mirror of git://git.gnupg.org/gnupg.git
* keyedit.c (sign_uids): Properly handle remaking a self-sig on revoked or
expired user IDs. Also, once we've established that a given uid cannot or will not be signed, don't continue to ask about each sig. * mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check the S2K hash algorithm before we try to generate a passphrase using it. This prevents hitting BUG() when generating a passphrase using a hash that we don't have. * sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign --symmetric messages.
This commit is contained in:
David Shaw
parent
2cba999f22
commit
673894ef48
|
|
@ -1,5 +1,18 @@
|
|||
2004-07-15 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyedit.c (sign_uids): Properly handle remaking a self-sig on
|
||||
revoked or expired user IDs. Also, once we've established that a
|
||||
given uid cannot or will not be signed, don't continue to ask
|
||||
about each sig.
|
||||
|
||||
* mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check
|
||||
the S2K hash algorithm before we try to generate a passphrase
|
||||
using it. This prevents hitting BUG() when generating a
|
||||
passphrase using a hash that we don't have.
|
||||
|
||||
* sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign
|
||||
--symmetric messages.
|
||||
|
||||
* g10.c (main): Alias --charset as --display-charset to help avoid
|
||||
the continuing confusion and make room for possible changes in
|
||||
devel.
|
||||
|
|
|
|||
|
|
@ -492,7 +492,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||
{
|
||||
tty_printf(_("User ID \"%s\" is revoked."),user);
|
||||
|
||||
if(opt.expert)
|
||||
if(selfsig)
|
||||
tty_printf("\n");
|
||||
else if(opt.expert)
|
||||
{
|
||||
tty_printf("\n");
|
||||
/* No, so remove the mark and continue */
|
||||
|
|
@ -500,11 +502,15 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||
_("Are you sure you "
|
||||
"still want to sign "
|
||||
"it? (y/N) ")))
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
uidnode=NULL;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
uidnode=NULL;
|
||||
tty_printf(_(" Unable to sign.\n"));
|
||||
}
|
||||
}
|
||||
|
|
@ -512,7 +518,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||
{
|
||||
tty_printf(_("User ID \"%s\" is expired."),user);
|
||||
|
||||
if(opt.expert)
|
||||
if(selfsig)
|
||||
tty_printf("\n");
|
||||
else if(opt.expert)
|
||||
{
|
||||
tty_printf("\n");
|
||||
/* No, so remove the mark and continue */
|
||||
|
|
@ -520,11 +528,15 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||
_("Are you sure you "
|
||||
"still want to sign "
|
||||
"it? (y/N) ")))
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
uidnode=NULL;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
uidnode=NULL;
|
||||
tty_printf(_(" Unable to sign.\n"));
|
||||
}
|
||||
}
|
||||
|
|
@ -541,11 +553,15 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
|||
_("Are you sure you "
|
||||
"still want to sign "
|
||||
"it? (y/N) ")))
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
uidnode=NULL;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
uidnode=NULL;
|
||||
tty_printf(_(" Unable to sign.\n"));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -304,6 +304,13 @@ proc_symkey_enc( CTX c, PACKET *pkt )
|
|||
else
|
||||
log_error(_("encrypted with unknown algorithm %d\n"), algo );
|
||||
|
||||
if(check_digest_algo(enc->s2k.hash_algo))
|
||||
{
|
||||
log_error(_("passphrase generated with unknown digest"
|
||||
" algorithm %d\n"),enc->s2k.hash_algo);
|
||||
s=NULL;
|
||||
}
|
||||
|
||||
c->last_was_session_key = 2;
|
||||
if(!s || opt.list_only)
|
||||
goto leave;
|
||||
|
|
|
|||
|
|
@ -66,6 +66,12 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
|
|||
}
|
||||
return G10ERR_CIPHER_ALGO;
|
||||
}
|
||||
if(check_digest_algo(sk->protect.s2k.hash_algo))
|
||||
{
|
||||
log_info(_("protection digest %d is not supported\n"),
|
||||
sk->protect.s2k.hash_algo);
|
||||
return G10ERR_DIGEST_ALGO;
|
||||
}
|
||||
keyid_from_sk( sk, keyid );
|
||||
keyid[2] = keyid[3] = 0;
|
||||
if( !sk->is_primary ) {
|
||||
|
|
|
|||
|
|
@ -1145,6 +1145,13 @@ sign_symencrypt_file (const char *fname, STRLIST locusr)
|
|||
goto leave;
|
||||
}
|
||||
|
||||
/* We have no way to tell if the recipient can handle messages
|
||||
with an MDC, so this defaults to no. Perhaps in a few years,
|
||||
this can be defaulted to yes. Note that like regular
|
||||
encrypting, --force-mdc overrides --disable-mdc. */
|
||||
if(opt.force_mdc)
|
||||
cfx.dek->use_mdc=1;
|
||||
|
||||
/* now create the outfile */
|
||||
rc = open_outfile (fname, opt.armor? 1:0, &out);
|
||||
if (rc)
|
||||
|
|
|
|||
Loading…
Reference in New Issue