mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-22 14:57:02 +01:00
* build-packet.c (build_sig_subpkt): Delete subpackets from both hashed
and unhashed area on update. (find_subpkt): No longer needed. * keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4 signature. As usual, --expert overrides. Try to tweak some strings to a closer match so they can all be translated in one place. Use different helptext keys to allow different help text for different questions. * keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and unhashed areas if they are not going to be used.
This commit is contained in:
parent
018f352294
commit
5005434c7e
@ -1,3 +1,18 @@
|
||||
2002-04-11 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* build-packet.c (build_sig_subpkt): Delete subpackets from both
|
||||
hashed and unhashed area on update. (find_subpkt): No longer
|
||||
needed.
|
||||
|
||||
* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key
|
||||
with a v4 signature. As usual, --expert overrides. Try to tweak
|
||||
some strings to a closer match so they can all be translated in
|
||||
one place. Use different helptext keys to allow different help
|
||||
text for different questions.
|
||||
|
||||
* keygen.c (keygen_upd_std_prefs): Remove preferences from both
|
||||
hashed and unhashed areas if they are not going to be used.
|
||||
|
||||
2002-04-10 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* misc.c (pct_expando), options.skel: Use %t to indicate type of a
|
||||
|
@ -616,68 +616,6 @@ do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************
|
||||
* Find a subpacket of type REQTYPE in AREA and a return a pointer
|
||||
* to the first byte of that subpacket data.
|
||||
* And return the length of the packet in RET_N and the number of
|
||||
* header bytes in RET_HLEN (length header and type byte).
|
||||
*/
|
||||
static byte *
|
||||
find_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype,
|
||||
size_t *ret_hlen, size_t *ret_n )
|
||||
{
|
||||
byte *buffer;
|
||||
int buflen;
|
||||
sigsubpkttype_t type;
|
||||
byte *bufstart;
|
||||
size_t n;
|
||||
|
||||
if( !area )
|
||||
return NULL;
|
||||
buflen = area->len;
|
||||
buffer = area->data;
|
||||
for(;;) {
|
||||
if( !buflen )
|
||||
return NULL; /* end of packets; not found */
|
||||
bufstart = buffer;
|
||||
n = *buffer++; buflen--;
|
||||
if( n == 255 ) {
|
||||
if( buflen < 4 )
|
||||
break;
|
||||
n = (buffer[0] << 24) | (buffer[1] << 16)
|
||||
| (buffer[2] << 8) | buffer[3];
|
||||
buffer += 4;
|
||||
buflen -= 4;
|
||||
}
|
||||
else if( n >= 192 ) {
|
||||
if( buflen < 2 )
|
||||
break;
|
||||
n = (( n - 192 ) << 8) + *buffer + 192;
|
||||
buffer++;
|
||||
buflen--;
|
||||
}
|
||||
if( buflen < n )
|
||||
break;
|
||||
type = *buffer & 0x7f;
|
||||
if( type == reqtype ) {
|
||||
buffer++;
|
||||
n--;
|
||||
if( n > buflen )
|
||||
break;
|
||||
if( ret_hlen )
|
||||
*ret_hlen = buffer - bufstart;
|
||||
if( ret_n )
|
||||
*ret_n = n;
|
||||
return buffer;
|
||||
}
|
||||
buffer += n; buflen -=n;
|
||||
}
|
||||
|
||||
log_error("find_subpkt: buffer shorter than subpacket\n");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/****************
|
||||
* Delete all subpackets of type REQTYPE and return a bool whether a packet
|
||||
* was deleted.
|
||||
@ -767,33 +705,19 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
|
||||
|
||||
critical = (type & SIGSUBPKT_FLAG_CRITICAL);
|
||||
type &= ~SIGSUBPKT_FLAG_CRITICAL;
|
||||
|
||||
if( type == SIGSUBPKT_NOTATION )
|
||||
; /* we allow multiple packets */
|
||||
else if (find_subpkt (sig->hashed, type, NULL, NULL) ) {
|
||||
switch (type) {
|
||||
case SIGSUBPKT_SIG_CREATED:
|
||||
case SIGSUBPKT_PREF_SYM:
|
||||
case SIGSUBPKT_PREF_HASH:
|
||||
case SIGSUBPKT_PREF_COMPR:
|
||||
case SIGSUBPKT_FEATURES:
|
||||
case SIGSUBPKT_SIG_EXPIRE:
|
||||
delete_sig_subpkt (sig->hashed, type);
|
||||
break;
|
||||
default:
|
||||
log_bug("build_sig_packet: update of hashed type %d nyi\n", type);
|
||||
}
|
||||
}
|
||||
else if (find_subpkt (sig->unhashed, type, NULL, NULL)) {
|
||||
switch (type) {
|
||||
case SIGSUBPKT_PRIV_VERIFY_CACHE:
|
||||
case SIGSUBPKT_ISSUER:
|
||||
delete_sig_subpkt (sig->unhashed, type);
|
||||
break;
|
||||
default:
|
||||
log_bug("build_sig_packet: update of unhashed type %d nyi\n",type);
|
||||
}
|
||||
}
|
||||
|
||||
switch(type)
|
||||
{
|
||||
case SIGSUBPKT_NOTATION:
|
||||
/* we do allow multiple subpackets */
|
||||
break;
|
||||
|
||||
default:
|
||||
/* we don't allow multiple subpackets */
|
||||
delete_sig_subpkt(sig->hashed,type);
|
||||
delete_sig_subpkt(sig->unhashed,type);
|
||||
break;
|
||||
}
|
||||
|
||||
if( (buflen+1) >= 8384 )
|
||||
nlen = 5; /* write 5 byte length header */
|
||||
|
@ -273,7 +273,14 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
KBNODE node, uidnode;
|
||||
PKT_public_key *primary_pk=NULL;
|
||||
int select_all = !count_selected_uids(keyblock);
|
||||
int upd_trust = 0, force_v4=0;
|
||||
int upd_trust = 0, force_v4=0, all_v3=1;
|
||||
|
||||
/* Are there any non-v3 sigs on this key already? */
|
||||
if(opt.pgp2)
|
||||
for(node=keyblock;node;node=node->next)
|
||||
if(node->pkt->pkttype==PKT_SIGNATURE &&
|
||||
node->pkt->pkt.signature->version>3)
|
||||
all_v3=0;
|
||||
|
||||
if(local || opt.cert_policy_url || opt.notation_data)
|
||||
force_v4=1;
|
||||
@ -322,21 +329,23 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
|
||||
if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
|
||||
{
|
||||
tty_printf(_("User ID \"%s\" is revoked.\n"),
|
||||
tty_printf(_("User ID \"%s\" is revoked."),
|
||||
uidnode->pkt->pkt.user_id->name);
|
||||
|
||||
if(opt.expert)
|
||||
{
|
||||
tty_printf(_("Are you sure you still "
|
||||
"want to sign it?\n"));
|
||||
|
||||
tty_printf("\n");
|
||||
/* No, so remove the mark and continue */
|
||||
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
||||
_("Really sign? ")))
|
||||
if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
|
||||
_("Are you sure you still "
|
||||
"want to sign it? (y/N) ")))
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
}
|
||||
else
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
tty_printf(_(" Unable to sign.\n"));
|
||||
}
|
||||
}
|
||||
}
|
||||
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
|
||||
@ -350,12 +359,12 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
/* It's a local sig, and we want to make a
|
||||
exportable sig. */
|
||||
tty_printf(_("Your current signature on \"%s\"\n"
|
||||
"is a local signature.\n\n"
|
||||
"Do you want to promote it to a full "
|
||||
"exportable signature?\n"),
|
||||
"is a local signature.\n"),
|
||||
uidnode->pkt->pkt.user_id->name);
|
||||
if(cpr_get_answer_is_yes("sign_uid.promote",
|
||||
"Promote? (y/N) "))
|
||||
if(cpr_get_answer_is_yes("sign_uid.promote_okay",
|
||||
_("Do you want to promote "
|
||||
"it to a full exportable "
|
||||
"signature? (y/N) ")))
|
||||
{
|
||||
/* Mark these for later deletion. We
|
||||
don't want to delete them here, just in
|
||||
@ -409,15 +418,15 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
|
||||
if(opt.expert)
|
||||
{
|
||||
tty_printf(_(" Are you sure you still "
|
||||
"want to sign it?\n"));
|
||||
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
||||
_("Really sign? (y/N) ")))
|
||||
tty_printf(" ");
|
||||
if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
|
||||
_("Are you sure you still "
|
||||
"want to sign it? (y/N) ")))
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
tty_printf("\n");
|
||||
tty_printf(_(" Unable to sign.\n"));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
@ -426,7 +435,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
tty_printf(_("This key is due to expire on %s.\n"),
|
||||
expirestr_from_pk(primary_pk));
|
||||
/* Should this default to yes? -ds */
|
||||
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
|
||||
if(cpr_get_answer_is_yes("sign_uid.expire",
|
||||
_("Do you want your signature to "
|
||||
"expire at the same time? (y/N) ")))
|
||||
{
|
||||
/* This fixes the signature timestamp we're going
|
||||
to make as now. This is so the expiration date
|
||||
@ -448,6 +459,29 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
if(duration)
|
||||
force_v4=1;
|
||||
|
||||
/* Is --pgp2 on, it's a v3 key, all the sigs on the key are
|
||||
currently v3 and we're about to sign it with a v4 sig? If
|
||||
so, danger! */
|
||||
if(opt.pgp2 && all_v3 &&
|
||||
(sk->version>3 || force_v4) && primary_pk->version<=3)
|
||||
{
|
||||
tty_printf(_("You may not make an OpenPGP signature on a "
|
||||
"PGP 2.x key while in --pgp2 mode.\n"));
|
||||
tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
|
||||
|
||||
if(opt.expert)
|
||||
{
|
||||
if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
|
||||
_("Are you sure you still "
|
||||
"want to sign it? (y/N) ")))
|
||||
continue;
|
||||
|
||||
all_v3=0;
|
||||
}
|
||||
else
|
||||
continue;
|
||||
}
|
||||
|
||||
if(opt.batch)
|
||||
class=0x10+opt.def_check_level;
|
||||
else
|
||||
@ -1004,18 +1038,21 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
||||
case cmdNRLSIGN: /* sign (only the public key) */
|
||||
if( pk->is_revoked )
|
||||
{
|
||||
tty_printf(_("Key is revoked.\n"));
|
||||
tty_printf(_("Key is revoked."));
|
||||
|
||||
if(opt.expert)
|
||||
{
|
||||
tty_printf(_("Are you sure you still want to sign it?\n"));
|
||||
|
||||
tty_printf(" ");
|
||||
if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
|
||||
_("Really sign? ")))
|
||||
_("Are you sure you still want "
|
||||
"to sign it? (y/N) ")))
|
||||
break;
|
||||
}
|
||||
else
|
||||
break;
|
||||
{
|
||||
tty_printf("\n");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
|
||||
|
13
g10/keygen.c
13
g10/keygen.c
@ -328,15 +328,26 @@ keygen_upd_std_prefs( PKT_signature *sig, void *opaque )
|
||||
if (nsym_prefs)
|
||||
build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
|
||||
else
|
||||
{
|
||||
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
|
||||
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
|
||||
}
|
||||
|
||||
if (nhash_prefs)
|
||||
build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
|
||||
else
|
||||
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
|
||||
{
|
||||
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
|
||||
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
|
||||
}
|
||||
|
||||
if (nzip_prefs)
|
||||
build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
|
||||
else
|
||||
{
|
||||
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
|
||||
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
|
||||
}
|
||||
|
||||
/* Make sure that the MDC feature flag is set */
|
||||
add_feature_mdc (sig);
|
||||
|
Loading…
x
Reference in New Issue
Block a user