mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove (opts): Remove --pgp2 and --rfc1991. * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users. (RFC2440, PGP2): Remove. Remove all code only enabled by these conditions. * tests/openpgp/clearsig.test: Remove --rfc1991 test. -- The use of PGP 2.c is considered insecure for quite some time now (e.g. due to the use of MD5). Thus we remove all support for _creating_ PGP 2 compatible messages.
This commit is contained in:
parent
49c9a958e0
commit
2b8d8369d5
3
NEWS
3
NEWS
@ -1,6 +1,9 @@
|
|||||||
Noteworthy changes in version 2.1.0-betaxxx (unreleased)
|
Noteworthy changes in version 2.1.0-betaxxx (unreleased)
|
||||||
--------------------------------------------------------
|
--------------------------------------------------------
|
||||||
|
|
||||||
|
* gpg: Removed the option --pgp2 and --rfc1991 and the ability to
|
||||||
|
create PGP-2 compatible messages.
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 2.1.0-beta751 (2014-07-03)
|
Noteworthy changes in version 2.1.0-beta751 (2014-07-03)
|
||||||
--------------------------------------------------------
|
--------------------------------------------------------
|
||||||
|
12
doc/gpg.texi
12
doc/gpg.texi
@ -1476,7 +1476,7 @@ Set what trust model GnuPG should follow. The models are:
|
|||||||
|
|
||||||
@item classic
|
@item classic
|
||||||
@opindex trust-mode:classic
|
@opindex trust-mode:classic
|
||||||
This is the standard Web of Trust as used in PGP 2.x and earlier.
|
This is the standard Web of Trust as introduced by PGP 2.
|
||||||
|
|
||||||
@item direct
|
@item direct
|
||||||
@opindex trust-mode:direct
|
@opindex trust-mode:direct
|
||||||
@ -2342,9 +2342,11 @@ behavior. Note that this is currently the same thing as
|
|||||||
Reset all packet, cipher and digest options to strict RFC-2440
|
Reset all packet, cipher and digest options to strict RFC-2440
|
||||||
behavior.
|
behavior.
|
||||||
|
|
||||||
|
@ifclear gpgtowone
|
||||||
@item --rfc1991
|
@item --rfc1991
|
||||||
@opindex rfc1991
|
@opindex rfc1991
|
||||||
Try to be more RFC-1991 (PGP 2.x) compliant.
|
Try to be more RFC-1991 (PGP 2.x) compliant. This option is
|
||||||
|
deprecated will be removed in GnuPG 2.1.
|
||||||
|
|
||||||
@item --pgp2
|
@item --pgp2
|
||||||
@opindex pgp2
|
@opindex pgp2
|
||||||
@ -2367,6 +2369,12 @@ This option implies
|
|||||||
@end ifclear
|
@end ifclear
|
||||||
It also disables @option{--textmode} when encrypting.
|
It also disables @option{--textmode} when encrypting.
|
||||||
|
|
||||||
|
This option is deprecated will be removed in GnuPG 2.1. The reason
|
||||||
|
for dropping PGP-2 support is that the PGP 2 format is not anymore
|
||||||
|
considered safe (for example due to the use of the broken MD5 algorithm).
|
||||||
|
Note that the decryption of PGP-2 created messages will continue to work.
|
||||||
|
@end ifclear
|
||||||
|
|
||||||
@item --pgp6
|
@item --pgp6
|
||||||
@opindex pgp6
|
@opindex pgp6
|
||||||
Set up all options to be as PGP 6 compliant as possible. This
|
Set up all options to be as PGP 6 compliant as possible. This
|
||||||
|
@ -56,7 +56,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
|
|||||||
memset( &ed, 0, sizeof ed );
|
memset( &ed, 0, sizeof ed );
|
||||||
ed.len = cfx->datalen;
|
ed.len = cfx->datalen;
|
||||||
ed.extralen = blocksize+2;
|
ed.extralen = blocksize+2;
|
||||||
ed.new_ctb = !ed.len && !RFC1991;
|
ed.new_ctb = !ed.len;
|
||||||
if( cfx->dek->use_mdc ) {
|
if( cfx->dek->use_mdc ) {
|
||||||
ed.mdc_method = DIGEST_ALGO_SHA1;
|
ed.mdc_method = DIGEST_ALGO_SHA1;
|
||||||
gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0);
|
gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0);
|
||||||
|
@ -104,8 +104,8 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
|
|||||||
static int
|
static int
|
||||||
use_mdc(PK_LIST pk_list,int algo)
|
use_mdc(PK_LIST pk_list,int algo)
|
||||||
{
|
{
|
||||||
/* RFC-1991 and 2440 don't have MDC */
|
/* RFC-2440 don't has MDC */
|
||||||
if(RFC1991 || RFC2440)
|
if (RFC2440)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* --force-mdc overrides --disable-mdc */
|
/* --force-mdc overrides --disable-mdc */
|
||||||
@ -174,7 +174,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
|||||||
compress_filter_context_t zfx;
|
compress_filter_context_t zfx;
|
||||||
text_filter_context_t tfx;
|
text_filter_context_t tfx;
|
||||||
progress_filter_context_t *pfx;
|
progress_filter_context_t *pfx;
|
||||||
int do_compress = !RFC1991 && default_compress_algo();
|
int do_compress = !!default_compress_algo();
|
||||||
|
|
||||||
pfx = new_progress_context ();
|
pfx = new_progress_context ();
|
||||||
memset( &cfx, 0, sizeof cfx);
|
memset( &cfx, 0, sizeof cfx);
|
||||||
@ -206,19 +206,13 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
|||||||
if (opt.textmode)
|
if (opt.textmode)
|
||||||
iobuf_push_filter( inp, text_filter, &tfx );
|
iobuf_push_filter( inp, text_filter, &tfx );
|
||||||
|
|
||||||
/* Due the the fact that we use don't use an IV to encrypt the
|
|
||||||
session key we can't use the new mode with RFC1991 because it has
|
|
||||||
no S2K salt. RFC1991 always uses simple S2K. */
|
|
||||||
if ( RFC1991 && use_seskey )
|
|
||||||
use_seskey = 0;
|
|
||||||
|
|
||||||
cfx.dek = NULL;
|
cfx.dek = NULL;
|
||||||
if ( mode )
|
if ( mode )
|
||||||
{
|
{
|
||||||
int canceled;
|
int canceled;
|
||||||
|
|
||||||
s2k = xmalloc_clear( sizeof *s2k );
|
s2k = xmalloc_clear( sizeof *s2k );
|
||||||
s2k->mode = RFC1991? 0:opt.s2k_mode;
|
s2k->mode = opt.s2k_mode;
|
||||||
s2k->hash_algo = S2K_DIGEST_ALGO;
|
s2k->hash_algo = S2K_DIGEST_ALGO;
|
||||||
cfx.dek = passphrase_to_dek (NULL, 0,
|
cfx.dek = passphrase_to_dek (NULL, 0,
|
||||||
default_cipher_algo(), s2k, 4,
|
default_cipher_algo(), s2k, 4,
|
||||||
@ -279,7 +273,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
|||||||
push_armor_filter (afx, out);
|
push_armor_filter (afx, out);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( s2k && !RFC1991 )
|
if ( s2k )
|
||||||
{
|
{
|
||||||
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc + seskeylen + 1 );
|
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc + seskeylen + 1 );
|
||||||
enc->version = 4;
|
enc->version = 4;
|
||||||
@ -335,7 +329,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
|
|||||||
pt->timestamp = make_timestamp();
|
pt->timestamp = make_timestamp();
|
||||||
pt->mode = opt.textmode? 't' : 'b';
|
pt->mode = opt.textmode? 't' : 'b';
|
||||||
pt->len = filesize;
|
pt->len = filesize;
|
||||||
pt->new_ctb = !pt->len && !RFC1991;
|
pt->new_ctb = !pt->len;
|
||||||
pt->buf = inp;
|
pt->buf = inp;
|
||||||
pkt.pkttype = PKT_PLAINTEXT;
|
pkt.pkttype = PKT_PLAINTEXT;
|
||||||
pkt.pkt.plaintext = pt;
|
pkt.pkt.plaintext = pt;
|
||||||
@ -478,13 +472,13 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
|
|||||||
compress_filter_context_t zfx;
|
compress_filter_context_t zfx;
|
||||||
text_filter_context_t tfx;
|
text_filter_context_t tfx;
|
||||||
progress_filter_context_t *pfx;
|
progress_filter_context_t *pfx;
|
||||||
PK_LIST pk_list, work_list;
|
PK_LIST pk_list;
|
||||||
int do_compress;
|
int do_compress;
|
||||||
|
|
||||||
if (filefd != -1 && filename)
|
if (filefd != -1 && filename)
|
||||||
return gpg_error (GPG_ERR_INV_ARG);
|
return gpg_error (GPG_ERR_INV_ARG);
|
||||||
|
|
||||||
do_compress = opt.compress_algo && !RFC1991;
|
do_compress = !!opt.compress_algo;
|
||||||
|
|
||||||
pfx = new_progress_context ();
|
pfx = new_progress_context ();
|
||||||
memset( &cfx, 0, sizeof cfx);
|
memset( &cfx, 0, sizeof cfx);
|
||||||
@ -510,19 +504,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(PGP2)
|
|
||||||
{
|
|
||||||
for (work_list=pk_list; work_list; work_list=work_list->next)
|
|
||||||
if (!(is_RSA (work_list->pk->pubkey_algo)
|
|
||||||
&& nbits_from_pk (work_list->pk) <= 2048))
|
|
||||||
{
|
|
||||||
log_info(_("you can only encrypt to RSA keys of 2048 bits or "
|
|
||||||
"less in --pgp2 mode\n"));
|
|
||||||
compliance_failure();
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Prepare iobufs. */
|
/* Prepare iobufs. */
|
||||||
#ifdef HAVE_W32_SYSTEM
|
#ifdef HAVE_W32_SYSTEM
|
||||||
if (filefd == -1)
|
if (filefd == -1)
|
||||||
@ -592,13 +573,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
|
|||||||
if (cfx.dek->algo == -1)
|
if (cfx.dek->algo == -1)
|
||||||
{
|
{
|
||||||
cfx.dek->algo = CIPHER_ALGO_3DES;
|
cfx.dek->algo = CIPHER_ALGO_3DES;
|
||||||
|
|
||||||
if (PGP2)
|
|
||||||
{
|
|
||||||
log_info(_("unable to use the IDEA cipher for all of the keys "
|
|
||||||
"you are encrypting to.\n"));
|
|
||||||
compliance_failure();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* In case 3DES has been selected, print a warning if any key
|
/* In case 3DES has been selected, print a warning if any key
|
||||||
@ -687,7 +661,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
|
|||||||
pt->timestamp = make_timestamp();
|
pt->timestamp = make_timestamp();
|
||||||
pt->mode = opt.textmode ? 't' : 'b';
|
pt->mode = opt.textmode ? 't' : 'b';
|
||||||
pt->len = filesize;
|
pt->len = filesize;
|
||||||
pt->new_ctb = !pt->len && !RFC1991;
|
pt->new_ctb = !pt->len;
|
||||||
pt->buf = inp;
|
pt->buf = inp;
|
||||||
pkt.pkttype = PKT_PLAINTEXT;
|
pkt.pkttype = PKT_PLAINTEXT;
|
||||||
pkt.pkt.plaintext = pt;
|
pkt.pkt.plaintext = pt;
|
||||||
@ -895,7 +869,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
|
|||||||
keyid_from_pk( pk, enc->keyid );
|
keyid_from_pk( pk, enc->keyid );
|
||||||
enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
|
enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
|
||||||
|
|
||||||
if (opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8))
|
if (opt.throw_keyid && (PGP6 || PGP7 || PGP8))
|
||||||
{
|
{
|
||||||
log_info(_("you may not use %s while in %s mode\n"),
|
log_info(_("you may not use %s while in %s mode\n"),
|
||||||
"--throw-keyid",compliance_option_string());
|
"--throw-keyid",compliance_option_string());
|
||||||
|
87
g10/gpg.c
87
g10/gpg.c
@ -205,11 +205,9 @@ enum cmd_and_opt_values
|
|||||||
oMaxCertDepth,
|
oMaxCertDepth,
|
||||||
oLoadExtension,
|
oLoadExtension,
|
||||||
oGnuPG,
|
oGnuPG,
|
||||||
oRFC1991,
|
|
||||||
oRFC2440,
|
oRFC2440,
|
||||||
oRFC4880,
|
oRFC4880,
|
||||||
oOpenPGP,
|
oOpenPGP,
|
||||||
oPGP2,
|
|
||||||
oPGP6,
|
oPGP6,
|
||||||
oPGP7,
|
oPGP7,
|
||||||
oPGP8,
|
oPGP8,
|
||||||
@ -573,11 +571,9 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
|
ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
|
||||||
ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
|
ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
|
||||||
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
|
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
|
||||||
ARGPARSE_s_n (oRFC1991, "rfc1991", "@"),
|
|
||||||
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
|
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
|
||||||
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
|
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
|
||||||
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
|
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
|
||||||
ARGPARSE_s_n (oPGP2, "pgp2", "@"),
|
|
||||||
ARGPARSE_s_n (oPGP6, "pgp6", "@"),
|
ARGPARSE_s_n (oPGP6, "pgp6", "@"),
|
||||||
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
|
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
|
||||||
ARGPARSE_s_n (oPGP8, "pgp8", "@"),
|
ARGPARSE_s_n (oPGP8, "pgp8", "@"),
|
||||||
@ -2484,11 +2480,6 @@ main (int argc, char **argv)
|
|||||||
/* Dummy so that gpg 1.4 conf files can work. Should
|
/* Dummy so that gpg 1.4 conf files can work. Should
|
||||||
eventually be removed. */
|
eventually be removed. */
|
||||||
break;
|
break;
|
||||||
case oRFC1991:
|
|
||||||
opt.compliance = CO_RFC1991;
|
|
||||||
opt.force_v4_certs = 0;
|
|
||||||
opt.escape_from = 1;
|
|
||||||
break;
|
|
||||||
case oOpenPGP:
|
case oOpenPGP:
|
||||||
case oRFC4880:
|
case oRFC4880:
|
||||||
/* This is effectively the same as RFC2440, but with
|
/* This is effectively the same as RFC2440, but with
|
||||||
@ -2530,7 +2521,6 @@ main (int argc, char **argv)
|
|||||||
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
|
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
|
||||||
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
|
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
|
||||||
break;
|
break;
|
||||||
case oPGP2: opt.compliance = CO_PGP2; break;
|
|
||||||
case oPGP6: opt.compliance = CO_PGP6; break;
|
case oPGP6: opt.compliance = CO_PGP6; break;
|
||||||
case oPGP7: opt.compliance = CO_PGP7; break;
|
case oPGP7: opt.compliance = CO_PGP7; break;
|
||||||
case oPGP8: opt.compliance = CO_PGP8; break;
|
case oPGP8: opt.compliance = CO_PGP8; break;
|
||||||
@ -3238,78 +3228,7 @@ main (int argc, char **argv)
|
|||||||
log_clock ("start");
|
log_clock ("start");
|
||||||
|
|
||||||
/* Do these after the switch(), so they can override settings. */
|
/* Do these after the switch(), so they can override settings. */
|
||||||
if(PGP2)
|
if(PGP6)
|
||||||
{
|
|
||||||
int unusable=0;
|
|
||||||
|
|
||||||
if(cmd==aSign && !detached_sig)
|
|
||||||
{
|
|
||||||
log_info(_("you can only make detached or clear signatures "
|
|
||||||
"while in --pgp2 mode\n"));
|
|
||||||
unusable=1;
|
|
||||||
}
|
|
||||||
else if(cmd==aSignEncr || cmd==aSignSym)
|
|
||||||
{
|
|
||||||
log_info(_("you can't sign and encrypt at the "
|
|
||||||
"same time while in --pgp2 mode\n"));
|
|
||||||
unusable=1;
|
|
||||||
}
|
|
||||||
else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
|
|
||||||
{
|
|
||||||
log_info(_("you must use files (and not a pipe) when "
|
|
||||||
"working with --pgp2 enabled.\n"));
|
|
||||||
unusable=1;
|
|
||||||
}
|
|
||||||
else if(cmd==aEncr || cmd==aSym)
|
|
||||||
{
|
|
||||||
/* Everything else should work without IDEA (except using
|
|
||||||
a secret key encrypted with IDEA and setting an IDEA
|
|
||||||
preference, but those have their own error
|
|
||||||
messages). */
|
|
||||||
|
|
||||||
if (openpgp_cipher_test_algo(CIPHER_ALGO_IDEA))
|
|
||||||
{
|
|
||||||
log_info(_("encrypting a message in --pgp2 mode requires "
|
|
||||||
"the IDEA cipher\n"));
|
|
||||||
unusable=1;
|
|
||||||
}
|
|
||||||
else if(cmd==aSym)
|
|
||||||
{
|
|
||||||
/* This only sets IDEA for symmetric encryption
|
|
||||||
since it is set via select_algo_from_prefs for
|
|
||||||
pk encryption. */
|
|
||||||
xfree(def_cipher_string);
|
|
||||||
def_cipher_string = xstrdup("idea");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* PGP2 can't handle the output from the textmode
|
|
||||||
filter, so we disable it for anything that could
|
|
||||||
create a literal packet (only encryption and
|
|
||||||
symmetric encryption, since we disable signing
|
|
||||||
above). */
|
|
||||||
if(!unusable)
|
|
||||||
opt.textmode=0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(unusable)
|
|
||||||
compliance_failure();
|
|
||||||
else
|
|
||||||
{
|
|
||||||
opt.force_v4_certs = 0;
|
|
||||||
opt.escape_from = 1;
|
|
||||||
opt.force_v3_sigs = 1;
|
|
||||||
opt.pgp2_workarounds = 1;
|
|
||||||
opt.ask_sig_expire = 0;
|
|
||||||
opt.ask_cert_expire = 0;
|
|
||||||
opt.flags.allow_weak_digest_algos = 1;
|
|
||||||
xfree(def_digest_string);
|
|
||||||
def_digest_string = xstrdup("md5");
|
|
||||||
xfree(s2k_digest_string);
|
|
||||||
s2k_digest_string = xstrdup("md5");
|
|
||||||
opt.compress_algo = COMPRESS_ALGO_ZIP;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if(PGP6)
|
|
||||||
{
|
{
|
||||||
opt.disable_mdc=1;
|
opt.disable_mdc=1;
|
||||||
opt.escape_from=1;
|
opt.escape_from=1;
|
||||||
@ -3675,7 +3594,7 @@ main (int argc, char **argv)
|
|||||||
else if(opt.s2k_mode==0)
|
else if(opt.s2k_mode==0)
|
||||||
log_error(_("you cannot use --symmetric --encrypt"
|
log_error(_("you cannot use --symmetric --encrypt"
|
||||||
" with --s2k-mode 0\n"));
|
" with --s2k-mode 0\n"));
|
||||||
else if(PGP2 || PGP6 || PGP7 || RFC1991)
|
else if(PGP6 || PGP7)
|
||||||
log_error(_("you cannot use --symmetric --encrypt"
|
log_error(_("you cannot use --symmetric --encrypt"
|
||||||
" while in %s mode\n"),compliance_option_string());
|
" while in %s mode\n"),compliance_option_string());
|
||||||
else
|
else
|
||||||
@ -3726,7 +3645,7 @@ main (int argc, char **argv)
|
|||||||
else if(opt.s2k_mode==0)
|
else if(opt.s2k_mode==0)
|
||||||
log_error(_("you cannot use --symmetric --sign --encrypt"
|
log_error(_("you cannot use --symmetric --sign --encrypt"
|
||||||
" with --s2k-mode 0\n"));
|
" with --s2k-mode 0\n"));
|
||||||
else if(PGP2 || PGP6 || PGP7 || RFC1991)
|
else if(PGP6 || PGP7)
|
||||||
log_error(_("you cannot use --symmetric --sign --encrypt"
|
log_error(_("you cannot use --symmetric --sign --encrypt"
|
||||||
" while in %s mode\n"),compliance_option_string());
|
" while in %s mode\n"),compliance_option_string());
|
||||||
else
|
else
|
||||||
|
@ -518,19 +518,6 @@ sign_uids (estream_t fp,
|
|||||||
KBNODE node, uidnode;
|
KBNODE node, uidnode;
|
||||||
PKT_public_key *primary_pk = NULL;
|
PKT_public_key *primary_pk = NULL;
|
||||||
int select_all = !count_selected_uids (keyblock) || interactive;
|
int select_all = !count_selected_uids (keyblock) || interactive;
|
||||||
int all_v3 = 1;
|
|
||||||
|
|
||||||
/* Are there any non-v3 sigs on this key already? */
|
|
||||||
if (PGP2)
|
|
||||||
{
|
|
||||||
for (node = keyblock; node; node = node->next)
|
|
||||||
if (node->pkt->pkttype == PKT_SIGNATURE &&
|
|
||||||
node->pkt->pkt.signature->version > 3)
|
|
||||||
{
|
|
||||||
all_v3 = 0;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Build a list of all signators.
|
/* Build a list of all signators.
|
||||||
*
|
*
|
||||||
@ -894,29 +881,6 @@ sign_uids (estream_t fp,
|
|||||||
if (duration)
|
if (duration)
|
||||||
force_v4 = 1;
|
force_v4 = 1;
|
||||||
|
|
||||||
/* Is --pgp2 on, it's a v3 key, all the sigs on the key are
|
|
||||||
currently v3 and we're about to sign it with a v4 sig? If
|
|
||||||
so, danger! */
|
|
||||||
if (PGP2 && all_v3 &&
|
|
||||||
(pk->version > 3 || force_v4) && primary_pk->version <= 3)
|
|
||||||
{
|
|
||||||
tty_fprintf (fp, _("You may not make an OpenPGP signature on a "
|
|
||||||
"PGP 2.x key while in --pgp2 mode.\n"));
|
|
||||||
tty_fprintf (fp, _("This would make the key unusable in PGP 2.x.\n"));
|
|
||||||
|
|
||||||
if (opt.expert && !quick)
|
|
||||||
{
|
|
||||||
if (!cpr_get_answer_is_yes ("sign_uid.v4_on_v3_okay",
|
|
||||||
_("Are you sure you still "
|
|
||||||
"want to sign it? (y/N) ")))
|
|
||||||
continue;
|
|
||||||
|
|
||||||
all_v3 = 0;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (selfsig)
|
if (selfsig)
|
||||||
;
|
;
|
||||||
else
|
else
|
||||||
@ -1773,7 +1737,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case cmdADDPHOTO:
|
case cmdADDPHOTO:
|
||||||
if (RFC2440 || RFC1991 || PGP2)
|
if (RFC2440)
|
||||||
{
|
{
|
||||||
tty_printf (_("This command is not allowed while in %s mode.\n"),
|
tty_printf (_("This command is not allowed while in %s mode.\n"),
|
||||||
compliance_option_string ());
|
compliance_option_string ());
|
||||||
|
10
g10/keygen.c
10
g10/keygen.c
@ -341,16 +341,6 @@ keygen_set_std_prefs (const char *string,int personal)
|
|||||||
if ( !openpgp_cipher_test_algo (CIPHER_ALGO_CAST5) )
|
if ( !openpgp_cipher_test_algo (CIPHER_ALGO_CAST5) )
|
||||||
strcat(dummy_string,"S3 ");
|
strcat(dummy_string,"S3 ");
|
||||||
strcat(dummy_string,"S2 "); /* 3DES */
|
strcat(dummy_string,"S2 "); /* 3DES */
|
||||||
/* If we have it, IDEA goes *after* 3DES so it won't be
|
|
||||||
used unless we're encrypting along with a V3 key.
|
|
||||||
Ideally, we would only put the S1 preference in if the
|
|
||||||
key was RSA and <=2048 bits, as that is what won't
|
|
||||||
break PGP2, but that is difficult with the current
|
|
||||||
code, and not really worth checking as a non-RSA <=2048
|
|
||||||
bit key wouldn't be usable by PGP2 anyway. -dms */
|
|
||||||
if (PGP2 && !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
|
|
||||||
strcat(dummy_string,"S1 ");
|
|
||||||
|
|
||||||
|
|
||||||
/* The default hash algo order is:
|
/* The default hash algo order is:
|
||||||
SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
|
SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
|
||||||
|
10
g10/misc.c
10
g10/misc.c
@ -1191,8 +1191,6 @@ compliance_option_string(void)
|
|||||||
case CO_GNUPG: return "--gnupg";
|
case CO_GNUPG: return "--gnupg";
|
||||||
case CO_RFC4880: return "--openpgp";
|
case CO_RFC4880: return "--openpgp";
|
||||||
case CO_RFC2440: return "--rfc2440";
|
case CO_RFC2440: return "--rfc2440";
|
||||||
case CO_RFC1991: return "--rfc1991";
|
|
||||||
case CO_PGP2: return "--pgp2";
|
|
||||||
case CO_PGP6: return "--pgp6";
|
case CO_PGP6: return "--pgp6";
|
||||||
case CO_PGP7: return "--pgp7";
|
case CO_PGP7: return "--pgp7";
|
||||||
case CO_PGP8: return "--pgp8";
|
case CO_PGP8: return "--pgp8";
|
||||||
@ -1220,14 +1218,6 @@ compliance_failure(void)
|
|||||||
ver="OpenPGP (older)";
|
ver="OpenPGP (older)";
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case CO_RFC1991:
|
|
||||||
ver="old PGP";
|
|
||||||
break;
|
|
||||||
|
|
||||||
case CO_PGP2:
|
|
||||||
ver="PGP 2.x";
|
|
||||||
break;
|
|
||||||
|
|
||||||
case CO_PGP6:
|
case CO_PGP6:
|
||||||
ver="PGP 6.x";
|
ver="PGP 6.x";
|
||||||
break;
|
break;
|
||||||
|
@ -121,7 +121,7 @@ struct
|
|||||||
int force_ownertrust;
|
int force_ownertrust;
|
||||||
enum
|
enum
|
||||||
{
|
{
|
||||||
CO_GNUPG, CO_RFC4880, CO_RFC2440, CO_RFC1991, CO_PGP2,
|
CO_GNUPG, CO_RFC4880, CO_RFC2440,
|
||||||
CO_PGP6, CO_PGP7, CO_PGP8
|
CO_PGP6, CO_PGP7, CO_PGP8
|
||||||
} compliance;
|
} compliance;
|
||||||
enum
|
enum
|
||||||
@ -307,14 +307,12 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
|||||||
|
|
||||||
/* Compatibility flags. */
|
/* Compatibility flags. */
|
||||||
#define GNUPG (opt.compliance==CO_GNUPG)
|
#define GNUPG (opt.compliance==CO_GNUPG)
|
||||||
#define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2)
|
|
||||||
#define RFC2440 (opt.compliance==CO_RFC2440)
|
#define RFC2440 (opt.compliance==CO_RFC2440)
|
||||||
#define RFC4880 (opt.compliance==CO_RFC4880)
|
#define RFC4880 (opt.compliance==CO_RFC4880)
|
||||||
#define PGP2 (opt.compliance==CO_PGP2)
|
|
||||||
#define PGP6 (opt.compliance==CO_PGP6)
|
#define PGP6 (opt.compliance==CO_PGP6)
|
||||||
#define PGP7 (opt.compliance==CO_PGP7)
|
#define PGP7 (opt.compliance==CO_PGP7)
|
||||||
#define PGP8 (opt.compliance==CO_PGP8)
|
#define PGP8 (opt.compliance==CO_PGP8)
|
||||||
#define PGPX (PGP2 || PGP6 || PGP7 || PGP8)
|
#define PGPX (PGP6 || PGP7 || PGP8)
|
||||||
|
|
||||||
/* Various option flags. Note that there should be no common string
|
/* Various option flags. Note that there should be no common string
|
||||||
names between the IMPORT_ and EXPORT_ flags as they can be mixed in
|
names between the IMPORT_ and EXPORT_ flags as they can be mixed in
|
||||||
|
@ -928,7 +928,7 @@ build_pk_list (ctrl_t ctrl,
|
|||||||
|
|
||||||
/* Hidden recipients are not allowed while in PGP mode,
|
/* Hidden recipients are not allowed while in PGP mode,
|
||||||
issue a warning and switch into GnuPG mode. */
|
issue a warning and switch into GnuPG mode. */
|
||||||
if ((rov->flags&2) && (PGP2 || PGP6 || PGP7 || PGP8))
|
if ((rov->flags&2) && (PGP6 || PGP7 || PGP8))
|
||||||
{
|
{
|
||||||
log_info(_("you may not use %s while in %s mode\n"),
|
log_info(_("you may not use %s while in %s mode\n"),
|
||||||
"--hidden-recipient",
|
"--hidden-recipient",
|
||||||
@ -978,7 +978,7 @@ build_pk_list (ctrl_t ctrl,
|
|||||||
/* Hidden encrypt-to recipients are not allowed while
|
/* Hidden encrypt-to recipients are not allowed while
|
||||||
in PGP mode, issue a warning and switch into
|
in PGP mode, issue a warning and switch into
|
||||||
GnuPG mode. */
|
GnuPG mode. */
|
||||||
if ((r->flags&1) && (PGP2 || PGP6 || PGP7 || PGP8))
|
if ((r->flags&1) && (PGP6 || PGP7 || PGP8))
|
||||||
{
|
{
|
||||||
log_info(_("you may not use %s while in %s mode\n"),
|
log_info(_("you may not use %s while in %s mode\n"),
|
||||||
"--hidden-encrypt-to",
|
"--hidden-encrypt-to",
|
||||||
@ -1344,10 +1344,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
|
|||||||
dropped from 4880 but is still relevant to GPG's 1991
|
dropped from 4880 but is still relevant to GPG's 1991
|
||||||
support. All this doesn't mean IDEA is actually
|
support. All this doesn't mean IDEA is actually
|
||||||
available, of course. */
|
available, of course. */
|
||||||
if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
|
implicit=CIPHER_ALGO_3DES;
|
||||||
implicit=CIPHER_ALGO_IDEA;
|
|
||||||
else
|
|
||||||
implicit=CIPHER_ALGO_3DES;
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -1359,12 +1356,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
|
|||||||
mode, and that's the only time PREFTYPE_HASH is used
|
mode, and that's the only time PREFTYPE_HASH is used
|
||||||
anyway. -dms */
|
anyway. -dms */
|
||||||
|
|
||||||
/* MD5 is there for v3 keys with v3 selfsigs when --pgp2 is
|
implicit=DIGEST_ALGO_SHA1;
|
||||||
on. */
|
|
||||||
if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4)
|
|
||||||
implicit=DIGEST_ALGO_MD5;
|
|
||||||
else
|
|
||||||
implicit=DIGEST_ALGO_SHA1;
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -473,7 +473,7 @@ create_revocation (const char *filename,
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (keyblock && (PGP2 || PGP6 || PGP7 || PGP8))
|
if (keyblock && (PGP6 || PGP7 || PGP8))
|
||||||
{
|
{
|
||||||
/* Use a minimal pk for PGPx mode, since PGP can't import bare
|
/* Use a minimal pk for PGPx mode, since PGP can't import bare
|
||||||
revocation certificates. */
|
revocation certificates. */
|
||||||
|
@ -320,10 +320,6 @@ cmd_encrypt (assuan_context_t ctx, char *line)
|
|||||||
goto leave;
|
goto leave;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Fixme: Check that we are using real files and not pipes if in
|
|
||||||
PGP-2 mode. Do all the other checks we do in gpg.c for aEncr.
|
|
||||||
Maybe we should drop the PGP2 compatibility. */
|
|
||||||
|
|
||||||
|
|
||||||
/* FIXME: GPGSM does this here: Add all encrypt-to marked recipients
|
/* FIXME: GPGSM does this here: Add all encrypt-to marked recipients
|
||||||
from the default list. */
|
from the default list. */
|
||||||
|
51
g10/sign.c
51
g10/sign.c
@ -509,11 +509,6 @@ hash_for (PKT_public_key *pk)
|
|||||||
|
|
||||||
return DIGEST_ALGO_SHA1;
|
return DIGEST_ALGO_SHA1;
|
||||||
}
|
}
|
||||||
else if (PGP2 && pk->pubkey_algo == PUBKEY_ALGO_RSA && pk->version < 4 )
|
|
||||||
{
|
|
||||||
/* Old-style PGP only understands MD5 */
|
|
||||||
return DIGEST_ALGO_MD5;
|
|
||||||
}
|
|
||||||
else if (opt.personal_digest_prefs)
|
else if (opt.personal_digest_prefs)
|
||||||
{
|
{
|
||||||
/* It's not DSA, so we can use whatever the first hash algorithm
|
/* It's not DSA, so we can use whatever the first hash algorithm
|
||||||
@ -659,7 +654,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
|
|||||||
pt->timestamp = make_timestamp ();
|
pt->timestamp = make_timestamp ();
|
||||||
pt->mode = ptmode;
|
pt->mode = ptmode;
|
||||||
pt->len = filesize;
|
pt->len = filesize;
|
||||||
pt->new_ctb = !pt->len && !RFC1991;
|
pt->new_ctb = !pt->len;
|
||||||
pt->buf = inp;
|
pt->buf = inp;
|
||||||
init_packet(&pkt);
|
init_packet(&pkt);
|
||||||
pkt.pkttype = PKT_PLAINTEXT;
|
pkt.pkttype = PKT_PLAINTEXT;
|
||||||
@ -710,7 +705,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
|
|||||||
|
|
||||||
/* Build the signature packet. */
|
/* Build the signature packet. */
|
||||||
sig = xmalloc_clear (sizeof *sig);
|
sig = xmalloc_clear (sizeof *sig);
|
||||||
if (opt.force_v3_sigs || RFC1991)
|
if (opt.force_v3_sigs)
|
||||||
sig->version = 3;
|
sig->version = 3;
|
||||||
else if (duration || opt.sig_policy_url
|
else if (duration || opt.sig_policy_url
|
||||||
|| opt.sig_notations || opt.sig_keyserver_url)
|
|| opt.sig_notations || opt.sig_keyserver_url)
|
||||||
@ -819,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
|||||||
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
|
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if(!opt.force_v3_sigs && !RFC1991)
|
if(!opt.force_v3_sigs)
|
||||||
{
|
{
|
||||||
if(opt.ask_sig_expire && !opt.batch)
|
if(opt.ask_sig_expire && !opt.batch)
|
||||||
duration=ask_expire_interval(1,opt.def_sig_expire);
|
duration=ask_expire_interval(1,opt.def_sig_expire);
|
||||||
@ -832,13 +827,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
|||||||
if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) )
|
if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if(PGP2 && !only_old_style(sk_list))
|
|
||||||
{
|
|
||||||
log_info(_("you can only detach-sign with PGP 2.x style keys "
|
|
||||||
"while in --pgp2 mode\n"));
|
|
||||||
compliance_failure();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (encryptflag
|
if (encryptflag
|
||||||
&& (rc=build_pk_list (ctrl, remusr, &pk_list, PUBKEY_USAGE_ENC)))
|
&& (rc=build_pk_list (ctrl, remusr, &pk_list, PUBKEY_USAGE_ENC)))
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -986,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
|||||||
if( !multifile )
|
if( !multifile )
|
||||||
iobuf_push_filter( inp, md_filter, &mfx );
|
iobuf_push_filter( inp, md_filter, &mfx );
|
||||||
|
|
||||||
if( detached && !encryptflag && !RFC1991 )
|
if( detached && !encryptflag)
|
||||||
afx->what = 2;
|
afx->what = 2;
|
||||||
|
|
||||||
if( opt.armor && !outfile )
|
if( opt.armor && !outfile )
|
||||||
@ -1029,7 +1017,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Write the one-pass signature packets if needed */
|
/* Write the one-pass signature packets if needed */
|
||||||
if (!detached && !RFC1991) {
|
if (!detached) {
|
||||||
rc = write_onepass_sig_packets (sk_list, out,
|
rc = write_onepass_sig_packets (sk_list, out,
|
||||||
opt.textmode && !outfile ? 0x01:0x00);
|
opt.textmode && !outfile ? 0x01:0x00);
|
||||||
if (rc)
|
if (rc)
|
||||||
@ -1135,7 +1123,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
|||||||
int rc = 0;
|
int rc = 0;
|
||||||
SK_LIST sk_list = NULL;
|
SK_LIST sk_list = NULL;
|
||||||
SK_LIST sk_rover = NULL;
|
SK_LIST sk_rover = NULL;
|
||||||
int old_style = RFC1991;
|
int old_style = 0;
|
||||||
int only_md5 = 0;
|
int only_md5 = 0;
|
||||||
u32 duration=0;
|
u32 duration=0;
|
||||||
|
|
||||||
@ -1143,7 +1131,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
|||||||
afx = new_armor_context ();
|
afx = new_armor_context ();
|
||||||
init_packet( &pkt );
|
init_packet( &pkt );
|
||||||
|
|
||||||
if(!opt.force_v3_sigs && !RFC1991)
|
if(!opt.force_v3_sigs)
|
||||||
{
|
{
|
||||||
if(opt.ask_sig_expire && !opt.batch)
|
if(opt.ask_sig_expire && !opt.batch)
|
||||||
duration=ask_expire_interval(1,opt.def_sig_expire);
|
duration=ask_expire_interval(1,opt.def_sig_expire);
|
||||||
@ -1156,16 +1144,9 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
|
|||||||
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
|
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
|
||||||
goto leave;
|
goto leave;
|
||||||
|
|
||||||
if( !old_style && !duration )
|
if(!duration )
|
||||||
old_style = only_old_style( sk_list );
|
old_style = only_old_style( sk_list );
|
||||||
|
|
||||||
if(PGP2 && !only_old_style(sk_list))
|
|
||||||
{
|
|
||||||
log_info(_("you can only clearsign with PGP 2.x style keys "
|
|
||||||
"while in --pgp2 mode\n"));
|
|
||||||
compliance_failure();
|
|
||||||
}
|
|
||||||
|
|
||||||
/* prepare iobufs */
|
/* prepare iobufs */
|
||||||
inp = iobuf_open(fname);
|
inp = iobuf_open(fname);
|
||||||
if (inp && is_secured_file (iobuf_get_fd (inp)))
|
if (inp && is_secured_file (iobuf_get_fd (inp)))
|
||||||
@ -1311,7 +1292,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
|||||||
memset( &cfx, 0, sizeof cfx);
|
memset( &cfx, 0, sizeof cfx);
|
||||||
init_packet( &pkt );
|
init_packet( &pkt );
|
||||||
|
|
||||||
if(!opt.force_v3_sigs && !RFC1991)
|
if(!opt.force_v3_sigs)
|
||||||
{
|
{
|
||||||
if(opt.ask_sig_expire && !opt.batch)
|
if(opt.ask_sig_expire && !opt.batch)
|
||||||
duration=ask_expire_interval(1,opt.def_sig_expire);
|
duration=ask_expire_interval(1,opt.def_sig_expire);
|
||||||
@ -1343,7 +1324,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
|||||||
|
|
||||||
/* prepare key */
|
/* prepare key */
|
||||||
s2k = xmalloc_clear( sizeof *s2k );
|
s2k = xmalloc_clear( sizeof *s2k );
|
||||||
s2k->mode = RFC1991? 0:opt.s2k_mode;
|
s2k->mode = opt.s2k_mode;
|
||||||
s2k->hash_algo = S2K_DIGEST_ALGO;
|
s2k->hash_algo = S2K_DIGEST_ALGO;
|
||||||
|
|
||||||
algo = default_cipher_algo();
|
algo = default_cipher_algo();
|
||||||
@ -1389,7 +1370,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
|||||||
|
|
||||||
/* Write the symmetric key packet */
|
/* Write the symmetric key packet */
|
||||||
/*(current filters: armor)*/
|
/*(current filters: armor)*/
|
||||||
if (!RFC1991) {
|
{
|
||||||
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
|
PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
|
||||||
enc->version = 4;
|
enc->version = 4;
|
||||||
enc->cipher_algo = cfx.dek->algo;
|
enc->cipher_algo = cfx.dek->algo;
|
||||||
@ -1410,12 +1391,10 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
|
|||||||
|
|
||||||
/* Write the one-pass signature packets */
|
/* Write the one-pass signature packets */
|
||||||
/*(current filters: zip - encrypt - armor)*/
|
/*(current filters: zip - encrypt - armor)*/
|
||||||
if (!RFC1991) {
|
rc = write_onepass_sig_packets (sk_list, out,
|
||||||
rc = write_onepass_sig_packets (sk_list, out,
|
opt.textmode? 0x01:0x00);
|
||||||
opt.textmode? 0x01:0x00);
|
if (rc)
|
||||||
if (rc)
|
goto leave;
|
||||||
goto leave;
|
|
||||||
}
|
|
||||||
|
|
||||||
write_status_begin_signing (mfx.md);
|
write_status_begin_signing (mfx.md);
|
||||||
|
|
||||||
|
@ -23,17 +23,6 @@ for i in $plain_files plain-large ; do
|
|||||||
done
|
done
|
||||||
|
|
||||||
|
|
||||||
# ======================================
|
|
||||||
# and once more to check rfc1991
|
|
||||||
# ======================================
|
|
||||||
|
|
||||||
if have_pubkey_algo "RSA"; then
|
|
||||||
for i in $plain_files plain-large ; do
|
|
||||||
$GPG -u $usrname3 --rfc1991 --digest-algo md5 --clearsign -o x --yes $i
|
|
||||||
$GPG --verify x
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ======================================
|
# ======================================
|
||||||
# and one with long lines
|
# and one with long lines
|
||||||
# ======================================
|
# ======================================
|
||||||
@ -100,7 +89,7 @@ cat >y <<EOF
|
|||||||
}
|
}
|
||||||
/* ask for file and hash it */
|
/* ask for file and hash it */
|
||||||
- if( c->sigs_only ) {
|
- if( c->sigs_only ) {
|
||||||
+ if( c->sigs_only )
|
+ if( c->sigs_only )
|
||||||
rc = hash_datafiles( c->mfx.md, NULL,
|
rc = hash_datafiles( c->mfx.md, NULL,
|
||||||
c->signed_data, c->sigfilename,
|
c->signed_data, c->sigfilename,
|
||||||
n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
|
n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
|
||||||
|
Loading…
x
Reference in New Issue
Block a user