security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00
Code Activity

* build-packet.c (build_sig_subpkt): Delete subpackets from both hashed

Browse Source 
and unhashed area on update.  (find_subpkt): No longer needed.

* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature.  As usual, --expert overrides.  Try to tweak some strings to a
closer match so they can all be translated in one place.  Use different
helptext keys to allow different help text for different questions.

* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
This commit is contained in:
David Shaw 2002-04-12 04:07:26 +00:00
parent 018f352294
commit 5005434c7e
4 changed files with 101 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
g10/ChangeLog
View File

@ -1,3 +1,18 @@
2002-04-11 David Shaw <dshaw@jabberwocky.com>
* build-packet.c (build_sig_subpkt): Delete subpackets from both
hashed and unhashed area on update. (find_subpkt): No longer
needed.
* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key
with a v4 signature. As usual, --expert overrides. Try to tweak
some strings to a closer match so they can all be translated in
one place. Use different helptext keys to allow different help
text for different questions.
* keygen.c (keygen_upd_std_prefs): Remove preferences from both
hashed and unhashed areas if they are not going to be used.
2002-04-10 David Shaw <dshaw@jabberwocky.com>
* misc.c (pct_expando), options.skel: Use %t to indicate type of a

100
g10/build-packet.c
View File

@ -616,68 +616,6 @@ do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
}
/****************
* Find a subpacket of type REQTYPE in AREA and a return a pointer
* to the first byte of that subpacket data.
* And return the length of the packet in RET_N and the number of
* header bytes in RET_HLEN (length header and type byte).
*/
static byte *
find_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype,
size_t *ret_hlen, size_t *ret_n )
{
byte *buffer;
int buflen;
sigsubpkttype_t type;
byte *bufstart;
size_t n;
if( !area )
return NULL;
buflen = area->len;
buffer = area->data;
for(;;) {
if( !buflen )
return NULL; /* end of packets; not found */
bufstart = buffer;
n = *buffer++; buflen--;
if( n == 255 ) {
if( buflen < 4 )
break;
n = (buffer[0] << 24) | (buffer[1] << 16)
| (buffer[2] << 8) | buffer[3];
buffer += 4;
buflen -= 4;
}
else if( n >= 192 ) {
if( buflen < 2 )
break;
n = (( n - 192 ) << 8) + *buffer + 192;
buffer++;
buflen--;
}
if( buflen < n )
break;
type = *buffer & 0x7f;
if( type == reqtype ) {
buffer++;
n--;
if( n > buflen )
break;
if( ret_hlen )
*ret_hlen = buffer - bufstart;
if( ret_n )
*ret_n = n;
return buffer;
}
buffer += n; buflen -=n;
}
log_error("find_subpkt: buffer shorter than subpacket\n");
return NULL;
}
/****************
* Delete all subpackets of type REQTYPE and return a bool whether a packet
* was deleted.
@ -768,32 +706,18 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
critical = (type & SIGSUBPKT_FLAG_CRITICAL);
type &= ~SIGSUBPKT_FLAG_CRITICAL;
if( type == SIGSUBPKT_NOTATION )
; /* we allow multiple packets */
else if (find_subpkt (sig->hashed, type, NULL, NULL) ) {
switch (type) {
case SIGSUBPKT_SIG_CREATED:
case SIGSUBPKT_PREF_SYM:
case SIGSUBPKT_PREF_HASH:
case SIGSUBPKT_PREF_COMPR:
case SIGSUBPKT_FEATURES:
case SIGSUBPKT_SIG_EXPIRE:
delete_sig_subpkt (sig->hashed, type);
break;
default:
log_bug("build_sig_packet: update of hashed type %d nyi\n", type);
}
}
else if (find_subpkt (sig->unhashed, type, NULL, NULL)) {
switch (type) {
case SIGSUBPKT_PRIV_VERIFY_CACHE:
case SIGSUBPKT_ISSUER:
delete_sig_subpkt (sig->unhashed, type);
break;
default:
log_bug("build_sig_packet: update of unhashed type %d nyi\n",type);
}
}
switch(type)
{
case SIGSUBPKT_NOTATION:
/* we do allow multiple subpackets */
break;
default:
/* we don't allow multiple subpackets */
delete_sig_subpkt(sig->hashed,type);
delete_sig_subpkt(sig->unhashed,type);
break;
}
if( (buflen+1) >= 8384 )
nlen = 5; /* write 5 byte length header */

85
g10/keyedit.c
View File

@ -273,7 +273,14 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
KBNODE node, uidnode;
PKT_public_key *primary_pk=NULL;
int select_all = !count_selected_uids(keyblock);
int upd_trust = 0, force_v4=0;
int upd_trust = 0, force_v4=0, all_v3=1;
/* Are there any non-v3 sigs on this key already? */
if(opt.pgp2)
for(node=keyblock;node;node=node->next)
if(node->pkt->pkttype==PKT_SIGNATURE &&
node->pkt->pkt.signature->version>3)
all_v3=0;
if(local || opt.cert_policy_url || opt.notation_data)
force_v4=1;
@ -322,21 +329,23 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
{
tty_printf(_("User ID \"%s\" is revoked.\n"),
tty_printf(_("User ID \"%s\" is revoked."),
uidnode->pkt->pkt.user_id->name);
if(opt.expert)
{
tty_printf(_("Are you sure you still "
"want to sign it?\n"));
tty_printf("\n");
/* No, so remove the mark and continue */
if(!cpr_get_answer_is_yes("sign_uid.okay",
_("Really sign? ")))
if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
_("Are you sure you still "
"want to sign it? (y/N) ")))
uidnode->flag &= ~NODFLG_MARK_A;
}
else
uidnode->flag &= ~NODFLG_MARK_A;
{
uidnode->flag &= ~NODFLG_MARK_A;
tty_printf(_(" Unable to sign.\n"));
}
}
}
else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE
@ -350,12 +359,12 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
/* It's a local sig, and we want to make a
exportable sig. */
tty_printf(_("Your current signature on \"%s\"\n"
"is a local signature.\n\n"
"Do you want to promote it to a full "
"exportable signature?\n"),
"is a local signature.\n"),
uidnode->pkt->pkt.user_id->name);
if(cpr_get_answer_is_yes("sign_uid.promote",
"Promote? (y/N) "))
if(cpr_get_answer_is_yes("sign_uid.promote_okay",
_("Do you want to promote "
"it to a full exportable "
"signature? (y/N) ")))
{
/* Mark these for later deletion. We
don't want to delete them here, just in
@ -409,15 +418,15 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
if(opt.expert)
{
tty_printf(_(" Are you sure you still "
"want to sign it?\n"));
if(!cpr_get_answer_is_yes("sign_uid.okay",
_("Really sign? (y/N) ")))
tty_printf(" ");
if(!cpr_get_answer_is_yes("sign_uid.expired_okay",
_("Are you sure you still "
"want to sign it? (y/N) ")))
continue;
}
else
{
tty_printf("\n");
tty_printf(_(" Unable to sign.\n"));
continue;
}
}
@ -426,7 +435,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
tty_printf(_("This key is due to expire on %s.\n"),
expirestr_from_pk(primary_pk));
/* Should this default to yes? -ds */
if(cpr_get_answer_is_yes("sign_uid.expire",_("Do you want your signature to expire at the same time? (y/N) ")))
if(cpr_get_answer_is_yes("sign_uid.expire",
_("Do you want your signature to "
"expire at the same time? (y/N) ")))
{
/* This fixes the signature timestamp we're going
to make as now. This is so the expiration date
@ -448,6 +459,29 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
if(duration)
force_v4=1;
/* Is --pgp2 on, it's a v3 key, all the sigs on the key are
currently v3 and we're about to sign it with a v4 sig? If
so, danger! */
if(opt.pgp2 && all_v3 &&
(sk->version>3 || force_v4) && primary_pk->version<=3)
{
tty_printf(_("You may not make an OpenPGP signature on a "
"PGP 2.x key while in --pgp2 mode.\n"));
tty_printf(_("This would make the key unusable in PGP 2.x.\n"));
if(opt.expert)
{
if(!cpr_get_answer_is_yes("sign_uid.v4_on_v3_okay",
_("Are you sure you still "
"want to sign it? (y/N) ")))
continue;
all_v3=0;
}
else
continue;
}
if(opt.batch)
class=0x10+opt.def_check_level;
else
@ -1004,18 +1038,21 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
case cmdNRLSIGN: /* sign (only the public key) */
if( pk->is_revoked )
{
tty_printf(_("Key is revoked.\n"));
tty_printf(_("Key is revoked."));
if(opt.expert)
{
tty_printf(_("Are you sure you still want to sign it?\n"));
tty_printf(" ");
if(!cpr_get_answer_is_yes("keyedit.sign_revoked.okay",
_("Really sign? ")))
_("Are you sure you still want "
"to sign it? (y/N) ")))
break;
}
else
break;
{
tty_printf("\n");
break;
}
}
if( count_uids(keyblock) > 1 && !count_selected_uids(keyblock) ) {

13
g10/keygen.c
View File

@ -328,15 +328,26 @@ keygen_upd_std_prefs( PKT_signature *sig, void *opaque )
if (nsym_prefs)
build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
else
{
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
}
if (nhash_prefs)
build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
else
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
{
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
}
if (nzip_prefs)
build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
else
{
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
}
/* Make sure that the MDC feature flag is set */
add_feature_mdc (sig);