static void set_cmd( enum cmd_and_opt_values *ret_cmd,
 			enum cmd_and_opt_values new_cmd );
 static void print_hex( byte *p, size_t n );
 static void print_mds( const char *fname, int algo );
-static void add_notation_data( const char *string );
+static void add_notation_data( const char *string, int which );
-static int  check_policy_url( const char *s );
+static void add_policy_url( const char *string, int which );
 const char *
 strusage( int level )
@ -1127,9 +1131,12 @@ main( int argc, char **argv )
 	  case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
 	  case oForYourEyesOnly: eyes_only = 1; break;
 	  case oNoForYourEyesOnly: eyes_only = 0; break;
-	  case oSetPolicyURL: opt.sig_policy_url = opt.cert_policy_url = pargs.r.ret_str; break;
+	  case oSetPolicyURL:
-	  case oSigPolicyURL: opt.sig_policy_url = pargs.r.ret_str; break;
+	    add_policy_url(pargs.r.ret_str,0);
-	  case oCertPolicyURL: opt.cert_policy_url = pargs.r.ret_str; break;
+	    add_policy_url(pargs.r.ret_str,1);
 	    break;
 	  case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
 	  case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
          case oShowPolicyURL: opt.show_policy_url=1; break;
    	  case oNoShowPolicyURL: opt.show_policy_url=0; break;
 	  case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break;
@ -1228,7 +1235,12 @@ main( int argc, char **argv )
 		log_error(_("unable to set exec-path to %s\n"),path);
 	    }
 	    break;
-	  case oNotation: add_notation_data( pargs.r.ret_str ); break;
+	  case oNotation:
 	    add_notation_data( pargs.r.ret_str, 0 );
 	    add_notation_data( pargs.r.ret_str, 1 );
 	    break;
 	  case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
 	  case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
 	  case oShowNotation: opt.show_notation=1; break;
 	  case oNoShowNotation: opt.show_notation=0; break;
 	  case oUtf8Strings: utf8_strings = 1; break;
@ -1487,14 +1499,6 @@ main( int argc, char **argv )
 	if( check_digest_algo(opt.s2k_digest_algo) )
 	    log_error(_("selected digest algorithm is invalid\n"));
    }
    if( opt.sig_policy_url ) {
 	if( check_policy_url( opt.sig_policy_url ) )
 	    log_error(_("the given signature policy URL is invalid\n"));
    }
    if( opt.cert_policy_url ) {
 	if( check_policy_url( opt.cert_policy_url ) )
 	    log_error(_("the given certification policy URL is invalid\n"));
    }
    if( opt.def_compress_algo < 0 || opt.def_compress_algo > 2 )
 	log_error(_("compress algorithm must be in range %d..%d\n"), 0, 2);
    if( opt.completes_needed < 1 )
@ -2292,17 +2296,23 @@ print_mds( const char *fname, int algo )
 /****************
 * Check the supplied name,value string and add it to the notation
- * data to be used for signatures.
+ * data to be used for signatures.  which==0 for sig notations, and 1
- */
+ * for cert notations.
 */
 static void
-add_notation_data( const char *string )
+add_notation_data( const char *string, int which )
 {
    const char *s;
    const char *s2;
-    STRLIST sl;
+    STRLIST sl,*notation_data;
    int critical=0;
    int highbit=0;
    if(which)
      notation_data=&opt.cert_notation_data;
    else
      notation_data=&opt.sig_notation_data;
    if( *string == '!' ) {
 	critical = 1;
 	string++;
@ -2339,25 +2349,44 @@ add_notation_data( const char *string )
    }
    if( highbit )   /* must use UTF8 encoding */
-	sl = add_to_strlist2( &opt.notation_data, string, utf8_strings );
+	sl = add_to_strlist2( notation_data, string, utf8_strings );
    else
-	sl = add_to_strlist( &opt.notation_data, string );
+	sl = add_to_strlist( notation_data, string );
    if( critical )
 	sl->flags |= 1;
 }
-static int
+static void
-check_policy_url( const char *s )
+add_policy_url( const char *string, int which )
 {
-    if( *s == '!' )
+  int i,critical=0;
-	s++;
+  STRLIST sl;
-    if( !*s )
+
-	return -1;
+  if(*string=='!')
-    for(; *s ; s++ ) {
+    {
-	if( (*s & 0x80) || iscntrl(*s) )
+      string++;
-	    return -1;
+      critical=1;
    }
-    return 0;
+
  for(i=0;i<strlen(string);i++)
    if(string[i]&0x80 || iscntrl(string[i]))
      break;
  if(i==0 || i<strlen(string))
    {
      if(which)
 	log_error(_("the given certification policy URL is invalid\n"));
      else
 	log_error(_("the given signature policy URL is invalid\n"));
    }
  if(which)
    sl=add_to_strlist( &opt.cert_policy_url, string );
  else
    sl=add_to_strlist( &opt.sig_policy_url, string );
  if(critical)
    sl->flags |= 1;    
 }
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -285,7 +285,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	   node->pkt->pkt.signature->version>3)
 	  all_v3=0;
-    if(local || opt.cert_policy_url || opt.notation_data)
+    if(local || opt.cert_policy_url || opt.cert_notation_data)
      force_v4=1;
    /* build a list of all signators.
--- a/g10/options.h
+++ b/g10/options.h
@ -125,10 +125,11 @@ struct {
    char *temp_dir;
    int no_encrypt_to;
    int interactive;
-    STRLIST notation_data;
+    STRLIST sig_notation_data;
    STRLIST cert_notation_data;
    int show_notation;
-    const char *sig_policy_url;
+    STRLIST sig_policy_url;
-    const char *cert_policy_url;
+    STRLIST cert_policy_url;
    int show_policy_url;
    int use_embedded_filename;
    int allow_non_selfsigned_uid;
--- a/g10/sign.c
+++ b/g10/sign.c
@ -61,12 +61,23 @@ mk_notation_and_policy( PKT_signature *sig, PKT_public_key *pk )
    char *s=NULL;
    byte *buf;
    unsigned n1, n2;
    STRLIST nd=NULL,pu=NULL;
    /* notation data */
-    if( opt.notation_data && sig->version < 4 )
+    if(IS_SIG(sig) && opt.sig_notation_data)
      {
 	if(sig->version<4)
 	  log_info("can't put notation data into v3 signatures\n");
-    else if( opt.notation_data ) {
+	else
-	STRLIST nd = opt.notation_data;
+	  nd=opt.sig_notation_data;
      }
    else if( IS_CERT(sig) && opt.cert_notation_data )
      {
 	if(sig->version<4)
 	  log_info("can't put notation data into v3 key signatures\n");
 	else
 	  nd=opt.cert_notation_data;
      }
    for( ; nd; nd = nd->next ) {
        string = nd->d;
@ -88,11 +99,10 @@ mk_notation_and_policy( PKT_signature *sig, PKT_public_key *pk )
 	build_sig_subpkt( sig, SIGSUBPKT_NOTATION
 			  | ((nd->flags & 1)? SIGSUBPKT_FLAG_CRITICAL:0),
 			  buf, 8+n1+n2 );
    }
    if(opt.show_notation)
      show_notation(sig,0);
 	}
    }
    /* set policy URL */
    if( IS_SIG(sig) && opt.sig_policy_url )
@ -100,39 +110,42 @@ mk_notation_and_policy( PKT_signature *sig, PKT_public_key *pk )
 	if(sig->version<4)
 	  log_info("can't put a policy URL into v3 signatures\n");
 	else
-	  s=m_strdup(opt.sig_policy_url);
+	  pu=opt.sig_policy_url;
      }
    else if( IS_CERT(sig) && opt.cert_policy_url )
      {
 	if(sig->version<4)
 	  log_info("can't put a policy URL into v3 key signatures\n");
 	else
 	  pu=opt.cert_policy_url;
      }
    for(;pu;pu=pu->next)
      {
        string = pu->d;
 	if(pk)
 	  {
-	      s=pct_expando(opt.cert_policy_url,pk);
+	    s=pct_expando(string,pk);
 	    if(!s)
 	      {
 		log_error(_("WARNING: unable to %%-expand policy url "
 			    "(too large).  Using unexpanded.\n"));
-		  s=m_strdup(opt.cert_policy_url);
+		s=m_strdup(string);
 	      }
 	  }
 	else
-	    s=m_strdup(opt.cert_policy_url);
+	  s=m_strdup(string);
      }
-    if( s ) {
+	build_sig_subpkt(sig,SIGSUBPKT_POLICY|
-	if( *s == '!' )
+			 ((pu->flags & 1)?SIGSUBPKT_FLAG_CRITICAL:0),
-	    build_sig_subpkt( sig, SIGSUBPKT_POLICY | SIGSUBPKT_FLAG_CRITICAL,
+			 s,strlen(s));
-			      s+1, strlen(s+1) );
+
-	else
+	m_free(s);
-	    build_sig_subpkt( sig, SIGSUBPKT_POLICY, s, strlen(s) );
+      }
    if(opt.show_policy_url)
      show_policy_url(sig,0);
    }
    m_free(s);
 }