security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c,

Browse Source 
encode.c, getkey.c, revoke.c: The current flags for different levels of
PGP-ness are massively complex.  This is step one in simplifying them.
No functional change yet, just use a macro to check for compliance level.
This commit is contained in:
David Shaw 2003-05-02 19:22:00 +00:00
parent 1855498166
commit 37ec8572e8
11 changed files with 90 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2003-05-02 David Shaw <dshaw@jabberwocky.com>
* options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c,
sign.c, encode.c, getkey.c, revoke.c: The current flags for
different levels of PGP-ness are massively complex. This is step
one in simplifying them. No functional change yet, just use a
macro to check for compliance level.
2003-05-01 David Shaw <dshaw@jabberwocky.com>
* packet.h, build-packet.c (build_sig_subpkt), export.c

4
g10/armor.c
View File

@ -298,7 +298,7 @@ is_armor_header( byte *line, unsigned len )
/* Some mail programs on Windows seem to add spaces to the end of
the line. This becomes strict if --openpgp is set. */
if(!opt.rfc2440)
if(!RFC2440)
while(*p==' ')
p++;
@ -1334,5 +1334,3 @@ unarmor_pump (UnarmorPump x, int c)
return rval;
}

2
g10/cipher.c
View File

@ -55,7 +55,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen;
ed.extralen = blocksize+2;
ed.new_ctb = !ed.len && !opt.rfc1991;
ed.new_ctb = !ed.len && !RFC1991;
if( cfx->dek->use_mdc ) {
ed.mdc_method = DIGEST_ALGO_SHA1;
cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 );

30
g10/encode.c
View File

@ -165,7 +165,7 @@ encode_simple( const char *filename, int mode, int compat )
compress_filter_context_t zfx;
text_filter_context_t tfx;
progress_filter_context_t pfx;
int do_compress = opt.compress && !opt.rfc1991;
int do_compress = opt.compress && !RFC1991;
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
@ -188,13 +188,13 @@ encode_simple( const char *filename, int mode, int compat )
/* Due the the fact that we use don't use an IV to encrypt the
session key we can't use the new mode with RFC1991 because
it has no S2K salt. RFC1991 always uses simple S2K. */
if ( opt.rfc1991 && !compat )
if ( RFC1991 && !compat )
compat = 1;
cfx.dek = NULL;
if( mode ) {
s2k = m_alloc_clear( sizeof *s2k );
s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
s2k->mode = RFC1991? 0:opt.s2k_mode;
s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo
: opt.s2k_digest_algo;
cfx.dek = passphrase_to_dek( NULL, 0,
@ -251,7 +251,7 @@ encode_simple( const char *filename, int mode, int compat )
write_comment( out, opt.comment_string );
}
#endif
if( s2k && !opt.rfc1991 ) {
if( s2k && !RFC1991 ) {
PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc + seskeylen + 1 );
enc->version = 4;
enc->cipher_algo = cfx.dek->algo;
@ -315,7 +315,7 @@ encode_simple( const char *filename, int mode, int compat )
pt->timestamp = make_timestamp();
pt->mode = opt.textmode? 't' : 'b';
pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->new_ctb = !pt->len && !RFC1991;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
@ -396,7 +396,7 @@ encode_crypt( const char *filename, STRLIST remusr )
text_filter_context_t tfx;
progress_filter_context_t pfx;
PK_LIST pk_list,work_list;
int do_compress = opt.compress && !opt.rfc1991;
int do_compress = opt.compress && !RFC1991;
memset( &cfx, 0, sizeof cfx);
@ -408,7 +408,7 @@ encode_crypt( const char *filename, STRLIST remusr )
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
return rc;
if(opt.pgp2) {
if(PGP2) {
for(work_list=pk_list; work_list; work_list=work_list->next)
if(!(is_RSA(work_list->pk->pubkey_algo) &&
nbits_from_pk(work_list->pk)<=2048))
@ -416,7 +416,7 @@ encode_crypt( const char *filename, STRLIST remusr )
log_info(_("you can only encrypt to RSA keys of 2048 bits or "
"less in --pgp2 mode\n"));
log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
opt.pgp2=0;
opt.xpgp2=0;
break;
}
}
@ -464,11 +464,11 @@ encode_crypt( const char *filename, STRLIST remusr )
if( cfx.dek->algo == -1 ) {
cfx.dek->algo = CIPHER_ALGO_3DES;
if( opt.pgp2 ) {
if( PGP2 ) {
log_info(_("unable to use the IDEA cipher for all of the keys "
"you are encrypting to.\n"));
log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
opt.pgp2=0;
opt.xpgp2=0;
}
}
}
@ -548,7 +548,7 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->timestamp = make_timestamp();
pt->mode = opt.textmode ? 't' : 'b';
pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->new_ctb = !pt->len && !RFC1991;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
@ -716,16 +716,16 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
keyid_from_pk( pk, enc->keyid );
enc->throw_keyid = opt.throw_keyid;
if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8))
if(opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8))
{
log_info(_("you may not use %s while in %s mode\n"),
"--throw-keyid",
opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
PGP2?"--pgp2":PGP6?"--pgp6":PGP7?"--pgp7":"--pgp8");
log_info(_("this message may not be usable by %s\n"),
opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x");
PGP2?"PGP 2.x":PGP6?"PGP 6.x":PGP7?"PGP 7.x":"PGP 8.x");
opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0;
opt.xpgp2=opt.xpgp6=opt.xpgp7=opt.xpgp8=0;
}
/* Okay, what's going on: We have the session key somewhere in

50
g10/g10.c
View File

@ -1437,8 +1437,8 @@ main( int argc, char **argv )
#endif /* __riscos__ */
break;
case oRFC1991:
opt.rfc1991 = 1;
opt.rfc2440 = 0;
opt.xrfc1991 = 1;
opt.xrfc2440 = 0;
opt.force_v4_certs = 0;
opt.disable_mdc = 1;
opt.escape_from = 1;
@ -1446,8 +1446,8 @@ main( int argc, char **argv )
case oOpenPGP:
/* TODO: When 2440bis becomes a RFC, these may need
changing. */
opt.rfc1991 = 0;
opt.rfc2440 = 1;
opt.xrfc1991 = 0;
opt.xrfc2440 = 1;
opt.disable_mdc = 1;
opt.allow_non_selfsigned_uid = 1;
opt.allow_freeform_uid = 1;
@ -1464,19 +1464,19 @@ main( int argc, char **argv )
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
opt.pgp2 = 0;
opt.pgp6 = 0;
opt.pgp7 = 0;
opt.pgp8 = 0;
opt.xpgp2 = 0;
opt.xpgp6 = 0;
opt.xpgp7 = 0;
opt.xpgp8 = 0;
break;
case oPGP2: opt.pgp2 = 1; break;
case oNoPGP2: opt.pgp2 = 0; break;
case oPGP6: opt.pgp6 = 1; break;
case oNoPGP6: opt.pgp6 = 0; break;
case oPGP7: opt.pgp7 = 1; break;
case oNoPGP7: opt.pgp7 = 0; break;
case oPGP8: opt.pgp8 = 1; break;
case oNoPGP8: opt.pgp8 = 0; break;
case oPGP2: opt.xpgp2 = 1; break;
case oNoPGP2: opt.xpgp2 = 0; break;
case oPGP6: opt.xpgp6 = 1; break;
case oNoPGP6: opt.xpgp6 = 0; break;
case oPGP7: opt.xpgp7 = 1; break;
case oNoPGP7: opt.xpgp7 = 0; break;
case oPGP8: opt.xpgp8 = 1; break;
case oNoPGP8: opt.xpgp8 = 0; break;
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
case oCompressSigs: opt.compress_sigs = 1; break;
case oRunAsShmCP:
@ -1770,12 +1770,12 @@ main( int argc, char **argv )
set_debug();
/* Do these after the switch(), so they can override settings. */
if(opt.pgp2 && (opt.pgp6 || opt.pgp7 || opt.pgp8))
if(PGP2 && (PGP6 || PGP7 || PGP8))
log_error(_("%s not allowed with %s!\n"),
"--pgp2",opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
"--pgp2",PGP6?"--pgp6":PGP7?"--pgp7":"--pgp8");
else
{
if(opt.pgp2)
if(PGP2)
{
int unusable=0;
@ -1833,12 +1833,12 @@ main( int argc, char **argv )
{
log_info(_("this message may not be usable by %s\n"),
"PGP 2.x");
opt.pgp2=0;
opt.xpgp2=0;
}
else
{
opt.rfc1991 = 1;
opt.rfc2440 = 0;
opt.xrfc1991 = 1;
opt.xrfc2440 = 0;
opt.force_mdc = 0;
opt.disable_mdc = 1;
opt.force_v4_certs = 0;
@ -1853,7 +1853,7 @@ main( int argc, char **argv )
opt.def_compress_algo = 1;
}
}
else if(opt.pgp6)
else if(PGP6)
{
opt.sk_comments=0;
opt.escape_from=1;
@ -1863,7 +1863,7 @@ main( int argc, char **argv )
opt.force_mdc=0;
opt.disable_mdc=1;
}
else if(opt.pgp7)
else if(PGP7)
{
opt.sk_comments=0;
opt.escape_from=1;
@ -1871,7 +1871,7 @@ main( int argc, char **argv )
opt.ask_sig_expire=0;
opt.def_compress_algo=1;
}
else if(opt.pgp8)
else if(PGP8)
{
opt.escape_from=1;
opt.def_compress_algo=1;

2
g10/getkey.c
View File

@ -2078,7 +2078,7 @@ finish_lookup (GETKEY_CTX ctx)
do not understand signatures made by a signing subkey. PGP 8
does. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
u32 latest_date;
KBNODE latest_key;
u32 curtime = make_timestamp ();

8
g10/keyedit.c
View File

@ -284,7 +284,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
int all_v3=1;
/* Are there any non-v3 sigs on this key already? */
if(opt.pgp2)
if(PGP2)
for(node=keyblock;node;node=node->next)
if(node->pkt->pkttype==PKT_SIGNATURE &&
node->pkt->pkt.signature->version>3)
@ -569,7 +569,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
/* Is --pgp2 on, it's a v3 key, all the sigs on the key are
currently v3 and we're about to sign it with a v4 sig? If
so, danger! */
if(opt.pgp2 && all_v3 &&
if(PGP2 && all_v3 &&
(sk->version>3 || force_v4) && primary_pk->version<=3)
{
tty_printf(_("You may not make an OpenPGP signature on a "
@ -1215,11 +1215,11 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
break;
case cmdADDPHOTO:
if (opt.rfc2440 || opt.rfc1991 || opt.pgp2)
if (RFC2440 || RFC1991 || PGP2)
{
tty_printf(
_("This command is not allowed while in %s mode.\n"),
opt.rfc2440?"OpenPGP":opt.pgp2?"PGP2":"RFC-1991");
RFC2440?"OpenPGP":PGP2?"PGP2":"RFC-1991");
break;
}
photo=1;

18
g10/options.h
View File

@ -91,12 +91,12 @@ struct {
int compress_sigs;
int always_trust;
/* TODO: change these to an emulate_pgp variable */
int pgp2;
int pgp6;
int pgp7;
int pgp8;
int rfc1991;
int rfc2440;
int xpgp2;
int xpgp6;
int xpgp7;
int xpgp8;
int xrfc1991;
int xrfc2440;
int pgp2_workarounds;
unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
int shm_coprocess;
@ -207,5 +207,11 @@ struct {
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
#define RFC1991 (opt.xrfc1991)
#define RFC2440 (opt.xrfc2440)
#define PGP2 (opt.xpgp2)
#define PGP6 (opt.xpgp6)
#define PGP7 (opt.xpgp7)
#define PGP8 (opt.xpgp8)
#endif /*G10_OPTIONS_H*/

14
g10/pkclist.c
View File

@ -1092,10 +1092,10 @@ static int
algo_available( int preftype, int algo, void *hint )
{
if( preftype == PREFTYPE_SYM ) {
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
if( PGP6 && ( algo != 1 && algo != 2 && algo != 3) )
return 0;
if( (opt.pgp7 || opt.pgp8)
if( (PGP7 || PGP8)
&& (algo != 1 && algo != 2 && algo != 3
&& algo != 7 && algo != 8 && algo != 9 && algo != 10) )
return 0;
@ -1111,16 +1111,16 @@ algo_available( int preftype, int algo, void *hint )
if(bits && (bits != md_digest_length(algo)))
return 0;
if( (opt.pgp6 || opt.pgp7) && (algo != 1 && algo != 2 && algo != 3) )
if( (PGP6 || PGP7) && (algo != 1 && algo != 2 && algo != 3) )
return 0;
if( opt.pgp8 && (algo != 1 && algo != 2 && algo != 3 && algo != 8))
if( PGP8 && (algo != 1 && algo != 2 && algo != 3 && algo != 8))
return 0;
return algo && !check_digest_algo( algo );
}
else if( preftype == PREFTYPE_ZIP ) {
if ( ( opt.pgp6 || opt.pgp7 || opt.pgp8 )
if ( ( PGP6 || PGP7 || PGP8 )
&& ( algo !=0 && algo != 1) )
return 0;
@ -1154,7 +1154,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
memset( mask, 0, 8 * sizeof *mask );
if( preftype == PREFTYPE_SYM ) {
if( opt.pgp2 &&
if( PGP2 &&
pkr->pk->version < 4 &&
pkr->pk->selfsigversion < 4 )
mask[0] |= (1<<1); /* IDEA is implicitly there for v3 keys
@ -1172,7 +1172,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint)
wasn't locked at MD5, we don't support sign+encrypt in
--pgp2 mode, and that's the only time PREFTYPE_HASH is
used anyway. -dms */
if( opt.pgp2 &&
if( PGP2 &&
pkr->pk->version < 4 &&
pkr->pk->selfsigversion < 4 )
mask[0] |= (1<<1); /* MD5 is there for v3 keys with v3

2
g10/revoke.c
View File

@ -549,7 +549,7 @@ gen_revoke( const char *uname )
goto leave;
}
if(opt.pgp2 || opt.pgp6 || opt.pgp7 | opt.pgp8)
if(PGP2 || PGP6 || PGP7 || PGP8)
{
/* Use a minimal pk for PGPx mode, since PGP can't import bare
revocation certificates. */

30
g10/sign.c
View File

@ -487,7 +487,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
pt->timestamp = make_timestamp ();
pt->mode = ptmode;
pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->new_ctb = !pt->len && !RFC1991;
pt->buf = inp;
init_packet(&pkt);
pkt.pkttype = PKT_PLAINTEXT;
@ -538,7 +538,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
/* build the signature packet */
sig = m_alloc_clear (sizeof *sig);
if(opt.force_v3_sigs || opt.rfc1991)
if(opt.force_v3_sigs || RFC1991)
sig->version=3;
else if(duration || opt.sig_policy_url || opt.sig_notation_data)
sig->version=4;
@ -637,18 +637,18 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encryptflag) )
log_bug("multiple files can only be detached signed");
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
if(opt.pgp2 && !only_old_style(sk_list))
if(PGP2 && !only_old_style(sk_list))
{
log_info(_("you can only detach-sign with PGP 2.x style keys "
"while in --pgp2 mode\n"));
log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
opt.pgp2=0;
opt.xpgp2=0;
}
if(encryptflag && (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )))
@ -734,7 +734,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( !multifile )
iobuf_push_filter( inp, md_filter, &mfx );
if( detached && !encryptflag && !opt.rfc1991 )
if( detached && !encryptflag && !RFC1991 )
afx.what = 2;
if( opt.armor && !outfile )
@ -780,7 +780,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
}
/* Write the one-pass signature packets if needed */
if (!detached && !opt.rfc1991) {
if (!detached && !RFC1991) {
rc = write_onepass_sig_packets (sk_list, out,
opt.textmode && !outfile ? 0x01:0x00);
if (rc)
@ -874,14 +874,14 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
int rc = 0;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
int old_style = opt.rfc1991;
int old_style = RFC1991;
int only_md5 = 0;
u32 duration=0;
memset( &afx, 0, sizeof afx);
init_packet( &pkt );
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
@ -890,12 +890,12 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
if( !old_style && !duration )
old_style = only_old_style( sk_list );
if(!old_style && opt.pgp2)
if(!old_style && PGP2)
{
log_info(_("you can only clearsign with PGP 2.x style keys "
"while in --pgp2 mode\n"));
log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
opt.pgp2=0;
opt.xpgp2=0;
}
/* prepare iobufs */
@ -1022,7 +1022,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991)
duration=ask_expire_interval(1);
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
@ -1041,7 +1041,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
/* prepare key */
s2k = m_alloc_clear( sizeof *s2k );
s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
s2k->mode = RFC1991? 0:opt.s2k_mode;
s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo
: opt.s2k_digest_algo;
@ -1080,7 +1080,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
/* Write the symmetric key packet */
/*(current filters: armor)*/
if (!opt.rfc1991) {
if (!RFC1991) {
PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc );
enc->version = 4;
enc->cipher_algo = cfx.dek->algo;
@ -1113,7 +1113,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
/* Write the one-pass signature packets */
/*(current filters: zip - encrypt - armor)*/
if (!opt.rfc1991) {
if (!RFC1991) {
rc = write_onepass_sig_packets (sk_list, out,
opt.textmode? 0x01:0x00);
if (rc)