security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-26 15:37:03 +01:00
Code Activity

* options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c

Browse Source 
(algo_available): --pgp7, identical to --pgp6 except that it permits a few
algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH.  Any
more of these --pgpX flags, and it'll be time to start looking at a
generic --emulate-pgp X option.
This commit is contained in:
David Shaw 2002-05-07 22:04:27 +00:00
parent d5d974536e
commit 7ee8e46500
5 changed files with 40 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
g10/ChangeLog
View File

@ -1,5 +1,11 @@
2002-05-07 David Shaw <dshaw@jabberwocky.com> 2002-05-07 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c
(algo_available): --pgp7, identical to --pgp6 except that it
permits a few algorithms that PGP 7 added: AES128, AES192, AES256,
and TWOFISH. Any more of these --pgpX flags, and it'll be time to
start looking at a generic --emulate-pgp X option.
* export.c (do_export_stream): Warn the user when exporting a * export.c (do_export_stream): Warn the user when exporting a
secret key if it or any of its secret subkeys are protected with secret key if it or any of its secret subkeys are protected with
SHA1 while simple_sk_checksum is set. SHA1 while simple_sk_checksum is set.

13
g10/g10.c
View File

@ -164,6 +164,8 @@ enum cmd_and_opt_values { aNull = 0,
oNoPGP2, oNoPGP2,
oPGP6, oPGP6,
oNoPGP6, oNoPGP6,
oPGP7,
oNoPGP7,
oCipherAlgo, oCipherAlgo,
oDigestAlgo, oDigestAlgo,
oCompressAlgo, oCompressAlgo,
@ -420,6 +422,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoPGP2, "no-pgp2", 0, "@"}, { oNoPGP2, "no-pgp2", 0, "@"},
{ oPGP6, "pgp6", 0, "@"}, { oPGP6, "pgp6", 0, "@"},
{ oNoPGP6, "no-pgp6", 0, "@"}, { oNoPGP6, "no-pgp6", 0, "@"},
{ oPGP7, "pgp7", 0, "@"},
{ oNoPGP7, "no-pgp7", 0, "@"},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")}, { oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2, { oS2KDigest, "s2k-digest-algo",2,
N_("|NAME|use message digest algorithm NAME for passphrases")}, N_("|NAME|use message digest algorithm NAME for passphrases")},
@ -1117,6 +1121,8 @@ main( int argc, char **argv )
case oNoPGP2: opt.pgp2 = 0; break; case oNoPGP2: opt.pgp2 = 0; break;
case oPGP6: opt.pgp6 = 1; break; case oPGP6: opt.pgp6 = 1; break;
case oNoPGP6: opt.pgp6 = 0; break; case oNoPGP6: opt.pgp6 = 0; break;
case oPGP7: opt.pgp7 = 1; break;
case oNoPGP7: opt.pgp7 = 0; break;
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break; case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@ -1392,8 +1398,9 @@ main( int argc, char **argv )
g10_opt_homedir = opt.homedir; g10_opt_homedir = opt.homedir;
/* Do these after the switch(), so they can override settings. */ /* Do these after the switch(), so they can override settings. */
if(opt.pgp2 && opt.pgp6) if(opt.pgp2 && (opt.pgp6 || opt.pgp7))
log_error(_("%s not allowed with %s!\n"),"--pgp2","--pgp6"); log_error(_("%s not allowed with %s!\n"),
"--pgp2",opt.pgp6?"--pgp6":"--pgp7");
else else
{ {
if(opt.pgp2) if(opt.pgp2)
@ -1463,7 +1470,7 @@ main( int argc, char **argv )
} }
} }
if(opt.pgp6) if(opt.pgp6 || opt.pgp7)
{ {
opt.force_mdc=0; opt.force_mdc=0;
opt.disable_mdc=1; opt.disable_mdc=1;

6
g10/getkey.c
View File

@ -1834,10 +1834,10 @@ finish_lookup (GETKEY_CTX ctx)
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC) #define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK ); unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
/* Request the primary if we're certifying another key, and also /* Request the primary if we're certifying another key, and also
if signing data while --pgp6 is on (since pgp 6 (and 7) do not if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
understand signatures made by a signing subkey. */ do not understand signatures made by a signing subkey. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) || int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
(opt.pgp6 && (ctx->req_usage & PUBKEY_USAGE_SIG)); ((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
u32 latest_date; u32 latest_date;
KBNODE latest_key; KBNODE latest_key;
u32 curtime = make_timestamp (); u32 curtime = make_timestamp ();

2
g10/options.h
View File

@ -88,6 +88,8 @@ struct {
int always_trust; int always_trust;
int pgp2; int pgp2;
int pgp6; int pgp6;
int pgp7; /* if we get any more of these, it's time to look at a
special emulate_pgp variable... */
int rfc1991; int rfc1991;
int rfc2440; int rfc2440;
int pgp2_workarounds; int pgp2_workarounds;

33
g10/pkclist.c
View File

@ -955,18 +955,19 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3), CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
and all compressions except none (0) and ZIP (1). For a true PGP6 and all compressions except none (0) and ZIP (1). pgp7 mode
key all of this is unneeded as they are the only items present in expands the cipher list to include AES128 (7), AES192 (8), AES256
the preferences subpacket, but checking here covers the weird case (9), and TWOFISH (10). For a true PGP key all of this is unneeded
of encrypting to a key that had preferences from a different as they are the only items present in the preferences subpacket,
implementation which was then used with PGP6. I am not completely but checking here covers the weird case of encrypting to a key that
comfortable with this as the right thing to do, as it slightly had preferences from a different implementation which was then used
alters the list of what the user is supposedly requesting. It is with PGP. I am not completely comfortable with this as the right
not against the RFC however, as the preference chosen will never be thing to do, as it slightly alters the list of what the user is
one that the user didn't specify somewhere ("The implementation may supposedly requesting. It is not against the RFC however, as the
use any mechanism to pick an algorithm in the intersection"), and preference chosen will never be one that the user didn't specify
PGP6 has no mechanism to fix such a broken preference list, so I'm somewhere ("The implementation may use any mechanism to pick an
including it. -dms */ algorithm in the intersection"), and PGP has no mechanism to fix
such a broken preference list, so I'm including it. -dms */
static int static int
algo_available( int preftype, int algo ) algo_available( int preftype, int algo )
@ -975,16 +976,20 @@ algo_available( int preftype, int algo )
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) ) if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
return 0; return 0;
if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 &&
algo != 7 && algo != 8 && algo != 9 && algo != 10) )
return 0;
return algo && !check_cipher_algo( algo ); return algo && !check_cipher_algo( algo );
} }
else if( preftype == PREFTYPE_HASH ) { else if( preftype == PREFTYPE_HASH ) {
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) ) if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) )
return 0; return 0;
return algo && !check_digest_algo( algo ); return algo && !check_digest_algo( algo );
} }
else if( preftype == PREFTYPE_ZIP ) { else if( preftype == PREFTYPE_ZIP ) {
if ( opt.pgp6 && ( algo !=0 && algo != 1) ) if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) )
return 0; return 0;
return !algo || algo == 1 || algo == 2; return !algo || algo == 1 || algo == 2;