* g10.c (main): Add --no-groups to zero --group list.

* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically encrypted session key. Use --s2k-cipher-algo to choose cipher, rather than --cipher-algo. This code is never actually called in stable, but better to fix it here in case we branch in the future. * parse-packet.c (parse_subkeyenc): Call it a "symmetrically encrypted session key" since "session key decryption key" is just baffling. Neaten --list-packets output. * pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless --quiet is set.
2025-01-03 12:11:33 +01:00 · 2003-10-01 14:19:30 +00:00 · 2003-10-01 14:19:30 +00:00 · 23832b60d8
commit 23832b60d8
parent ffc2ff3261
5 changed files with 69 additions and 47 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,20 @@
 2003-10-01  David Shaw  <dshaw@jabberwocky.com>
 	* g10.c (main): Add --no-groups to zero --group list.
 	* encode.c (encode_simple): Allow for 32 bytes (256 bits) of
 	symmetrically encrypted session key.  Use --s2k-cipher-algo to
 	choose cipher, rather than --cipher-algo.  This code is never
 	actually called in stable, but better to fix it here in case we
 	branch in the future.
 	* parse-packet.c (parse_subkeyenc): Call it a "symmetrically
 	encrypted session key" since "session key decryption key" is just
 	baffling.  Neaten --list-packets output.
 	* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning
 	unless --quiet is set.
 2003-09-30  David Shaw  <dshaw@jabberwocky.com>
 	* parse-packet.c (parse_symkeyenc): Give a warning if a session
--- a/g10/encode.c
+++ b/g10/encode.c
@ -38,7 +38,7 @@
 #include "i18n.h"
 #include "status.h"
-static int encode_simple( const char *filename, int mode, int compat );
+static int encode_simple( const char *filename, int mode, int use_seskey );
 static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
@ -50,17 +50,7 @@ static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
 int
 encode_symmetric( const char *filename )
 {
-    int compat = 1;
+    return encode_simple( filename, 1, 0 );
 #if 0    
    /* We don't want to use it because older gnupg version can't
       handle it and we can presume that a lot of scripts are running
       with the expert mode set.  Some time in the future we might
       want to allow for it. */
    if ( opt.expert )
        compat = 0; /* PGP knows how to handle this mode. */
 #endif
    return encode_simple( filename, 1, compat );
 }
 /****************
@ -70,7 +60,7 @@ encode_symmetric( const char *filename )
 int
 encode_store( const char *filename )
 {
-    return encode_simple( filename, 0, 1 );
+    return encode_simple( filename, 0, 0 );
 }
 static void
@ -80,7 +70,7 @@ encode_sesskey( DEK *dek, DEK **ret_dek, byte *enckey )
    DEK *c;
    byte buf[33];
-    assert ( dek->keylen < 32 );
+    assert ( dek->keylen <= 32 );
    c = m_alloc_clear( sizeof *c );
    c->keylen = dek->keylen;
@ -152,8 +142,12 @@ use_mdc(PK_LIST pk_list,int algo)
  return 0; /* No MDC */
 }
 /* We don't want to use use_seskey yet because older gnupg versions
   can't handle it, and there isn't really any point unless we're
   making a message that can be decrypted by a public key or
   passphrase. */
 static int
-encode_simple( const char *filename, int mode, int compat )
+encode_simple( const char *filename, int mode, int use_seskey )
 {
    IOBUF inp, out;
    PACKET pkt;
@ -192,8 +186,8 @@ encode_simple( const char *filename, int mode, int compat )
    /* Due the the fact that we use don't use an IV to encrypt the
       session key we can't use the new mode with RFC1991 because
       it has no S2K salt. RFC1991 always uses simple S2K. */
-    if ( RFC1991 && !compat )
+    if ( RFC1991 && use_seskey )
-        compat = 1;
+        use_seskey = 0;
    cfx.dek = NULL;
    if( mode ) {
@ -213,16 +207,16 @@ encode_simple( const char *filename, int mode, int compat )
 	    log_error(_("error creating passphrase: %s\n"), g10_errstr(rc) );
 	    return rc;
 	}
-        if (!compat && s2k->mode != 1 && s2k->mode != 3) {
+        if (use_seskey && s2k->mode != 1 && s2k->mode != 3) {
-            compat = 1;
+            use_seskey = 0;
            log_info (_("can't use a symmetric ESK packet "
                        "due to the S2K mode\n"));
        }
-        if ( !compat ) {            
+        if ( use_seskey ) {            
-            seskeylen = cipher_get_keylen( opt.def_cipher_algo ?
+            seskeylen = cipher_get_keylen( opt.s2k_cipher_algo ?
-                                           opt.def_cipher_algo:
+                                           opt.s2k_cipher_algo:
-                                           opt.s2k_cipher_algo ) / 8;
+                                           opt.def_cipher_algo ) / 8;
            encode_sesskey( cfx.dek, &dek, enckey );
            m_free( cfx.dek ); cfx.dek = dek;
        }
@ -260,7 +254,7 @@ encode_simple( const char *filename, int mode, int compat )
 	enc->version = 4;
 	enc->cipher_algo = cfx.dek->algo;
 	enc->s2k = *s2k;
-        if ( !compat && seskeylen ) {
+        if ( use_seskey && seskeylen ) {
            enc->seskeylen = seskeylen + 1; /* algo id */
            memcpy( enc->seskey, enckey, seskeylen + 1 );
        }
--- a/g10/g10.c
+++ b/g10/g10.c
@ -51,7 +51,9 @@
 #include "keyserver-internal.h"
 #include "exec.h"
-enum cmd_and_opt_values { aNull = 0,
+enum cmd_and_opt_values
  {
    aNull = 0,
    oArmor	  = 'a',
    aDetachedSign = 'b',
    aSym	  = 'c',
@ -294,13 +296,15 @@ enum cmd_and_opt_values { aNull = 0,
    oLCctype,
    oLCmessages,
    oGroup,
    oNoGroups,
    oStrict,
    oNoStrict,
    oMangleDosFilenames,
    oNoMangleDosFilenames,
    oEnableProgressFilter,
    oMultifile,
-aTest };
+    aTest
  };
 static ARGPARSE_OPTS opts[] = {
@ -599,6 +603,7 @@ static ARGPARSE_OPTS opts[] = {
    { oLCctype,    "lc-ctype",    2, "@" },
    { oLCmessages, "lc-messages", 2, "@" },
    { oGroup,      "group",       2, "@" },
    { oNoGroups,   "no-groups",    0, "@" },
    { oStrict,     "strict",      0, "@" },
    { oNoStrict,   "no-strict",   0, "@" },
    { oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
@ -1252,8 +1257,10 @@ main( int argc, char **argv )
    }
    while( optfile_parse( configfp, configname, &configlineno,
-						&pargs, opts) ) {
+						&pargs, opts) )
-	switch( pargs.r_opt ) {
+      {
 	switch( pargs.r_opt )
 	  {
 	  case aCheckKeys: set_cmd( &cmd, aCheckKeys); break;
 	  case aListPackets: set_cmd( &cmd, aListPackets); break;
 	  case aImport: set_cmd( &cmd, aImport); break;
@ -1705,6 +1712,15 @@ main( int argc, char **argv )
          case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
          case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
 	  case oGroup: add_group(pargs.r.ret_str); break;
 	  case oNoGroups:
 	    while(opt.grouplist)
 	      {
 		struct groupitem *iter=opt.grouplist;
 		free_strlist(iter->values);
 		opt.grouplist=opt.grouplist->next;
 		m_free(iter);
 	      }
 	    break;
 	  case oStrict: /* noop */ break;
 	  case oNoStrict: /* noop */ break;
          case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
@ -1713,8 +1729,8 @@ main( int argc, char **argv )
 	  case oMultifile: multifile=1; break;
 	  default : pargs.err = configfp? 1:2; break;
-	}
+	  }
-    }
+      }
    if( configfp ) {
 	fclose( configfp );
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -687,13 +687,17 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
 	   with no salt.  The RFC says that using salt for this is a
 	   MUST. */
 	if(s2kmode!=1 && s2kmode!=3)
-	  log_info(_("WARNING: potentially insecure session key decryption key\n"));
+	  log_info(_("WARNING: potentially insecure symmetrically"
 		     " encrypted session key\n"));
      }
    assert( !pktlen );
    if( list_mode ) {
-	printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d\n",
+	printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
-			    version, cipher_algo, s2kmode, hash_algo);
+	       version, cipher_algo, s2kmode, hash_algo);
 	if(seskeylen)
 	  printf(", seskey %d bits",(seskeylen-1)*8);
 	printf("\n");
 	if( s2kmode == 1 || s2kmode == 3 ) {
 	    printf("\tsalt ");
 	    for(i=0; i < 8; i++ )
@ -702,9 +706,6 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
 		printf(", count %lu", (ulong)k->s2k.count );
 	    printf("\n");
 	}
 	if(seskeylen)
 	  printf("\tsession key decryption key present (%d bytes)\n",
 		 seskeylen-1);
    }
  leave:
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -210,17 +210,11 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
 	    log_error("oops: public key not found for preference check\n");
        }
 	else if( pkb->pkt->pkt.public_key->selfsigversion > 3
-            && dek->algo != CIPHER_ALGO_3DES
+		 && dek->algo != CIPHER_ALGO_3DES
-	    && !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ) ) {
+		 && !opt.quiet
-	    /* Don't print a note while we are not on verbose mode,
+		 && !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ))
-	     * the cipher is blowfish and the preferences have twofish
+	  log_info(_("NOTE: cipher algorithm %d not found in preferences\n"),
-	     * listed */
+		   dek->algo );
 	    if( opt.verbose || dek->algo != CIPHER_ALGO_BLOWFISH
 		|| !is_algo_in_prefs( pkb, PREFTYPE_SYM, CIPHER_ALGO_TWOFISH))
 		log_info(_(
 		    "NOTE: cipher algorithm %d not found in preferences\n"),
 								 dek->algo );
 	}
        if (!rc) {
            KBNODE k;