diff --git a/g10/ChangeLog b/g10/ChangeLog index b82058350..d13064367 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,17 @@ +2001-12-17 David Shaw + + * encode.c (encode_crypt), sign.c (sign_file, clearsign_file): + disable pgp2 mode after the message is no longer pgp2 compatible. + + * g10.c (main): Tweak the PGP2.x IDEA warning to use the generic + warning, and not merely fail if the IDEA plugin isn't there. + + * g10.c (main, idea_cipher_warn), keygen.c (set_one_pref), + seckey-cert.c (do_check): Add a generic IDEA warning for when the + IDEA plugin is not present. This pops up when the user uses + "--cipher-algo idea", when setpref is used to set a "S1" + preference, and when a secret key protected with IDEA is used. + 2001-12-15 Werner Koch * keyserver.c (keyserver_spawn): Assert that we have dropped privs. diff --git a/g10/encode.c b/g10/encode.c index 6c28b92a5..0b86f240c 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -268,9 +268,10 @@ encode_crypt( const char *filename, STRLIST remusr ) if(!(is_RSA(work_list->pk->pubkey_algo) && nbits_from_pk(work_list->pk)<=2048)) { - log_info(_("You can only encrypt to RSA keys of 2048 bits or " + log_info(_("you can only encrypt to RSA keys of 2048 bits or " "less in --pgp2 mode\n")); - log_info(_("This message will not be usable by PGP 2.x\n")); + log_info(_("this message will not be usable by PGP 2.x\n")); + opt.pgp2=0; break; } } diff --git a/g10/g10.c b/g10/g10.c index 0b55d742e..668b903c5 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -1219,11 +1219,66 @@ main( int argc, char **argv ) set_debug(); g10_opt_homedir = opt.homedir; + /* Do this after the switch(), so it can override settings. */ + if(opt.pgp2) + { + int unusable=0; + + /* Everything else should work without IDEA (except using a + secret key encrypted with IDEA and setting an IDEA + preference, but those have their own error messages). */ + + if(cmd==aSignEncr) + { + log_info(_("you can't sign and encrypt at the " + "same time while in --pgp2 mode\n")); + unusable=1; + } + + if(cmd==aEncr || cmd==aSym) + { + /* We don't have to fail here, since the regular cipher + algo check will make us fail later. */ + if(check_cipher_algo(CIPHER_ALGO_IDEA)) + { + log_info(_("encrypting a message in --pgp2 mode requires " + "the IDEA cipher\n")); + idea_cipher_warn(); + unusable=1; + } + else + { + m_free(def_cipher_string); + def_cipher_string = m_strdup("idea"); + } + } + + if(unusable) + { + log_info(_("this message will not be usable by PGP 2.x\n")); + opt.pgp2=0; + } + else + { + opt.rfc1991 = 1; + opt.rfc2440 = 0; + opt.force_v4_certs = 0; + opt.no_comment = 1; + opt.escape_from = 1; + opt.force_v3_sigs = 1; + opt.pgp2_workarounds = 1; + m_free(def_digest_string); + def_digest_string = m_strdup("md5"); + opt.def_compress_algo = 1; + } + } /* must do this after dropping setuid, because string_to... * may try to load an module */ if( def_cipher_string ) { opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string); + if(opt.def_cipher_algo==0 && strcasecmp(def_cipher_string,"idea")==0) + idea_cipher_warn(); m_free(def_cipher_string); def_cipher_string = NULL; if( check_cipher_algo(opt.def_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); @@ -1273,29 +1328,6 @@ main( int argc, char **argv ) if (preference_list && keygen_set_std_prefs (preference_list)) log_error(_("invalid preferences\n")); - /* Do this after the switch(), so it can override these - settings. */ - if(opt.pgp2) - { - opt.rfc1991 = 1; - opt.rfc2440 = 0; - opt.force_v4_certs = 0; - opt.no_comment = 1; - opt.escape_from = 1; - opt.force_v3_sigs = 1; - opt.pgp2_workarounds = 1; - opt.def_cipher_algo = CIPHER_ALGO_IDEA; - if( (cmd==aEncr || cmd==aSym || cmd==aSignEncr) - && check_cipher_algo(CIPHER_ALGO_IDEA) ) { - log_info(_("Encrypting a message to a PGP 2.x user requires " - "the IDEA cipher module.\n")); - log_error(_("Please see http://www.gnupg.org/why-not-idea.html" - " for more information.\n")); - } - opt.def_digest_algo = DIGEST_ALGO_MD5; - opt.def_compress_algo = 1; - } - if( log_get_errorcount(0) ) g10_exit(2); @@ -1415,9 +1447,10 @@ main( int argc, char **argv ) case aEncr: /* encrypt the given file */ if( argc == 0 && opt.pgp2 ) { - log_info(_("You must use files (and not a pipe) when " + log_info(_("you must use files (and not a pipe) when " "encrypting with --pgp2 enabled.\n")); - log_info(_("This message will not be usable by PGP 2.x\n")); + log_info(_("this message will not be usable by PGP 2.x\n")); + opt.pgp2=0; } if( argc > 1 ) @@ -1448,10 +1481,6 @@ main( int argc, char **argv ) case aSignEncr: /* sign and encrypt the given file */ if( argc > 1 ) wrong_args(_("--sign --encrypt [filename]")); - if(opt.pgp2) { - log_info(_("You can't sign and encrypt at the same time while in --pgp2 mode\n")); - log_info(_("This message will not be usable by PGP 2.x\n")); - } if( argc ) { sl = m_alloc_clear( sizeof *sl + strlen(fname)); strcpy(sl->d, fname); @@ -2111,6 +2140,15 @@ check_policy_url( const char *s ) return 0; } +/* Special warning for the IDEA cipher */ +void +idea_cipher_warn(void) +{ + log_info("the IDEA cipher plugin is not present\n"); + log_info("please see http://www.gnupg.org/why-not-idea.html " + "for more information\n"); +} + const char * get_temp_dir(void) { diff --git a/g10/keygen.c b/g10/keygen.c index 0c145f1a5..036ae6647 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -177,6 +177,8 @@ set_one_pref (ulong val, int type, int (*cf)(int), byte *buf, int *nbuf) if (cf (val)) { log_info (_("preference %c%lu is not valid\n"), type, val); + if(type=='S' && val==CIPHER_ALGO_IDEA) + idea_cipher_warn(); return -1; } for (i=0; i < *nbuf; i++ ) { diff --git a/g10/main.h b/g10/main.h index 2e4b373f2..064be9347 100644 --- a/g10/main.h +++ b/g10/main.h @@ -48,6 +48,7 @@ extern int g10_errors_seen; void print_pubkey_algo_note( int algo ); void print_cipher_algo_note( int algo ); void print_digest_algo_note( int algo ); +void idea_cipher_warn(void); const char *get_temp_dir(void); /*-- armor.c --*/ diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 1695d2568..a7472a489 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -56,8 +56,9 @@ do_check( PKT_secret_key *sk ) if( sk->protect.algo == CIPHER_ALGO_NONE ) BUG(); if( check_cipher_algo( sk->protect.algo ) ) { - log_info(_("protection algorithm %d is not supported\n"), - sk->protect.algo ); + log_info(_("protection algorithm %d%s is not supported\n"), + sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" ); + idea_cipher_warn(); return G10ERR_CIPHER_ALGO; } keyid_from_sk( sk, keyid ); diff --git a/g10/sign.c b/g10/sign.c index d1860b438..83ab54dfa 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -561,9 +561,10 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if(!old_style && opt.pgp2) { - log_info(_("You can only sign with PGP 2.x style keys " - "while in --pgp2 mode\n")); - log_info(_("This message will not be usable by PGP 2.x\n")); + log_info(_("you can only sign with PGP 2.x style keys " + "while in --pgp2 mode\n")); + log_info(_("this message will not be usable by PGP 2.x\n")); + opt.pgp2=0; } if( encryptflag ) { @@ -738,9 +739,10 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) if(!old_style && opt.pgp2) { - log_info(_("You can only clearsign with PGP 2.x style keys " + log_info(_("you can only clearsign with PGP 2.x style keys " "while in --pgp2 mode\n")); - log_info(_("This message will not be usable by PGP 2.x\n")); + log_info(_("this message will not be usable by PGP 2.x\n")); + opt.pgp2=0; } /* prepare iobufs */