mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* build-packet.c (build_sig_subpkt): Delete subpackets from both hashed
and unhashed area on update. (find_subpkt): No longer needed. * keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4 signature. As usual, --expert overrides. Try to tweak some strings to a closer match so they can all be translated in one place. Use different helptext keys to allow different help text for different questions. * keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and unhashed areas if they are not going to be used.
This commit is contained in:
parent
018f352294
commit
5005434c7e
@ -1,3 +1,18 @@
|
|||||||
|
2002-04-11 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* build-packet.c (build_sig_subpkt): Delete subpackets from both
|
||||||
|
hashed and unhashed area on update. (find_subpkt): No longer
|
||||||
|
needed.
|
||||||
|
|
||||||
|
* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key
|
||||||
|
with a v4 signature. As usual, --expert overrides. Try to tweak
|
||||||
|
some strings to a closer match so they can all be translated in
|
||||||
|
one place. Use different helptext keys to allow different help
|
||||||
|
text for different questions.
|
||||||
|
|
||||||
|
* keygen.c (keygen_upd_std_prefs): Remove preferences from both
|
||||||
|
hashed and unhashed areas if they are not going to be used.
|
||||||
|
|
||||||
2002-04-10 David Shaw <dshaw@jabberwocky.com>
|
2002-04-10 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* misc.c (pct_expando), options.skel: Use %t to indicate type of a
|
* misc.c (pct_expando), options.skel: Use %t to indicate type of a
|
||||||
|
@ -616,68 +616,6 @@ do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/****************
|
|
||||||
* Find a subpacket of type REQTYPE in AREA and a return a pointer
|
|
||||||
* to the first byte of that subpacket data.
|
|
||||||
* And return the length of the packet in RET_N and the number of
|
|
||||||
* header bytes in RET_HLEN (length header and type byte).
|
|
||||||
*/
|
|
||||||
static byte *
|
|
||||||
find_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype,
|
|
||||||
size_t *ret_hlen, size_t *ret_n )
|
|
||||||
{
|
|
||||||
byte *buffer;
|
|
||||||
int buflen;
|
|
||||||
sigsubpkttype_t type;
|
|
||||||
byte *bufstart;
|
|
||||||
size_t n;
|
|
||||||
|
|
||||||
if( !area )
|
|
||||||
return NULL;
|
|
||||||
buflen = area->len;
|
|
||||||
buffer = area->data;
|
|
||||||
for(;;) {
|
|
||||||
if( !buflen )
|
|
||||||
return NULL; /* end of packets; not found */
|
|
||||||
bufstart = buffer;
|
|
||||||
n = *buffer++; buflen--;
|
|
||||||
if( n == 255 ) {
|
|
||||||
if( buflen < 4 )
|
|
||||||
break;
|
|
||||||
n = (buffer[0] << 24) | (buffer[1] << 16)
|
|
||||||
| (buffer[2] << 8) | buffer[3];
|
|
||||||
buffer += 4;
|
|
||||||
buflen -= 4;
|
|
||||||
}
|
|
||||||
else if( n >= 192 ) {
|
|
||||||
if( buflen < 2 )
|
|
||||||
break;
|
|
||||||
n = (( n - 192 ) << 8) + *buffer + 192;
|
|
||||||
buffer++;
|
|
||||||
buflen--;
|
|
||||||
}
|
|
||||||
if( buflen < n )
|
|
||||||
break;
|
|
||||||
type = *buffer & 0x7f;
|
|
||||||
if( type == reqtype ) {
|
|
||||||
buffer++;
|
|
||||||
n--;
|
|
||||||
if( n > buflen )
|
|
||||||
break;
|
|
||||||
if( ret_hlen )
|
|
||||||
*ret_hlen = buffer - bufstart;
|
|
||||||
if( ret_n )
|
|
||||||
*ret_n = n;
|
|
||||||
return buffer;
|
|
||||||
}
|
|
||||||
buffer += n; buflen -=n;
|
|
||||||
}
|
|
||||||
|
|
||||||
log_error("find_subpkt: buffer shorter than subpacket\n");
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Delete all subpackets of type REQTYPE and return a bool whether a packet
|
* Delete all subpackets of type REQTYPE and return a bool whether a packet
|
||||||
* was deleted.
|
* was deleted.
|
||||||
@ -768,31 +706,17 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
|
|||||||
critical = (type & SIGSUBPKT_FLAG_CRITICAL);
|
critical = (type & SIGSUBPKT_FLAG_CRITICAL);
|
||||||
type &= ~SIGSUBPKT_FLAG_CRITICAL;
|
type &= ~SIGSUBPKT_FLAG_CRITICAL;
|
||||||
|
|
||||||
if( type == SIGSUBPKT_NOTATION )
|
switch(type)
|
||||||
; /* we allow multiple packets */
|
{
|
||||||
else if (find_subpkt (sig->hashed, type, NULL, NULL) ) {
|
case SIGSUBPKT_NOTATION:
|
||||||
switch (type) {
|
/* we do allow multiple subpackets */
|
||||||
case SIGSUBPKT_SIG_CREATED:
|
|
||||||
case SIGSUBPKT_PREF_SYM:
|
|
||||||
case SIGSUBPKT_PREF_HASH:
|
|
||||||
case SIGSUBPKT_PREF_COMPR:
|
|
||||||
case SIGSUBPKT_FEATURES:
|
|
||||||
case SIGSUBPKT_SIG_EXPIRE:
|
|
||||||
delete_sig_subpkt (sig->hashed, type);
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
log_bug("build_sig_packet: update of hashed type %d nyi\n", type);
|
/* we don't allow multiple subpackets */
|
||||||
}
|
delete_sig_subpkt(sig->hashed,type);
|
||||||
}
|
delete_sig_subpkt(sig->unhashed,type);
|
||||||
else if (find_subpkt (sig->unhashed, type, NULL, NULL)) {
|
|
||||||
switch (type) {
|
|
||||||
case SIGSUBPKT_PRIV_VERIFY_CACHE:
|
|
||||||
case SIGSUBPKT_ISSUER:
|
|
||||||
delete_sig_subpkt (sig->unhashed, type);
|
|
||||||
break;
|
break;
|
||||||
default:
|
|
||||||
log_bug("build_sig_packet: update of unhashed type %d nyi\n",type);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if( (buflen+1) >= 8384 )
|
if( (buflen+1) >= 8384 )
|
||||||
|
@ -273,7 +273,14 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
KBNODE node, uidnode;
|
KBNODE node, uidnode;
|
||||||
PKT_public_key *primary_pk=NULL;
|
PKT_public_key *primary_pk=NULL;
|
||||||
int select_all = !count_selected_uids(keyblock);
|
int select_all = !count_selected_uids(keyblock);
|
||||||
int upd_trust = 0, force_v4=0;
|
int upd_trust = 0, force_v4=0, all_v3=1;
|
||||||
|
|
||||||
|
/* Are there any non-v3 sigs on this key already? */
|
||||||
|
if(opt.pgp2)
|
||||||
|
for(node=keyblock;node;node=node->next)
|
||||||
|
if(node->pkt->pkttype==PKT_SIGNATURE &&
|
||||||
|
node->pkt->pkt.signature->version>3)
|
||||||
|
all_v3=0;
|
||||||
|
|
||||||
if(local || opt.cert_policy_url || opt.notation_data)
|
if(local || opt.cert_policy_url || opt.notation_data)
|
||||||
force_v4=1;
|
force_v4=1;
|
||||||
@ -322,21 +329,23 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
|
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
|
||||||
if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
|
if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
|
||||||
{
|
{
|
||||||
tty_printf(_("User ID \"%s\" is revoked.\n"),
|
tty_printf(_("User ID \"%s\" is revoked."),
|
||||||
uidnode->pkt->pkt.user_id->name);
|
uidnode->pkt->pkt.user_id->name);
|
||||||
|
|
||||||
if(opt.expert)
|
if(opt.expert)
|
||||||
{
|
{
|
||||||
tty_printf(_("Are you sure you still "
|
tty_printf("\n");
|
||||||
"want to sign it?\n"));
|
|
||||||
|
|
||||||
/* No, so remove the mark and continue */
|
/* No, so remove the mark and continue */
|
||||||
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
|
||||||
_("Really sign? ")))
|
_("Are you sure you still "
|
||||||
|
"want to sign it? (y/N) ")))
|
||||||
uidnode->flag &= ~NODFLG_MARK_A;
|
uidnode->flag &= ~NODFLG_MARK_A;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
uidnode->flag &= ~NODFLG_MARK_A;
|
uidnode->flag &= ~NODFLG_MARK_A;
|
||||||
|
tty_printf(_(" Unable to sign.\n"));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
|
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
|
||||||
@ -350,12 +359,12 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
/* It's a local sig, and we want to make a
|
/* It's a local sig, and we want to make a
|
||||||
exportable sig. */
|
exportable sig. */
|
||||||
tty_printf(_("Your current signature on \"%s\"\n"
|
tty_printf(_("Your current signature on \"%s\"\n"
|
||||||
"is a local signature.\n\n"
|
"is a local signature.\n"),
|
||||||
"Do you want to promote it to a full "
|
|
||||||
"exportable signature?\n"),
|
|
||||||
uidnode->pkt->pkt.user_id->name);
|
uidnode->pkt->pkt.user_id->name);
|
||||||
if(cpr_get_answer_is_yes("sign_uid.promote",
|
if(cpr_get_answer_is_yes("sign_uid.promote_okay",
|
||||||
"Promote? (y/N) "))
|
_("Do you want to promote "
|
||||||
|
"it to a full exportable "
|
||||||
|
"signature? (y/N) ")))
|
||||||
{
|
{
|
||||||
/* Mark these for later deletion. We
|
/* Mark these for later deletion. We
|
||||||
don't want to delete them here, just in
|
don't want to delete them here, just in
|
||||||
@ -409,15 +418,15 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
|
|
||||||
if(opt.expert)
|
if(opt.expert)
|
||||||
{
|
{
|
||||||
tty_printf(_(" Are you sure you still "
|
tty_printf(" ");
|
||||||
"want to sign it?\n"));
|
if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
|
||||||
if(!cpr_get_answer_is_yes("sign_uid.okay",
|
_("Are you sure you still "
|
||||||
_("Really sign? (y/N) ")))
|
"want to sign it? (y/N) ")))
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
tty_printf("\n");
|
tty_printf(_(" Unable to sign.\n"));
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -426,7 +435,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
tty_printf(_("This key is due to expire on %s.\n"),
|
tty_printf(_("This key is due to expire on %s.\n"),
|
||||||
expirestr_from_pk(primary_pk));
|
expirestr_from_pk(primary_pk));
|
||||||
/* Should this default to yes? -ds */
|
/* Should this default to yes? -ds */
|
||||||
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
|
if(cpr_get_answer_is_yes("sign_uid.expire",
|
||||||
|
_("Do you want your signature to "
|
||||||
|
"expire at the same time? (y/N) ")))
|
||||||
{
|
{
|
||||||
/* This fixes the signature timestamp we're going
|
/* This fixes the signature timestamp we're going
|
||||||
to make as now. This is so the expiration date
|
to make as now. This is so the expiration date
|
||||||
@ -448,6 +459,29 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||||||
if(duration)
|
if(duration)
|
||||||
force_v4=1;
|
force_v4=1;
|
||||||
|
|
||||||
|
/* Is --pgp2 on, it's a v3 key, all the sigs on the key are
|
||||||
|
currently v3 and we're about to sign it with a v4 sig? If
|
||||||
|
so, danger! */
|
||||||
|
if(opt.pgp2 && all_v3 &&
|
||||||
|
(sk->version>3 || force_v4) && primary_pk->version<=3)
|
||||||
|
{
|
||||||
|
tty_printf(_("You may not make an OpenPGP signature on a "
|
||||||
|
"PGP 2.x key while in --pgp2 mode.\n"));
|
||||||
|
tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
|
||||||
|
|
||||||
|
if(opt.expert)
|
||||||
|
{
|
||||||
|
if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
|
||||||
|
_("Are you sure you still "
|
||||||
|
"want to sign it? (y/N) ")))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
all_v3=0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
if(opt.batch)
|
if(opt.batch)
|
||||||
class=0x10+opt.def_check_level;
|
class=0x10+opt.def_check_level;
|
||||||
else
|
else
|
||||||
@ -1004,19 +1038,22 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
|||||||
case cmdNRLSIGN: /* sign (only the public key) */
|
case cmdNRLSIGN: /* sign (only the public key) */
|
||||||
if( pk->is_revoked )
|
if( pk->is_revoked )
|
||||||
{
|
{
|
||||||
tty_printf(_("Key is revoked.\n"));
|
tty_printf(_("Key is revoked."));
|
||||||
|
|
||||||
if(opt.expert)
|
if(opt.expert)
|
||||||
{
|
{
|
||||||
tty_printf(_("Are you sure you still want to sign it?\n"));
|
tty_printf(" ");
|
||||||
|
|
||||||
if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
|
if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
|
||||||
_("Really sign? ")))
|
_("Are you sure you still want "
|
||||||
|
"to sign it? (y/N) ")))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
{
|
||||||
|
tty_printf("\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
|
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {
|
||||||
if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
|
if( !cpr_get_answer_is_yes("keyedit.sign_all.okay",
|
||||||
|
11
g10/keygen.c
11
g10/keygen.c
@ -328,15 +328,26 @@ keygen_upd_std_prefs( PKT_signature *sig, void *opaque )
|
|||||||
if (nsym_prefs)
|
if (nsym_prefs)
|
||||||
build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
|
build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
|
||||||
else
|
else
|
||||||
|
{
|
||||||
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
|
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
|
||||||
|
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
|
||||||
|
}
|
||||||
|
|
||||||
if (nhash_prefs)
|
if (nhash_prefs)
|
||||||
build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
|
build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
|
||||||
else
|
else
|
||||||
|
{
|
||||||
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
|
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
|
||||||
|
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
|
||||||
|
}
|
||||||
|
|
||||||
if (nzip_prefs)
|
if (nzip_prefs)
|
||||||
build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
|
build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
|
||||||
else
|
else
|
||||||
|
{
|
||||||
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
|
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
|
||||||
|
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
|
||||||
|
}
|
||||||
|
|
||||||
/* Make sure that the MDC feature flag is set */
|
/* Make sure that the MDC feature flag is set */
|
||||||
add_feature_mdc (sig);
|
add_feature_mdc (sig);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user