mirror of
git://git.gnupg.org/gnupg.git
synced 2024-11-01 20:18:44 +01:00
91015d021b
* g10/main.h: Add rejection_shown flag to each weakhash struct * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not treat MD5 separately; (print_digest_rejected_note): Use weakhash.rejection_shown instead of static shown. * g10/options.h (opt): Change from additional_weak_digests to weak_digests. * g10/sig-check.c: Do not treat MD5 separately. * g10/gpg.c (main): Explicitly set MD5 as weak. * g10/gpgv.c (main): Explicitly set MD5 as weak. -- Previously, only one weak digest rejection message was shown, of whichever was the first type encountered. This meant that if "gpg --weak-digest SHA224" encountered both an MD5 digest and a SHA224 digest, it would only show the user that the MD5 digest was rejected. In order to let the user know which algorithms were rejected, we needed to move the "shown" flag into a per-weak-algorithm location. Given this additional complication, it made no sense to continue to treat MD5 specially, so it is added as a default weak algorithm in the same opt.weak_digests data structure as any other. Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
383 lines
12 KiB
C
383 lines
12 KiB
C
/* options.h
|
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
|
|
* 2007, 2010, 2011 Free Software Foundation, Inc.
|
|
*
|
|
* This file is part of GnuPG.
|
|
*
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
#ifndef G10_OPTIONS_H
|
|
#define G10_OPTIONS_H
|
|
|
|
#include <sys/types.h>
|
|
#include <types.h>
|
|
#include "main.h"
|
|
#include "packet.h"
|
|
#include "tofu.h"
|
|
#include "../common/session-env.h"
|
|
|
|
#ifndef EXTERN_UNLESS_MAIN_MODULE
|
|
/* Norcraft can't cope with common symbols */
|
|
#if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE)
|
|
#define EXTERN_UNLESS_MAIN_MODULE extern
|
|
#else
|
|
#define EXTERN_UNLESS_MAIN_MODULE
|
|
#endif
|
|
#endif
|
|
|
|
/* Declaration of a keyserver spec type. The definition is found in
|
|
../common/keyserver.h. */
|
|
struct keyserver_spec;
|
|
typedef struct keyserver_spec *keyserver_spec_t;
|
|
|
|
|
|
/* Global options for GPG. */
|
|
EXTERN_UNLESS_MAIN_MODULE
|
|
struct
|
|
{
|
|
int verbose;
|
|
int quiet;
|
|
unsigned debug;
|
|
int armor;
|
|
char *outfile;
|
|
estream_t outfp; /* Hack, sometimes used in place of outfile. */
|
|
off_t max_output;
|
|
int dry_run;
|
|
int autostart;
|
|
int list_only;
|
|
int textmode;
|
|
int expert;
|
|
const char *def_sig_expire;
|
|
int ask_sig_expire;
|
|
const char *def_cert_expire;
|
|
int ask_cert_expire;
|
|
int batch; /* run in batch mode */
|
|
int answer_yes; /* answer yes on most questions */
|
|
int answer_no; /* answer no on most questions */
|
|
int check_sigs; /* check key signatures */
|
|
int with_colons;
|
|
int with_key_data;
|
|
int with_icao_spelling; /* Print ICAO spelling with fingerprints. */
|
|
int with_fingerprint; /* Option --with-fingerprint active. */
|
|
int with_keygrip; /* Option --with-keygrip active. */
|
|
int with_secret; /* Option --with-secret active. */
|
|
int fingerprint; /* list fingerprints */
|
|
int list_sigs; /* list signatures */
|
|
int print_pka_records;
|
|
int print_dane_records;
|
|
int no_armor;
|
|
int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
|
|
int def_cipher_algo;
|
|
int force_mdc;
|
|
int disable_mdc;
|
|
int def_digest_algo;
|
|
int cert_digest_algo;
|
|
int compress_algo;
|
|
int compress_level;
|
|
int bz2_compress_level;
|
|
int bz2_decompress_lowmem;
|
|
const char *def_secret_key;
|
|
char *def_recipient;
|
|
int def_recipient_self;
|
|
strlist_t secret_keys_to_try;
|
|
|
|
int def_cert_level;
|
|
int min_cert_level;
|
|
int ask_cert_level;
|
|
int emit_version; /* 0 = none,
|
|
1 = major only,
|
|
2 = major and minor,
|
|
3 = full version,
|
|
4 = full version plus OS string. */
|
|
int marginals_needed;
|
|
int completes_needed;
|
|
int max_cert_depth;
|
|
const char *homedir;
|
|
const char *agent_program;
|
|
const char *dirmngr_program;
|
|
|
|
/* Options to be passed to the gpg-agent */
|
|
session_env_t session_env;
|
|
char *lc_ctype;
|
|
char *lc_messages;
|
|
|
|
int skip_verify;
|
|
int skip_hidden_recipients;
|
|
|
|
/* TM_CLASSIC must be zero to accomodate trustdbs generated before
|
|
we started storing the trust model inside the trustdb. */
|
|
enum
|
|
{
|
|
TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2,
|
|
TM_ALWAYS, TM_DIRECT, TM_AUTO, TM_TOFU, TM_TOFU_PGP
|
|
} trust_model;
|
|
enum
|
|
{
|
|
TOFU_DB_AUTO=0, TOFU_DB_SPLIT, TOFU_DB_FLAT
|
|
} tofu_db_format;
|
|
enum tofu_policy tofu_default_policy;
|
|
int force_ownertrust;
|
|
enum
|
|
{
|
|
CO_GNUPG, CO_RFC4880, CO_RFC2440,
|
|
CO_PGP6, CO_PGP7, CO_PGP8
|
|
} compliance;
|
|
enum
|
|
{
|
|
KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
|
|
} keyid_format;
|
|
int shm_coprocess;
|
|
const char *set_filename;
|
|
strlist_t comments;
|
|
int throw_keyids;
|
|
const char *photo_viewer;
|
|
int s2k_mode;
|
|
int s2k_digest_algo;
|
|
int s2k_cipher_algo;
|
|
unsigned char s2k_count; /* This is the encoded form, not the raw
|
|
count */
|
|
int not_dash_escaped;
|
|
int escape_from;
|
|
int lock_once;
|
|
keyserver_spec_t keyserver; /* The list of configured keyservers. */
|
|
struct
|
|
{
|
|
unsigned int options;
|
|
unsigned int import_options;
|
|
unsigned int export_options;
|
|
char *http_proxy;
|
|
} keyserver_options;
|
|
int exec_disable;
|
|
int exec_path_set;
|
|
unsigned int import_options;
|
|
unsigned int export_options;
|
|
unsigned int list_options;
|
|
unsigned int verify_options;
|
|
const char *def_preference_list;
|
|
const char *def_keyserver_url;
|
|
prefitem_t *personal_cipher_prefs;
|
|
prefitem_t *personal_digest_prefs;
|
|
prefitem_t *personal_compress_prefs;
|
|
struct weakhash *weak_digests;
|
|
int no_perm_warn;
|
|
int no_mdc_warn;
|
|
char *temp_dir;
|
|
int no_encrypt_to;
|
|
int interactive;
|
|
struct notation *sig_notations;
|
|
struct notation *cert_notations;
|
|
strlist_t sig_policy_url;
|
|
strlist_t cert_policy_url;
|
|
strlist_t sig_keyserver_url;
|
|
strlist_t cert_subpackets;
|
|
strlist_t sig_subpackets;
|
|
int allow_non_selfsigned_uid;
|
|
int allow_freeform_uid;
|
|
int no_literal;
|
|
ulong set_filesize;
|
|
int fast_list_mode;
|
|
int legacy_list_mode;
|
|
int ignore_time_conflict;
|
|
int ignore_valid_from;
|
|
int ignore_crc_error;
|
|
int ignore_mdc_error;
|
|
int command_fd;
|
|
const char *override_session_key;
|
|
int show_session_key;
|
|
|
|
const char *gpg_agent_info;
|
|
int try_all_secrets;
|
|
int no_expensive_trust_checks;
|
|
int no_sig_cache;
|
|
int no_auto_check_trustdb;
|
|
int preserve_permissions;
|
|
int no_homedir_creation;
|
|
struct groupitem *grouplist;
|
|
int mangle_dos_filenames;
|
|
int enable_progress_filter;
|
|
unsigned int screen_columns;
|
|
unsigned int screen_lines;
|
|
byte *show_subpackets;
|
|
int rfc2440_text;
|
|
|
|
/* If true, let write failures on the status-fd exit the process. */
|
|
int exit_on_status_write_error;
|
|
|
|
/* If > 0, limit the number of card insertion prompts to this
|
|
value. */
|
|
int limit_card_insert_tries;
|
|
|
|
#ifdef ENABLE_CARD_SUPPORT
|
|
/* FIXME: We don't needs this here as it is done in scdaemon. */
|
|
const char *ctapi_driver; /* Library to access the ctAPI. */
|
|
const char *pcsc_driver; /* Library to access the PC/SC system. */
|
|
int disable_ccid; /* Disable the use of the internal CCID driver. */
|
|
#endif /*ENABLE_CARD_SUPPORT*/
|
|
|
|
struct
|
|
{
|
|
/* If set, require an 0x19 backsig to be present on signatures
|
|
made by signing subkeys. If not set, a missing backsig is not
|
|
an error (but an invalid backsig still is). */
|
|
unsigned int require_cross_cert:1;
|
|
|
|
unsigned int use_embedded_filename:1;
|
|
unsigned int utf8_filename:1;
|
|
unsigned int dsa2:1;
|
|
unsigned int allow_multiple_messages:1;
|
|
unsigned int allow_weak_digest_algos:1;
|
|
unsigned int large_rsa:1;
|
|
} flags;
|
|
|
|
/* Linked list of ways to find a key if the key isn't on the local
|
|
keyring. */
|
|
struct akl
|
|
{
|
|
enum {
|
|
AKL_NODEFAULT,
|
|
AKL_LOCAL,
|
|
AKL_CERT,
|
|
AKL_PKA,
|
|
AKL_DANE,
|
|
AKL_LDAP,
|
|
AKL_KEYSERVER,
|
|
AKL_SPEC
|
|
} type;
|
|
keyserver_spec_t spec;
|
|
struct akl *next;
|
|
} *auto_key_locate;
|
|
|
|
int passphrase_repeat;
|
|
int pinentry_mode;
|
|
} opt;
|
|
|
|
/* CTRL is used to keep some global variables we currently can't
|
|
avoid. Future concurrent versions of gpg will put it into a per
|
|
request structure CTRL. */
|
|
EXTERN_UNLESS_MAIN_MODULE
|
|
struct {
|
|
int in_auto_key_retrieve; /* True if we are doing an
|
|
auto_key_retrieve. */
|
|
/* Hack to store the last error. We currently need it because the
|
|
proc_packet machinery is not able to reliabale return error
|
|
codes. Thus for the --server purposes we store some of the error
|
|
codes here. FIXME! */
|
|
gpg_error_t lasterr;
|
|
} glo_ctrl;
|
|
|
|
#define DBG_PACKET_VALUE 1 /* debug packet reading/writing */
|
|
#define DBG_MPI_VALUE 2 /* debug mpi details */
|
|
#define DBG_CRYPTO_VALUE 4 /* debug crypto handling */
|
|
/* (may reveal sensitive data) */
|
|
#define DBG_FILTER_VALUE 8 /* debug internal filter handling */
|
|
#define DBG_IOBUF_VALUE 16 /* debug iobuf stuff */
|
|
#define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */
|
|
#define DBG_CACHE_VALUE 64 /* debug the caching */
|
|
#define DBG_MEMSTAT_VALUE 128 /* show memory statistics */
|
|
#define DBG_TRUST_VALUE 256 /* debug the trustdb */
|
|
#define DBG_HASHING_VALUE 512 /* debug hashing operations */
|
|
#define DBG_IPC_VALUE 1024 /* debug assuan communication */
|
|
#define DBG_CARD_IO_VALUE 2048 /* debug smart card I/O. */
|
|
#define DBG_CLOCK_VALUE 4096
|
|
#define DBG_LOOKUP_VALUE 8192 /* debug the kety lookup */
|
|
#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */
|
|
|
|
/* Tests for the debugging flags. */
|
|
#define DBG_PACKET (opt.debug & DBG_PACKET_VALUE)
|
|
#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE)
|
|
#define DBG_FILTER (opt.debug & DBG_FILTER_VALUE)
|
|
#define DBG_CACHE (opt.debug & DBG_CACHE_VALUE)
|
|
#define DBG_TRUST (opt.debug & DBG_TRUST_VALUE)
|
|
#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
|
|
#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
|
|
#define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE)
|
|
#define DBG_IPC (opt.debug & DBG_IPC_VALUE)
|
|
#define DBG_CLOCK (opt.debug & DBG_CLOCK_VALUE)
|
|
#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE)
|
|
#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE)
|
|
|
|
/* FIXME: We need to check whey we did not put this into opt. */
|
|
#define DBG_MEMORY memory_debug_mode
|
|
#define DBG_MEMSTAT memory_stat_debug_mode
|
|
|
|
EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode;
|
|
EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
|
|
|
|
|
|
/* Compatibility flags. */
|
|
#define GNUPG (opt.compliance==CO_GNUPG)
|
|
#define RFC2440 (opt.compliance==CO_RFC2440)
|
|
#define RFC4880 (opt.compliance==CO_RFC4880)
|
|
#define PGP6 (opt.compliance==CO_PGP6)
|
|
#define PGP7 (opt.compliance==CO_PGP7)
|
|
#define PGP8 (opt.compliance==CO_PGP8)
|
|
#define PGPX (PGP6 || PGP7 || PGP8)
|
|
|
|
/* Various option flags. Note that there should be no common string
|
|
names between the IMPORT_ and EXPORT_ flags as they can be mixed in
|
|
the keyserver-options option. */
|
|
|
|
#define IMPORT_LOCAL_SIGS (1<<0)
|
|
#define IMPORT_REPAIR_PKS_SUBKEY_BUG (1<<1)
|
|
#define IMPORT_FAST (1<<2)
|
|
#define IMPORT_MERGE_ONLY (1<<4)
|
|
#define IMPORT_MINIMAL (1<<5)
|
|
#define IMPORT_CLEAN (1<<6)
|
|
#define IMPORT_NO_SECKEY (1<<7)
|
|
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
|
|
|
|
#define EXPORT_LOCAL_SIGS (1<<0)
|
|
#define EXPORT_ATTRIBUTES (1<<1)
|
|
#define EXPORT_SENSITIVE_REVKEYS (1<<2)
|
|
#define EXPORT_RESET_SUBKEY_PASSWD (1<<3)
|
|
#define EXPORT_MINIMAL (1<<4)
|
|
#define EXPORT_CLEAN (1<<5)
|
|
#define EXPORT_DANE_FORMAT (1<<6)
|
|
|
|
#define LIST_SHOW_PHOTOS (1<<0)
|
|
#define LIST_SHOW_POLICY_URLS (1<<1)
|
|
#define LIST_SHOW_STD_NOTATIONS (1<<2)
|
|
#define LIST_SHOW_USER_NOTATIONS (1<<3)
|
|
#define LIST_SHOW_NOTATIONS (LIST_SHOW_STD_NOTATIONS|LIST_SHOW_USER_NOTATIONS)
|
|
#define LIST_SHOW_KEYSERVER_URLS (1<<4)
|
|
#define LIST_SHOW_UID_VALIDITY (1<<5)
|
|
#define LIST_SHOW_UNUSABLE_UIDS (1<<6)
|
|
#define LIST_SHOW_UNUSABLE_SUBKEYS (1<<7)
|
|
#define LIST_SHOW_KEYRING (1<<8)
|
|
#define LIST_SHOW_SIG_EXPIRE (1<<9)
|
|
#define LIST_SHOW_SIG_SUBPACKETS (1<<10)
|
|
#define LIST_SHOW_USAGE (1<<11)
|
|
|
|
#define VERIFY_SHOW_PHOTOS (1<<0)
|
|
#define VERIFY_SHOW_POLICY_URLS (1<<1)
|
|
#define VERIFY_SHOW_STD_NOTATIONS (1<<2)
|
|
#define VERIFY_SHOW_USER_NOTATIONS (1<<3)
|
|
#define VERIFY_SHOW_NOTATIONS (VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_USER_NOTATIONS)
|
|
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
|
|
#define VERIFY_SHOW_UID_VALIDITY (1<<5)
|
|
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
|
|
#define VERIFY_PKA_LOOKUPS (1<<7)
|
|
#define VERIFY_PKA_TRUST_INCREASE (1<<8)
|
|
#define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9)
|
|
|
|
#define KEYSERVER_HTTP_PROXY (1<<0)
|
|
#define KEYSERVER_TIMEOUT (1<<1)
|
|
#define KEYSERVER_ADD_FAKE_V3 (1<<2)
|
|
#define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3)
|
|
#define KEYSERVER_HONOR_KEYSERVER_URL (1<<4)
|
|
#define KEYSERVER_HONOR_PKA_RECORD (1<<5)
|
|
|
|
|
|
#endif /*G10_OPTIONS_H*/
|