* packet.h, build-packet.c (build_sig_subpkt), export.c

(do_export_stream), import.c (remove_bad_stuff, import), parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt): Remove vestigal code for the old sig cache subpacket. This wasn't completely harmless as it caused subpacket 101 to disappear on import and export. * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, sign.c, encode.c, getkey.c, revoke.c: The current flags for different levels of PGP-ness are massively complex. This is step one in simplifying them. No functional change yet, just use a macro to check for compliance level. * sign.c (sign_file): Fix bug that causes spurious compression preference warning. * sign.c (clearsign_file): Fix bug that prevents proper warning message from appearing when clearsigning in --pgp2 mode with a non-v3 RSA key. * main.h, misc.c (compliance_option_string, compliance_string, compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file, clearsign_file), encode.c (encode_crypt, write_pubkey_enc_from_list): New functions to put the "this message may not be usable...." warning in one place. * options.h, g10.c (main): Part two of the simplification. Use a single enum to indicate what we are compliant to (1991, 2440, PGPx, etc.) * g10.c (main): Show errors for failure in export, send-keys, recv-keys, and refresh-keys. * options.h, g10.c (main): Give algorithm warnings for algorithms chosen against the --pgpX and --openpgp rules. * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in --openpgp mode. * sign.c (sign_file), pkclist.c (algo_available): Allow passing a hint of 0.
2025-07-02 22:46:30 +02:00 · 2003-05-03 04:07:45 +00:00 · 2003-05-03 04:07:45 +00:00 · 3afe991bb8
commit 3afe991bb8
parent 7c3aa4aea3
20 changed files with 390 additions and 271 deletions
--- a/g10/encode.c
+++ b/g10/encode.c
@ -165,7 +165,7 @@ encode_simple( const char *filename, int mode, int compat )
    compress_filter_context_t zfx;
    text_filter_context_t tfx;
    progress_filter_context_t pfx;
-    int do_compress = opt.compress && !opt.rfc1991;
+    int do_compress = opt.compress && !RFC1991;

    memset( &cfx, 0, sizeof cfx);
    memset( &afx, 0, sizeof afx);
@ -188,13 +188,13 @@ encode_simple( const char *filename, int mode, int compat )
    /* Due the the fact that we use don't use an IV to encrypt the
       session key we can't use the new mode with RFC1991 because
       it has no S2K salt. RFC1991 always uses simple S2K. */
-    if ( opt.rfc1991 && !compat )
+    if ( RFC1991 && !compat )
        compat = 1;
    
    cfx.dek = NULL;
    if( mode ) {
 	s2k = m_alloc_clear( sizeof *s2k );
-	s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
+	s2k->mode = RFC1991? 0:opt.s2k_mode;
 	s2k->hash_algo = opt.s2k_digest_algo;
 	cfx.dek = passphrase_to_dek( NULL, 0,
 				     default_cipher_algo(), s2k, 2,
@ -247,7 +247,7 @@ encode_simple( const char *filename, int mode, int compat )
 	    write_comment( out, opt.comment_string );
    }
  #endif
-    if( s2k && !opt.rfc1991 ) {
+    if( s2k && !RFC1991 ) {
 	PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc + seskeylen + 1 );
 	enc->version = 4;
 	enc->cipher_algo = cfx.dek->algo;
@ -312,7 +312,7 @@ encode_simple( const char *filename, int mode, int compat )
 	pt->timestamp = make_timestamp();
 	pt->mode = opt.textmode? 't' : 'b';
 	pt->len = filesize;
-	pt->new_ctb = !pt->len && !opt.rfc1991;
+	pt->new_ctb = !pt->len && !RFC1991;
 	pt->buf = inp;
 	pkt.pkttype = PKT_PLAINTEXT;
 	pkt.pkt.plaintext = pt;
@ -391,7 +391,7 @@ encode_crypt( const char *filename, STRLIST remusr )
    text_filter_context_t tfx;
    progress_filter_context_t pfx;
    PK_LIST pk_list,work_list;
-    int do_compress = opt.compress && !opt.rfc1991;
+    int do_compress = opt.compress && !RFC1991;


    memset( &cfx, 0, sizeof cfx);
@ -403,15 +403,14 @@ encode_crypt( const char *filename, STRLIST remusr )
    if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
 	return rc;

-    if(opt.pgp2) {
+    if(PGP2) {
      for(work_list=pk_list; work_list; work_list=work_list->next)
 	if(!(is_RSA(work_list->pk->pubkey_algo) &&
 	     nbits_from_pk(work_list->pk)<=2048))
 	  {
 	    log_info(_("you can only encrypt to RSA keys of 2048 bits or "
 		       "less in --pgp2 mode\n"));
-	    log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
-	    opt.pgp2=0;
+	    compliance_failure();
 	    break;
 	  }
    }
@ -459,11 +458,10 @@ encode_crypt( const char *filename, STRLIST remusr )
 	if( cfx.dek->algo == -1 ) {
 	    cfx.dek->algo = CIPHER_ALGO_3DES;

-	    if( opt.pgp2 ) {
+	    if( PGP2 ) {
 	      log_info(_("unable to use the IDEA cipher for all of the keys "
 			 "you are encrypting to.\n"));
-	      log_info(_("this message may not be usable by %s\n"),"PGP 2.x");
-	      opt.pgp2=0;
+	      compliance_failure();
 	    }
 	}
    }
@ -545,7 +543,7 @@ encode_crypt( const char *filename, STRLIST remusr )
 	pt->timestamp = make_timestamp();
 	pt->mode = opt.textmode ? 't' : 'b';
 	pt->len = filesize;
-	pt->new_ctb = !pt->len && !opt.rfc1991;
+	pt->new_ctb = !pt->len && !RFC1991;
 	pt->buf = inp;
 	pkt.pkttype = PKT_PLAINTEXT;
 	pkt.pkt.plaintext = pt;
@ -715,16 +713,11 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
 	keyid_from_pk( pk, enc->keyid );
 	enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));

-	if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8))
+	if(opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8))
 	  {
 	    log_info(_("you may not use %s while in %s mode\n"),
-		     "--throw-keyid",
-		     opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
-
-	    log_info(_("this message may not be usable by %s\n"),
-		     opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x");
-
-	    opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0;
+		     "--throw-keyid",compliance_option_string());
+	    compliance_failure();
 	  }

 	/* Okay, what's going on: We have the session key somewhere in