mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
8fd150b05b
* g10/build-packet.c (do_key): Remove support for building v3 keys. * g10/parse-packet.c (read_protected_v3_mpi): Remove. (parse_key): Remove support for v3-keys. Add dedicated warnings for v3-key packets. * g10/keyid.c (hash_public_key): Remove v3-key support. (keyid_from_pk): Ditto. (fingerprint_from_pk): Ditto. * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs. * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs, oForceV4Certs, oNoForceV4Certs. (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs, --no-force-v4-certs int dummy options. (main): Remove setting of the force_v3_sigs force_v4_certs flags. * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs. * g10/sign.c (hash_uid): Remove support for v3-signatures (hash_sigversion_to_magic): Ditto. (only_old_style): Remove this v3-key function. (write_signature_packets): Remove support for creating v3-signatures. (sign_file): Ditto. (sign_symencrypt_file): Ditto. (clearsign_file): Ditto. Remove code to emit no Hash armor line if only v3-keys are used. (make_keysig_packet): Remove arg SIGVERSION and force using v4-signatures. Change all callers to not pass a value for this arg. Remove all v3-key related code. (update_keysig_packet): Remove v3-signature support. * g10/keyedit.c (sign_uids): Always create v4-signatures. * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and change caller. -- v3 keys are deprecated for about 15 years and due the severe weaknesses of MD5 it does not make any sense to keep code around to use these old and broken keys. Users who need to decrypt old messages should use gpg 1.4 and best re-encrypt them to modern standards. verification of old (i.e. PGP2) created signatures is thus also not anymore possible but such signatures have no values anyway - MD5 is just too broken. We have also kept support for v3 signatures until now. With the removal of support for v3 keys it is questionable whether it makes any sense to keep support for v3-signatures. What we do now is to keep support for verification of v3-signatures but we force the use of v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit obsolete because those PGP versions require v3-signatures for messages. These versions of PGP are also really old and not anymore maintained so they have not received any bug fixes and should not be used anyway. Signed-off-by: Werner Koch <wk@gnupg.org>
246 lines
6.6 KiB
C
246 lines
6.6 KiB
C
/* textfilter.c
|
|
* Copyright (C) 1998, 1999, 2000, 2001, 2004 Free Software Foundation, Inc.
|
|
*
|
|
* This file is part of GnuPG.
|
|
*
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <config.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#include <assert.h>
|
|
|
|
#include "gpg.h"
|
|
#include "status.h"
|
|
#include "iobuf.h"
|
|
#include "util.h"
|
|
#include "filter.h"
|
|
#include "i18n.h"
|
|
#include "options.h"
|
|
#include "status.h"
|
|
|
|
#ifdef HAVE_DOSISH_SYSTEM
|
|
#define LF "\r\n"
|
|
#else
|
|
#define LF "\n"
|
|
#endif
|
|
|
|
#define MAX_LINELEN 19995 /* a little bit smaller than in armor.c */
|
|
/* to make sure that a warning is displayed while */
|
|
/* creating a message */
|
|
|
|
static unsigned
|
|
len_without_trailing_chars( byte *line, unsigned len, const char *trimchars )
|
|
{
|
|
byte *p, *mark;
|
|
unsigned n;
|
|
|
|
for(mark=NULL, p=line, n=0; n < len; n++, p++ ) {
|
|
if( strchr( trimchars, *p ) ) {
|
|
if( !mark )
|
|
mark = p;
|
|
}
|
|
else
|
|
mark = NULL;
|
|
}
|
|
|
|
return mark? (mark - line) : len;
|
|
}
|
|
|
|
|
|
static int
|
|
standard( text_filter_context_t *tfx, IOBUF a,
|
|
byte *buf, size_t size, size_t *ret_len)
|
|
{
|
|
int rc=0;
|
|
size_t len = 0;
|
|
unsigned maxlen;
|
|
|
|
assert( size > 10 );
|
|
size -= 2; /* reserve 2 bytes to append CR,LF */
|
|
while( !rc && len < size ) {
|
|
int lf_seen;
|
|
|
|
while( len < size && tfx->buffer_pos < tfx->buffer_len )
|
|
buf[len++] = tfx->buffer[tfx->buffer_pos++];
|
|
if( len >= size )
|
|
continue;
|
|
|
|
/* read the next line */
|
|
maxlen = MAX_LINELEN;
|
|
tfx->buffer_pos = 0;
|
|
tfx->buffer_len = iobuf_read_line( a, &tfx->buffer,
|
|
&tfx->buffer_size, &maxlen );
|
|
if( !maxlen )
|
|
tfx->truncated++;
|
|
if( !tfx->buffer_len ) {
|
|
if( !len )
|
|
rc = -1; /* eof */
|
|
break;
|
|
}
|
|
lf_seen = tfx->buffer[tfx->buffer_len-1] == '\n';
|
|
|
|
/* The story behind this is that 2440 says that textmode
|
|
hashes should canonicalize line endings to CRLF and remove
|
|
spaces and tabs. 2440bis-12 says to just canonicalize to
|
|
CRLF. 1.4.0 was released using the bis-12 behavior, but it
|
|
was discovered that many mail clients do not canonicalize
|
|
PGP/MIME signature text appropriately (and were relying on
|
|
GnuPG to handle trailing spaces). So, we default to the
|
|
2440 behavior, but use the 2440bis-12 behavior if the user
|
|
specifies --no-rfc2440-text. The default will be changed
|
|
at some point in the future when the mail clients have been
|
|
upgraded. Aside from PGP/MIME and broken mail clients,
|
|
this makes no difference to any signatures in the real
|
|
world except for a textmode detached signature. PGP always
|
|
used the 2440bis-12 behavior (ignoring 2440 itself), so
|
|
this actually makes us compatible with PGP textmode
|
|
detached signatures for the first time. */
|
|
if(opt.rfc2440_text)
|
|
tfx->buffer_len=trim_trailing_chars(tfx->buffer,tfx->buffer_len,
|
|
" \t\r\n");
|
|
else
|
|
tfx->buffer_len=trim_trailing_chars(tfx->buffer,tfx->buffer_len,
|
|
"\r\n");
|
|
|
|
if( lf_seen ) {
|
|
tfx->buffer[tfx->buffer_len++] = '\r';
|
|
tfx->buffer[tfx->buffer_len++] = '\n';
|
|
}
|
|
}
|
|
*ret_len = len;
|
|
return rc;
|
|
}
|
|
|
|
|
|
/****************
|
|
* The filter is used to make canonical text: Lines are terminated by
|
|
* CR, LF, trailing white spaces are removed.
|
|
*/
|
|
int
|
|
text_filter( void *opaque, int control,
|
|
IOBUF a, byte *buf, size_t *ret_len)
|
|
{
|
|
size_t size = *ret_len;
|
|
text_filter_context_t *tfx = opaque;
|
|
int rc=0;
|
|
|
|
if( control == IOBUFCTRL_UNDERFLOW ) {
|
|
rc = standard( tfx, a, buf, size, ret_len );
|
|
}
|
|
else if( control == IOBUFCTRL_FREE ) {
|
|
if( tfx->truncated )
|
|
log_error(_("can't handle text lines longer than %d characters\n"),
|
|
MAX_LINELEN );
|
|
xfree( tfx->buffer );
|
|
tfx->buffer = NULL;
|
|
}
|
|
else if( control == IOBUFCTRL_DESC )
|
|
*(char**)buf = "text_filter";
|
|
return rc;
|
|
}
|
|
|
|
|
|
/****************
|
|
* Copy data from INP to OUT and do some escaping if requested.
|
|
* md is updated as required by rfc2440
|
|
*/
|
|
int
|
|
copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
|
|
int escape_dash, int escape_from)
|
|
{
|
|
unsigned int maxlen;
|
|
byte *buffer = NULL; /* malloced buffer */
|
|
unsigned int bufsize; /* and size of this buffer */
|
|
unsigned int n;
|
|
int truncated = 0;
|
|
int pending_lf = 0;
|
|
|
|
if( !escape_dash )
|
|
escape_from = 0;
|
|
|
|
write_status_begin_signing (md);
|
|
|
|
for(;;) {
|
|
maxlen = MAX_LINELEN;
|
|
n = iobuf_read_line( inp, &buffer, &bufsize, &maxlen );
|
|
if( !maxlen )
|
|
truncated++;
|
|
|
|
if( !n )
|
|
break; /* read_line has returned eof */
|
|
|
|
/* update the message digest */
|
|
if( escape_dash ) {
|
|
if( pending_lf ) {
|
|
gcry_md_putc ( md, '\r' );
|
|
gcry_md_putc ( md, '\n' );
|
|
}
|
|
gcry_md_write ( md, buffer,
|
|
len_without_trailing_chars (buffer, n, " \t\r\n"));
|
|
}
|
|
else
|
|
gcry_md_write ( md, buffer, n );
|
|
pending_lf = buffer[n-1] == '\n';
|
|
|
|
/* write the output */
|
|
if( ( escape_dash && *buffer == '-')
|
|
|| ( escape_from && n > 4 && !memcmp(buffer, "From ", 5 ) ) ) {
|
|
iobuf_put( out, '-' );
|
|
iobuf_put( out, ' ' );
|
|
}
|
|
|
|
#if 0 /*defined(HAVE_DOSISH_SYSTEM)*/
|
|
/* We don't use this anymore because my interpretation of rfc2440 7.1
|
|
* is that there is no conversion needed. If one decides to
|
|
* clearsign a unix file on a DOS box he will get a mixed line endings.
|
|
* If at some point it turns out, that a conversion is a nice feature
|
|
* we can make an option out of it.
|
|
*/
|
|
/* make sure the lines do end in CR,LF */
|
|
if( n > 1 && ( (buffer[n-2] == '\r' && buffer[n-1] == '\n' )
|
|
|| (buffer[n-2] == '\n' && buffer[n-1] == '\r'))) {
|
|
iobuf_write( out, buffer, n-2 );
|
|
iobuf_put( out, '\r');
|
|
iobuf_put( out, '\n');
|
|
}
|
|
else if( n && buffer[n-1] == '\n' ) {
|
|
iobuf_write( out, buffer, n-1 );
|
|
iobuf_put( out, '\r');
|
|
iobuf_put( out, '\n');
|
|
}
|
|
else
|
|
iobuf_write( out, buffer, n );
|
|
|
|
#else
|
|
iobuf_write( out, buffer, n );
|
|
#endif
|
|
}
|
|
|
|
/* at eof */
|
|
if( !pending_lf ) { /* make sure that the file ends with a LF */
|
|
iobuf_writestr( out, LF );
|
|
if( !escape_dash )
|
|
gcry_md_putc( md, '\n' );
|
|
}
|
|
|
|
if( truncated )
|
|
log_info(_("input line longer than %d characters\n"), MAX_LINELEN );
|
|
|
|
return 0; /* okay */
|
|
}
|