1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

* sign.c (write_signature_packets, sign_file, clearsign_file,

sign_symencrypt_file): Make a v4 signature if a policy URL or notation is
set, unless v3 sigs are forced via rfc1991 or force-v3-sigs.  Also remove
some doubled code and clarify an error message (we don't sign in PGP2
mode - just detach-sign).

* parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any size"
section.
This commit is contained in:
David Shaw 2002-05-30 22:58:19 +00:00
parent da3f17990c
commit 5f5c43ab26
3 changed files with 36 additions and 34 deletions

View File

@ -1,3 +1,14 @@
2002-05-30 David Shaw <dshaw@jabberwocky.com>
* sign.c (write_signature_packets, sign_file, clearsign_file,
sign_symencrypt_file): Make a v4 signature if a policy URL or
notation is set, unless v3 sigs are forced via rfc1991 or
force-v3-sigs. Also remove some doubled code and clarify an error
message (we don't sign in PGP2 mode - just detach-sign).
* parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any
size" section.
2002-05-29 David Shaw <dshaw@jabberwocky.com>
* keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and

View File

@ -908,6 +908,10 @@ int
parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
{
switch( type ) {
case SIGSUBPKT_REV_KEY:
if(n < 22)
break;
return 0;
case SIGSUBPKT_SIG_CREATED:
case SIGSUBPKT_SIG_EXPIRE:
case SIGSUBPKT_KEY_EXPIRE:
@ -915,13 +919,19 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
break;
return 0;
case SIGSUBPKT_KEY_FLAGS:
return 0;
case SIGSUBPKT_KS_FLAGS:
case SIGSUBPKT_PREF_SYM:
case SIGSUBPKT_PREF_HASH:
case SIGSUBPKT_PREF_COMPR:
case SIGSUBPKT_POLICY:
case SIGSUBPKT_FEATURES:
return 0;
case SIGSUBPKT_EXPORTABLE:
case SIGSUBPKT_REVOCABLE:
if( !n )
break;
return 0;
case SIGSUBPKT_ISSUER:/* issuer key ID */
case SIGSUBPKT_ISSUER: /* issuer key ID */
if( n < 8 )
break;
return 0;
@ -929,20 +939,10 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
if( n < 8 ) /* minimum length needed */
break;
return 0;
case SIGSUBPKT_REV_KEY:
if(n < 22)
break;
return 0;
case SIGSUBPKT_REVOC_REASON:
if( !n )
break;
return 0;
case SIGSUBPKT_PREF_SYM:
case SIGSUBPKT_PREF_HASH:
case SIGSUBPKT_PREF_COMPR:
case SIGSUBPKT_POLICY:
case SIGSUBPKT_FEATURES:
return 0;
case SIGSUBPKT_PRIMARY_UID:
if ( n != 1 )
break;

View File

@ -514,7 +514,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
static int
write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
int sigclass, u32 timestamp, u32 duration,
int old_style, int status_letter)
int status_letter)
{
SK_LIST sk_rover;
@ -529,9 +529,9 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash,
/* build the signature packet */
sig = m_alloc_clear (sizeof *sig);
if(old_style || opt.force_v3_sigs)
if(opt.force_v3_sigs || opt.rfc1991)
sig->version=3;
else if(duration)
else if(duration || opt.sig_policy_url || opt.sig_notation_data)
sig->version=4;
else
sig->version=sk->version;
@ -609,7 +609,6 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
int multifile = 0;
int old_style = opt.rfc1991;
u32 timestamp=0,duration=0;
memset( &afx, 0, sizeof afx);
@ -629,18 +628,15 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encryptflag) )
log_bug("multiple files can only be detached signed");
if(opt.ask_sig_expire && !opt.pgp2 && !opt.batch &&
!opt.force_v3_sigs && !old_style)
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
if( (!old_style && !duration) || opt.pgp2 )
old_style = only_old_style( sk_list );
if(!old_style && opt.pgp2)
if(opt.pgp2 && !only_old_style(sk_list))
{
log_info(_("you can only sign with PGP 2.x style keys "
log_info(_("you can only detach-sign with PGP 2.x style keys "
"while in --pgp2 mode\n"));
log_info(_("this message may not be usable by PGP 2.x\n"));
opt.pgp2=0;
@ -774,8 +770,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
/* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md,
opt.textmode && !outfile? 0x01 : 0x00,
timestamp, duration,
old_style, detached ? 'D':'S');
timestamp, duration, detached ? 'D':'S');
if( rc )
goto leave;
@ -817,13 +812,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
memset( &afx, 0, sizeof afx);
init_packet( &pkt );
if(opt.ask_sig_expire && !opt.pgp2 && !opt.batch &&
!opt.force_v3_sigs && !old_style)
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
duration=ask_expire_interval(1);
if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave;
if( (!old_style && !duration) || opt.pgp2 )
if( !old_style && !duration )
old_style = only_old_style( sk_list );
if(!old_style && opt.pgp2)
@ -914,7 +909,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
/* write the signatures */
rc = write_signature_packets (sk_list, out, textmd, 0x01,
timestamp, duration, old_style, 'C');
timestamp, duration, 'C');
if( rc )
goto leave;
@ -947,7 +942,6 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
int rc = 0;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
int old_style = opt.rfc1991;
int algo;
u32 timestamp=0,duration=0;
@ -958,14 +952,12 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
if(opt.ask_sig_expire && !opt.batch && !opt.force_v3_sigs && !old_style)
if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991)
duration=ask_expire_interval(1);
rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG);
if (rc)
goto leave;
if( !old_style && !duration )
old_style = only_old_style( sk_list );
/* prepare iobufs */
inp = iobuf_open(fname);
@ -1067,8 +1059,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
/*(current filters: zip - encrypt - armor)*/
rc = write_signature_packets (sk_list, out, mfx.md,
opt.textmode? 0x01 : 0x00,
timestamp, duration,
old_style, 'S');
timestamp, duration, 'S');
if( rc )
goto leave;