mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
Ported multiple-messages protection.
This commit is contained in:
Werner Koch
parent
f6243073a8
commit
9491ab44c5
11 changed files with 112 additions and 37 deletions
|
|
@ -1,3 +1,20 @@
|
|||
2007-03-05 Werner Koch <wk@g10code.com>
|
||||
|
||||
Converted this file to UTF-8.
|
||||
|
||||
Ported David and my multiple messages changes from 1.4.7.
|
||||
|
||||
* options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow
|
||||
multiple sig verification again as this is protected via the
|
||||
multiple-messages code. New option --allow-multiple-messages and
|
||||
--no variant.
|
||||
* status.h (STATUS_ERROR): New status code.
|
||||
* status.c (get_status_string): Ditto.
|
||||
* mainproc.c (proc_plaintext): Emit it if multiple messages are
|
||||
detected. Error out if more than one plaintext packet is
|
||||
encountered.
|
||||
* mainproc.c (literals_seen): New.
|
||||
|
||||
2007-02-26 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpg.c (main): Add verify option show-primary-uid-only.
|
||||
|
|
@ -1756,7 +1773,7 @@
|
|||
2003-04-10 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* passphrase.c (read_passphrase_from_fd): Do a dummy read if the
|
||||
agent is to be used. Noted by Ingo Klöcker.
|
||||
agent is to be used. Noted by Ingo Klöcker.
|
||||
(agent_get_passphrase): Inhibit caching when we have no
|
||||
fingerprint. This is required for key generation as well as for
|
||||
symmetric only encryption.
|
||||
|
|
@ -2699,7 +2716,7 @@
|
|||
warning.
|
||||
|
||||
* passphrase.c (agent_get_passphrase): Fixed signed/unsigned char
|
||||
problem in %-escaping. Noted by Ingo Klöcker.
|
||||
problem in %-escaping. Noted by Ingo Klöcker.
|
||||
|
||||
2002-10-03 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
|
|
@ -7027,12 +7044,12 @@ Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
|||
Thu Feb 10 17:39:44 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk.
|
||||
By Rémi.
|
||||
By Rémi.
|
||||
|
||||
Thu Feb 10 11:39:41 CET 2000 Werner Koch <wk@gnupg.de>
|
||||
|
||||
* keylist.c (list_keyblock): Don't print warnings in the middle of
|
||||
regulat output lines. By Rémi.
|
||||
regulat output lines. By Rémi.
|
||||
|
||||
* sig-check.c: Include options.h
|
||||
|
||||
|
|
@ -7622,7 +7639,7 @@ Mon May 31 19:41:10 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
|
|||
* g10.c (main): Fix for SHM init (Michael).
|
||||
|
||||
* compress.c, encr-data.c, mdfilter.c,
|
||||
plaintext.c, free-packet.c: Speed patches (Rémi).
|
||||
plaintext.c, free-packet.c: Speed patches (Rémi).
|
||||
|
||||
Thu May 27 09:40:55 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
|
|
@ -7647,7 +7664,7 @@ Wed May 26 14:36:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
|
|||
Tue May 25 19:50:32 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
|
||||
|
||||
* sign.c (sign_file): Always use compression algo 1 for signed
|
||||
onyl file becuase we can´ be sure the the verifier supports other
|
||||
onyl file becuase we can´ be sure the the verifier supports other
|
||||
algorithms.
|
||||
|
||||
* build-packet.c (build_sig_subpkt): Support for notation data.
|
||||
|
|
@ -7837,7 +7854,7 @@ Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
|
|||
(protect_secret_key). Ditto.
|
||||
* misc.c (print_cipher_algo_note): Twofish is now a standard algo.
|
||||
|
||||
* keygen.c (do_create): Fixed spelling (Gaël Quéri)
|
||||
* keygen.c (do_create): Fixed spelling (Gaël Quéri)
|
||||
(ask_keysize): Only allow keysizes up to 4096
|
||||
|
||||
* ringedit.c (add_keyblock_resource): chmod newly created secrings.
|
||||
|
|
@ -7880,7 +7897,7 @@ Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
|
|||
|
||||
* trustdb.c (insert_trust_record): Always use the primary key.
|
||||
|
||||
* encode.c (encode_simple): Added text_mode filter (Rémi Guyomarch)
|
||||
* encode.c (encode_simple): Added text_mode filter (Rémi Guyomarch)
|
||||
(encode_crypt): Ditto.
|
||||
|
||||
* mainproc.c (proc_pubkey_enc): Added status ENC_TO.
|
||||
|
|
@ -9261,7 +9278,7 @@ Wed Apr 8 13:40:33 1998 Werner Koch (wk@isil.d.shuttle.de)
|
|||
|
||||
Wed Apr 8 09:47:21 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
* sig-check.c (do_check): Applied small fix from Ulf Möller.
|
||||
* sig-check.c (do_check): Applied small fix from Ulf Möller.
|
||||
|
||||
Tue Apr 7 19:28:07 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
|
|
@ -9640,7 +9657,7 @@ Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo)
|
|||
|
||||
|
||||
Copyright 1998,1999,2000,2001,2002,2003,2004,2005,
|
||||
2006 Free Software Foundation, Inc.
|
||||
2006,2007 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
unlimited permission to copy and/or distribute it, with or without
|
||||
|
|
|
|||
17
g10/gpg.c
17
g10/gpg.c
|
|
@ -357,6 +357,8 @@ enum cmd_and_opt_values
|
|||
oAllowMultisigVerification,
|
||||
oEnableDSA2,
|
||||
oDisableDSA2,
|
||||
oAllowMultipleMessages,
|
||||
oNoAllowMultipleMessages,
|
||||
|
||||
oNoop
|
||||
};
|
||||
|
|
@ -692,6 +694,8 @@ static ARGPARSE_OPTS opts[] = {
|
|||
{ oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
|
||||
{ oEnableDSA2, "enable-dsa2", 0, "@"},
|
||||
{ oDisableDSA2, "disable-dsa2", 0, "@"},
|
||||
{ oAllowMultipleMessages, "allow-multiple-messages", 0, "@"},
|
||||
{ oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"},
|
||||
|
||||
/* These two are aliases to help users of the PGP command line
|
||||
product use gpg with minimal pain. Many commands are common
|
||||
|
|
@ -2807,13 +2811,18 @@ main (int argc, char **argv )
|
|||
release_akl();
|
||||
break;
|
||||
|
||||
case oAllowMultisigVerification:
|
||||
opt.allow_multisig_verification = 1;
|
||||
break;
|
||||
|
||||
case oEnableDSA2: opt.flags.dsa2=1; break;
|
||||
case oDisableDSA2: opt.flags.dsa2=0; break;
|
||||
|
||||
case oAllowMultisigVerification:
|
||||
case oAllowMultipleMessages:
|
||||
opt.flags.allow_multiple_messages=1;
|
||||
break;
|
||||
|
||||
case oNoAllowMultipleMessages:
|
||||
opt.flags.allow_multiple_messages=0;
|
||||
break;
|
||||
|
||||
case oNoop: break;
|
||||
|
||||
default : pargs.err = configfp? 1:2; break;
|
||||
|
|
|
|||
|
|
@ -98,10 +98,9 @@ struct mainproc_context
|
|||
|
||||
|
||||
static int do_proc_packets( CTX c, IOBUF a );
|
||||
|
||||
static void list_node( CTX c, KBNODE node );
|
||||
static void proc_tree( CTX c, KBNODE node );
|
||||
|
||||
static int literals_seen;
|
||||
|
||||
static void
|
||||
release_list( CTX c )
|
||||
|
|
@ -596,6 +595,8 @@ proc_plaintext( CTX c, PACKET *pkt )
|
|||
int any, clearsig, only_md5, rc;
|
||||
KBNODE n;
|
||||
|
||||
literals_seen++;
|
||||
|
||||
if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
|
||||
log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
|
||||
else if( opt.verbose )
|
||||
|
|
@ -683,12 +684,29 @@ proc_plaintext( CTX c, PACKET *pkt )
|
|||
gcry_md_start_debug ( c->mfx.md2, "verify2" );
|
||||
}
|
||||
|
||||
rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
|
||||
if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
|
||||
rc=0;
|
||||
|
||||
if (literals_seen>1)
|
||||
{
|
||||
/* Can't write output but we hash it anyway to check the
|
||||
signature. */
|
||||
rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
|
||||
log_info (_("WARNING: multiple plaintexts seen\n"));
|
||||
|
||||
if (!opt.flags.allow_multiple_messages)
|
||||
{
|
||||
write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
|
||||
log_inc_errorcount ();
|
||||
rc = gpg_error (GPG_ERR_UNEXPECTED);
|
||||
}
|
||||
}
|
||||
|
||||
if(!rc)
|
||||
{
|
||||
rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
|
||||
if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only )
|
||||
{
|
||||
/* Can't write output but we hash it anyway to check the
|
||||
signature. */
|
||||
rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
|
||||
}
|
||||
}
|
||||
|
||||
if( rc )
|
||||
|
|
@ -1512,8 +1530,17 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||
n_sig++;
|
||||
if (!n_sig)
|
||||
goto ambiguous;
|
||||
if (n && !opt.allow_multisig_verification)
|
||||
goto ambiguous;
|
||||
|
||||
/* If we wanted to disallow multiple sig verification, we'd do
|
||||
something like this:
|
||||
|
||||
if (n && !opt.allow_multisig_verification)
|
||||
goto ambiguous;
|
||||
|
||||
However, now that we have --allow-multiple-messages, this
|
||||
can stay allowable as we can't get here unless multiple
|
||||
messages (i.e. multiple literals) are allowed. */
|
||||
|
||||
if (n_onepass != n_sig)
|
||||
{
|
||||
log_info ("number of one-pass packets does not match "
|
||||
|
|
|
|||
|
|
@ -227,6 +227,7 @@ struct
|
|||
unsigned int use_embedded_filename:1;
|
||||
unsigned int utf8_filename:1;
|
||||
unsigned int dsa2:1;
|
||||
unsigned int allow_multiple_messages:1;
|
||||
} flags;
|
||||
|
||||
/* Linked list of ways to find a key if the key isn't on the local
|
||||
|
|
@ -238,8 +239,6 @@ struct
|
|||
struct akl *next;
|
||||
} *auto_key_locate;
|
||||
|
||||
/* True if multiple concatenated signatures may be verified. */
|
||||
int allow_multisig_verification;
|
||||
int passwd_repeat;
|
||||
} opt;
|
||||
|
||||
|
|
|
|||
|
|
@ -148,6 +148,7 @@ get_status_string ( int no )
|
|||
case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break;
|
||||
case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break;
|
||||
case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break;
|
||||
case STATUS_ERROR : s = "ERROR"; break;
|
||||
default: s = "?"; break;
|
||||
}
|
||||
return s;
|
||||
|
|
|
|||
|
|
@ -120,6 +120,8 @@
|
|||
|
||||
#define STATUS_BEGIN_SIGNING 84
|
||||
|
||||
#define STATUS_ERROR 85
|
||||
|
||||
|
||||
/*-- status.c --*/
|
||||
void set_status_fd ( int fd );
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue