Use one-pass packets even if it's a v3 key making the signature

Warn with pgp2 and non-detached signatures Use the actual filesize rather than partial length packets in symmetric messages (see ChangeLog or NEWS for discussion).
2024-11-04 20:38:50 +01:00 · 2002-01-04 23:26:30 +00:00 · 2002-01-04 23:26:30 +00:00 · 43930f255e
commit 43930f255e
parent 90d15a9d6a
4 changed files with 51 additions and 27 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,21 @@
+2002-01-04  David Shaw  <dshaw@jabberwocky.com>
+
+	* sign.c (sign_file, sign_symencrypt_file): always use one-pass
+	packets unless rfc1991 is enabled.  This allows a signature made
+	with a v3 key to work in PGP 6 and 7.  Signatures made with v4
+	keys are unchanged.
+
+	* g10.c (main): Disallow non-detached signatures in PGP2 mode.
+	Move the "you must use files and not pipes" PGP2 warning up so all
+	the PGP2 stuff is together.
+
+	* encode.c (encode_simple): Use the actual filesize instead of
+	partial length packets in the internal literal packet from a
+	symmetric message.  This breaks PGP5(?), but fixes PGP2, 6, and 7.
+	It's a decent tradeoff.  Note there was only an issue with
+	old-style RFC1991 symmetric messages.  2440-style messages in 6
+	and 7 work with or without partial length packets.
+
 2002-01-03  David Shaw  <dshaw@jabberwocky.com>

 	* g10.c (main): Removed --no-default-check-level option, as it is
--- a/g10/encode.c
+++ b/g10/encode.c
@ -169,13 +169,18 @@ encode_simple( const char *filename, int mode )
 	}
    }

-    /* pgp5 has problems to decrypt symmetrically encrypted data from
-     * GnuPG if the filelength is in the inner packet.	It works
-     * when only partial length headers are use.  Until we have
-     * tracked this problem down. We use this temporary fix
-     * (fixme: remove the && !mode )
-     */
-    if( filename && !opt.textmode && !mode ) {
+    /* Note that PGP 5 has problems decrypting symmetrically encrypted
+       data if the file length is in the inner packet. It works when
+       only partial length headers are use.  In the past, we always
+       used partial body length here, but since PGP 2, PGP 6, and PGP
+       7 need the file length, and nobody should be using PGP 5
+       nowadays anyway, this is now set to the file length.  Note also
+       that this only applies to the RFC-1991 style symmetric
+       messages, and not the RFC-2440 style.  PGP 6 and 7 work with
+       either partial length or fixed length with the new style
+       messages. */
+
+    if( filename && !opt.textmode ) {
 	if( !(filesize = iobuf_get_filelength(inp)) )
 	    log_info(_("%s: WARNING: empty file\n"), filename );
        /* we can't yet encode the length of very large files,
@ -570,5 +575,3 @@ encode_crypt_files(int argc, char **argv, STRLIST remusr)
        argv++;
    }
 }
-                                                                                                                
-    
--- a/g10/g10.c
+++ b/g10/g10.c
@ -1282,21 +1282,31 @@ main( int argc, char **argv )
      {
 	int unusable=0;

-	/* Everything else should work without IDEA (except using a
-	   secret key encrypted with IDEA and setting an IDEA
-	   preference, but those have their own error messages). */
-
-	if(cmd==aSignEncr)
+	if(cmd==aSign && !detached_sig)
+	  {
+	    log_info(_("you can only make detached or clear signatures "
+		       "while in --pgp2 mode\n"));
+	    unusable=1;
+	  }
+	else if(cmd==aSignEncr)
 	  {
 	    log_info(_("you can't sign and encrypt at the "
 		       "same time while in --pgp2 mode\n"));
 	    unusable=1;
 	  }
-
-	if(cmd==aEncr || cmd==aSym)
+	else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
 	  {
-	    /* We don't have to fail here, since the regular cipher
-               algo check will make us fail later. */
+	    log_info(_("you must use files (and not a pipe) when "
+		       "working with --pgp2 enabled.\n"));
+	    unusable=1;
+	  }
+	else if(cmd==aEncr || cmd==aSym)
+	  {
+	    /* Everything else should work without IDEA (except using
+	       a secret key encrypted with IDEA and setting an IDEA
+	       preference, but those have their own error
+	       messages). */
+
 	    if(check_cipher_algo(CIPHER_ALGO_IDEA))
 	      {
 		log_info(_("encrypting a message in --pgp2 mode requires "
@ -1505,13 +1515,6 @@ main( int argc, char **argv )
 	break;

      case aEncr: /* encrypt the given file */
-	if( argc == 0 && opt.pgp2 ) {
-	  log_info(_("you must use files (and not a pipe) when "
-		     "encrypting with --pgp2 enabled.\n"));
-	  log_info(_("this message will not be usable by PGP 2.x\n"));
-	  opt.pgp2=0;
-	}
-
 	if( argc > 1 )
 	    wrong_args(_("--encrypt [filename]"));
 	if( (rc = encode_crypt(fname,remusr)) )
--- a/g10/sign.c
+++ b/g10/sign.c
@ -648,7 +648,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
    }

    /* Write the one-pass signature packets if needed */
-    if (!detached && !old_style) {
+    if (!detached && !opt.rfc1991) {
        rc = write_onepass_sig_packets (sk_list, out,
                                        opt.textmode && !outfile ? 0x01:0x00);
        if (rc)
@ -973,7 +973,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)

    /* Write the one-pass signature packets */
    /*(current filters: zip - encrypt - armor)*/
-    if (!old_style) {
+    if (!opt.rfc1991) {
        rc = write_onepass_sig_packets (sk_list, out,
                                        opt.textmode? 0x01:0x00);
        if (rc)