security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-23 20:08:04 +01:00
Code Activity

Use one-pass packets even if it's a v3 key making the signature

Browse Source 
Warn with pgp2 and non-detached signatures
Use the actual filesize rather than partial length packets in
symmetric messages (see ChangeLog or NEWS for discussion).
This commit is contained in:
David Shaw 2002-01-04 23:26:30 +00:00
parent 90d15a9d6a
commit 43930f255e
4 changed files with 51 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
g10/ChangeLog
View File

@ -1,3 +1,21 @@
2002-01-04 David Shaw <dshaw@jabberwocky.com>
* sign.c (sign_file, sign_symencrypt_file): always use one-pass
packets unless rfc1991 is enabled. This allows a signature made
with a v3 key to work in PGP 6 and 7. Signatures made with v4
keys are unchanged.
* g10.c (main): Disallow non-detached signatures in PGP2 mode.
Move the "you must use files and not pipes" PGP2 warning up so all
the PGP2 stuff is together.
* encode.c (encode_simple): Use the actual filesize instead of
partial length packets in the internal literal packet from a
symmetric message. This breaks PGP5(?), but fixes PGP2, 6, and 7.
It's a decent tradeoff. Note there was only an issue with
old-style RFC1991 symmetric messages. 2440-style messages in 6
and 7 work with or without partial length packets.
2002-01-03 David Shaw <dshaw@jabberwocky.com> 2002-01-03 David Shaw <dshaw@jabberwocky.com>
* g10.c (main): Removed --no-default-check-level option, as it is * g10.c (main): Removed --no-default-check-level option, as it is

21
g10/encode.c
View File

@ -169,13 +169,18 @@ encode_simple( const char *filename, int mode )
} }
} }
/* pgp5 has problems to decrypt symmetrically encrypted data from /* Note that PGP 5 has problems decrypting symmetrically encrypted
* GnuPG if the filelength is in the inner packet. It works data if the file length is in the inner packet. It works when
* when only partial length headers are use. Until we have only partial length headers are use. In the past, we always
* tracked this problem down. We use this temporary fix used partial body length here, but since PGP 2, PGP 6, and PGP
* (fixme: remove the && !mode ) 7 need the file length, and nobody should be using PGP 5
*/ nowadays anyway, this is now set to the file length. Note also
if( filename && !opt.textmode && !mode ) { that this only applies to the RFC-1991 style symmetric
messages, and not the RFC-2440 style. PGP 6 and 7 work with
either partial length or fixed length with the new style
messages. */
if( filename && !opt.textmode ) {
if( !(filesize = iobuf_get_filelength(inp)) ) if( !(filesize = iobuf_get_filelength(inp)) )
log_info(_("%s: WARNING: empty file\n"), filename ); log_info(_("%s: WARNING: empty file\n"), filename );
/* we can't yet encode the length of very large files, /* we can't yet encode the length of very large files,
@ -570,5 +575,3 @@ encode_crypt_files(int argc, char **argv, STRLIST remusr)
argv++; argv++;
} }
} }

35
g10/g10.c
View File

@ -1282,21 +1282,31 @@ main( int argc, char **argv )
{ {
int unusable=0; int unusable=0;
/* Everything else should work without IDEA (except using a if(cmd==aSign && !detached_sig)
secret key encrypted with IDEA and setting an IDEA {
preference, but those have their own error messages). */ log_info(_("you can only make detached or clear signatures "
"while in --pgp2 mode\n"));
if(cmd==aSignEncr) unusable=1;
}
else if(cmd==aSignEncr)
{ {
log_info(_("you can't sign and encrypt at the " log_info(_("you can't sign and encrypt at the "
"same time while in --pgp2 mode\n")); "same time while in --pgp2 mode\n"));
unusable=1; unusable=1;
} }
else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym))
if(cmd==aEncr || cmd==aSym)
{ {
/* We don't have to fail here, since the regular cipher log_info(_("you must use files (and not a pipe) when "
algo check will make us fail later. */ "working with --pgp2 enabled.\n"));
unusable=1;
}
else if(cmd==aEncr || cmd==aSym)
{
/* Everything else should work without IDEA (except using
a secret key encrypted with IDEA and setting an IDEA
preference, but those have their own error
messages). */
if(check_cipher_algo(CIPHER_ALGO_IDEA)) if(check_cipher_algo(CIPHER_ALGO_IDEA))
{ {
log_info(_("encrypting a message in --pgp2 mode requires " log_info(_("encrypting a message in --pgp2 mode requires "
@ -1505,13 +1515,6 @@ main( int argc, char **argv )
break; break;
case aEncr: /* encrypt the given file */ case aEncr: /* encrypt the given file */
if( argc == 0 && opt.pgp2 ) {
log_info(_("you must use files (and not a pipe) when "
"encrypting with --pgp2 enabled.\n"));
log_info(_("this message will not be usable by PGP 2.x\n"));
opt.pgp2=0;
}
if( argc > 1 ) if( argc > 1 )
wrong_args(_("--encrypt [filename]")); wrong_args(_("--encrypt [filename]"));
if( (rc = encode_crypt(fname,remusr)) ) if( (rc = encode_crypt(fname,remusr)) )

4
g10/sign.c
View File

@ -648,7 +648,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
} }
/* Write the one-pass signature packets if needed */ /* Write the one-pass signature packets if needed */
if (!detached && !old_style) { if (!detached && !opt.rfc1991) {
rc = write_onepass_sig_packets (sk_list, out, rc = write_onepass_sig_packets (sk_list, out,
opt.textmode && !outfile ? 0x01:0x00); opt.textmode && !outfile ? 0x01:0x00);
if (rc) if (rc)
@ -973,7 +973,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
/* Write the one-pass signature packets */ /* Write the one-pass signature packets */
/*(current filters: zip - encrypt - armor)*/ /*(current filters: zip - encrypt - armor)*/
if (!old_style) { if (!opt.rfc1991) {
rc = write_onepass_sig_packets (sk_list, out, rc = write_onepass_sig_packets (sk_list, out,
opt.textmode? 0x01:0x00); opt.textmode? 0x01:0x00);
if (rc) if (rc)