security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Remove options --pgp2 and --rfc1991.

Browse source 
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
This commit is contained in:
Werner Koch 2014-08-12 10:36:30 +02:00
parent 49c9a958e0
commit 2b8d8369d5
14 changed files with 51 additions and 249 deletions
Download patch file Download diff file Expand all files Collapse all files

51
g10/sign.c
View file

@ -509,11 +509,6 @@ hash_for (PKT_public_key *pk)
return DIGEST_ALGO_SHA1;
}
else if (PGP2 && pk->pubkey_algo == PUBKEY_ALGO_RSA && pk->version < 4 )
{
/* Old-style PGP only understands MD5 */
return DIGEST_ALGO_MD5;
}
else if (opt.personal_digest_prefs)
{
/* It's not DSA, so we can use whatever the first hash algorithm
@ -659,7 +654,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
pt->timestamp = make_timestamp ();
pt->mode = ptmode;
pt->len = filesize;
pt->new_ctb = !pt->len && !RFC1991;
pt->new_ctb = !pt->len;
pt->buf = inp;
init_packet(&pkt);
pkt.pkttype = PKT_PLAINTEXT;
@ -710,7 +705,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
/* Build the signature packet. */
sig = xmalloc_clear (sizeof *sig);
if (opt.force_v3_sigs || RFC1991)
if (opt.force_v3_sigs)
sig->version = 3;
else if (duration || opt.sig_policy_url
|| opt.sig_notations || opt.sig_keyserver_url)
@ -819,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
goto leave;
if(!opt.force_v3_sigs && !RFC1991)
if(!opt.force_v3_sigs)
{
if(opt.ask_sig_expire && !opt.batch)
duration=ask_expire_interval(1,opt.def_sig_expire);
@ -832,13 +827,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave;
if(PGP2 && !only_old_style(sk_list))
{
log_info(_("you can only detach-sign with PGP 2.x style keys "
"while in --pgp2 mode\n"));
compliance_failure();
}
if (encryptflag
&& (rc=build_pk_list (ctrl, remusr, &pk_list, PUBKEY_USAGE_ENC)))
goto leave;
@ -986,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
if( !multifile )
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag && !RFC1991 )
if( detached && !encryptflag)
afx->what = 2;
if( opt.armor && !outfile )
@ -1029,7 +1017,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
}
/* Write the one-pass signature packets if needed */
if (!detached && !RFC1991) {
if (!detached) {
rc = write_onepass_sig_packets (sk_list, out,
opt.textmode && !outfile ? 0x01:0x00);
if (rc)
@ -1135,7 +1123,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
int rc = 0;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
int old_style = RFC1991;
int old_style = 0;
int only_md5 = 0;
u32 duration=0;
@ -1143,7 +1131,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
afx = new_armor_context ();
init_packet( &pkt );
if(!opt.force_v3_sigs && !RFC1991)
if(!opt.force_v3_sigs)
{
if(opt.ask_sig_expire && !opt.batch)
duration=ask_expire_interval(1,opt.def_sig_expire);
@ -1156,16 +1144,9 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave;
if( !old_style && !duration )
if(!duration )
old_style = only_old_style( sk_list );
if(PGP2 && !only_old_style(sk_list))
{
log_info(_("you can only clearsign with PGP 2.x style keys "
"while in --pgp2 mode\n"));
compliance_failure();
}
/* prepare iobufs */
inp = iobuf_open(fname);
if (inp && is_secured_file (iobuf_get_fd (inp)))
@ -1311,7 +1292,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
if(!opt.force_v3_sigs && !RFC1991)
if(!opt.force_v3_sigs)
{
if(opt.ask_sig_expire && !opt.batch)
duration=ask_expire_interval(1,opt.def_sig_expire);
@ -1343,7 +1324,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
/* prepare key */
s2k = xmalloc_clear( sizeof *s2k );
s2k->mode = RFC1991? 0:opt.s2k_mode;
s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO;
algo = default_cipher_algo();
@ -1389,7 +1370,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
/* Write the symmetric key packet */
/*(current filters: armor)*/
if (!RFC1991) {
{
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
enc->version = 4;
enc->cipher_algo = cfx.dek->algo;
@ -1410,12 +1391,10 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
/* Write the one-pass signature packets */
/*(current filters: zip - encrypt - armor)*/
if (!RFC1991) {
rc = write_onepass_sig_packets (sk_list, out,
opt.textmode? 0x01:0x00);
if (rc)
goto leave;
}
rc = write_onepass_sig_packets (sk_list, out,
opt.textmode? 0x01:0x00);
if (rc)
goto leave;
write_status_begin_signing (mfx.md);