diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 8 | ||||
| -rw-r--r-- | g10/armor.c | 4 | ||||
| -rw-r--r-- | g10/cipher.c | 2 | ||||
| -rw-r--r-- | g10/encode.c | 30 | ||||
| -rw-r--r-- | g10/g10.c | 50 | ||||
| -rw-r--r-- | g10/getkey.c | 2 | ||||
| -rw-r--r-- | g10/keyedit.c | 8 | ||||
| -rw-r--r-- | g10/options.h | 18 | ||||
| -rw-r--r-- | g10/pkclist.c | 14 | ||||
| -rw-r--r-- | g10/revoke.c | 2 | ||||
| -rw-r--r-- | g10/sign.c | 30 |
11 files changed, 90 insertions, 78 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 9e478d047..7619aeb62 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,11 @@ +2003-05-02 David Shaw <[email protected]> + + * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, + sign.c, encode.c, getkey.c, revoke.c: The current flags for + different levels of PGP-ness are massively complex. This is step + one in simplifying them. No functional change yet, just use a + macro to check for compliance level. + 2003-05-01 David Shaw <[email protected]> * packet.h, build-packet.c (build_sig_subpkt), export.c diff --git a/g10/armor.c b/g10/armor.c index 18f0fb967..8c7454461 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -298,7 +298,7 @@ is_armor_header( byte *line, unsigned len ) /* Some mail programs on Windows seem to add spaces to the end of the line. This becomes strict if --openpgp is set. */ - if(!opt.rfc2440) + if(!RFC2440) while(*p==' ') p++; @@ -1334,5 +1334,3 @@ unarmor_pump (UnarmorPump x, int c) return rval; } - - diff --git a/g10/cipher.c b/g10/cipher.c index cb9f14916..ab7c9b676 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -55,7 +55,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.extralen = blocksize+2; - ed.new_ctb = !ed.len && !opt.rfc1991; + ed.new_ctb = !ed.len && !RFC1991; if( cfx->dek->use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); diff --git a/g10/encode.c b/g10/encode.c index 6b2c4f0f8..14f3d0576 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -165,7 +165,7 @@ encode_simple( const char *filename, int mode, int compat ) compress_filter_context_t zfx; text_filter_context_t tfx; progress_filter_context_t pfx; - int do_compress = opt.compress && !opt.rfc1991; + int do_compress = opt.compress && !RFC1991; memset( &cfx, 0, sizeof cfx); memset( &afx, 0, sizeof afx); @@ -188,13 +188,13 @@ encode_simple( const char *filename, int mode, int compat ) /* Due the the fact that we use don't use an IV to encrypt the session key we can't use the new mode with RFC1991 because it has no S2K salt. RFC1991 always uses simple S2K. */ - if ( opt.rfc1991 && !compat ) + if ( RFC1991 && !compat ) compat = 1; cfx.dek = NULL; if( mode ) { s2k = m_alloc_clear( sizeof *s2k ); - s2k->mode = opt.rfc1991? 0:opt.s2k_mode; + s2k->mode = RFC1991? 0:opt.s2k_mode; s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo : opt.s2k_digest_algo; cfx.dek = passphrase_to_dek( NULL, 0, @@ -251,7 +251,7 @@ encode_simple( const char *filename, int mode, int compat ) write_comment( out, opt.comment_string ); } #endif - if( s2k && !opt.rfc1991 ) { + if( s2k && !RFC1991 ) { PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc + seskeylen + 1 ); enc->version = 4; enc->cipher_algo = cfx.dek->algo; @@ -315,7 +315,7 @@ encode_simple( const char *filename, int mode, int compat ) pt->timestamp = make_timestamp(); pt->mode = opt.textmode? 't' : 'b'; pt->len = filesize; - pt->new_ctb = !pt->len && !opt.rfc1991; + pt->new_ctb = !pt->len && !RFC1991; pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; @@ -396,7 +396,7 @@ encode_crypt( const char *filename, STRLIST remusr ) text_filter_context_t tfx; progress_filter_context_t pfx; PK_LIST pk_list,work_list; - int do_compress = opt.compress && !opt.rfc1991; + int do_compress = opt.compress && !RFC1991; memset( &cfx, 0, sizeof cfx); @@ -408,7 +408,7 @@ encode_crypt( const char *filename, STRLIST remusr ) if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) ) return rc; - if(opt.pgp2) { + if(PGP2) { for(work_list=pk_list; work_list; work_list=work_list->next) if(!(is_RSA(work_list->pk->pubkey_algo) && nbits_from_pk(work_list->pk)<=2048)) @@ -416,7 +416,7 @@ encode_crypt( const char *filename, STRLIST remusr ) log_info(_("you can only encrypt to RSA keys of 2048 bits or " "less in --pgp2 mode\n")); log_info(_("this message may not be usable by %s\n"),"PGP 2.x"); - opt.pgp2=0; + opt.xpgp2=0; break; } } @@ -464,11 +464,11 @@ encode_crypt( const char *filename, STRLIST remusr ) if( cfx.dek->algo == -1 ) { cfx.dek->algo = CIPHER_ALGO_3DES; - if( opt.pgp2 ) { + if( PGP2 ) { log_info(_("unable to use the IDEA cipher for all of the keys " "you are encrypting to.\n")); log_info(_("this message may not be usable by %s\n"),"PGP 2.x"); - opt.pgp2=0; + opt.xpgp2=0; } } } @@ -548,7 +548,7 @@ encode_crypt( const char *filename, STRLIST remusr ) pt->timestamp = make_timestamp(); pt->mode = opt.textmode ? 't' : 'b'; pt->len = filesize; - pt->new_ctb = !pt->len && !opt.rfc1991; + pt->new_ctb = !pt->len && !RFC1991; pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; @@ -716,16 +716,16 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) keyid_from_pk( pk, enc->keyid ); enc->throw_keyid = opt.throw_keyid; - if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8)) + if(opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8)) { log_info(_("you may not use %s while in %s mode\n"), "--throw-keyid", - opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8"); + PGP2?"--pgp2":PGP6?"--pgp6":PGP7?"--pgp7":"--pgp8"); log_info(_("this message may not be usable by %s\n"), - opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x"); + PGP2?"PGP 2.x":PGP6?"PGP 6.x":PGP7?"PGP 7.x":"PGP 8.x"); - opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0; + opt.xpgp2=opt.xpgp6=opt.xpgp7=opt.xpgp8=0; } /* Okay, what's going on: We have the session key somewhere in @@ -1437,8 +1437,8 @@ main( int argc, char **argv ) #endif /* __riscos__ */ break; case oRFC1991: - opt.rfc1991 = 1; - opt.rfc2440 = 0; + opt.xrfc1991 = 1; + opt.xrfc2440 = 0; opt.force_v4_certs = 0; opt.disable_mdc = 1; opt.escape_from = 1; @@ -1446,8 +1446,8 @@ main( int argc, char **argv ) case oOpenPGP: /* TODO: When 2440bis becomes a RFC, these may need changing. */ - opt.rfc1991 = 0; - opt.rfc2440 = 1; + opt.xrfc1991 = 0; + opt.xrfc2440 = 1; opt.disable_mdc = 1; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; @@ -1464,19 +1464,19 @@ main( int argc, char **argv ) opt.s2k_mode = 3; /* iterated+salted */ opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; - opt.pgp2 = 0; - opt.pgp6 = 0; - opt.pgp7 = 0; - opt.pgp8 = 0; + opt.xpgp2 = 0; + opt.xpgp6 = 0; + opt.xpgp7 = 0; + opt.xpgp8 = 0; break; - case oPGP2: opt.pgp2 = 1; break; - case oNoPGP2: opt.pgp2 = 0; break; - case oPGP6: opt.pgp6 = 1; break; - case oNoPGP6: opt.pgp6 = 0; break; - case oPGP7: opt.pgp7 = 1; break; - case oNoPGP7: opt.pgp7 = 0; break; - case oPGP8: opt.pgp8 = 1; break; - case oNoPGP8: opt.pgp8 = 0; break; + case oPGP2: opt.xpgp2 = 1; break; + case oNoPGP2: opt.xpgp2 = 0; break; + case oPGP6: opt.xpgp6 = 1; break; + case oNoPGP6: opt.xpgp6 = 0; break; + case oPGP7: opt.xpgp7 = 1; break; + case oNoPGP7: opt.xpgp7 = 0; break; + case oPGP8: opt.xpgp8 = 1; break; + case oNoPGP8: opt.xpgp8 = 0; break; case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break; case oCompressSigs: opt.compress_sigs = 1; break; case oRunAsShmCP: @@ -1770,12 +1770,12 @@ main( int argc, char **argv ) set_debug(); /* Do these after the switch(), so they can override settings. */ - if(opt.pgp2 && (opt.pgp6 || opt.pgp7 || opt.pgp8)) + if(PGP2 && (PGP6 || PGP7 || PGP8)) log_error(_("%s not allowed with %s!\n"), - "--pgp2",opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8"); + "--pgp2",PGP6?"--pgp6":PGP7?"--pgp7":"--pgp8"); else { - if(opt.pgp2) + if(PGP2) { int unusable=0; @@ -1833,12 +1833,12 @@ main( int argc, char **argv ) { log_info(_("this message may not be usable by %s\n"), "PGP 2.x"); - opt.pgp2=0; + opt.xpgp2=0; } else { - opt.rfc1991 = 1; - opt.rfc2440 = 0; + opt.xrfc1991 = 1; + opt.xrfc2440 = 0; opt.force_mdc = 0; opt.disable_mdc = 1; opt.force_v4_certs = 0; @@ -1853,7 +1853,7 @@ main( int argc, char **argv ) opt.def_compress_algo = 1; } } - else if(opt.pgp6) + else if(PGP6) { opt.sk_comments=0; opt.escape_from=1; @@ -1863,7 +1863,7 @@ main( int argc, char **argv ) opt.force_mdc=0; opt.disable_mdc=1; } - else if(opt.pgp7) + else if(PGP7) { opt.sk_comments=0; opt.escape_from=1; @@ -1871,7 +1871,7 @@ main( int argc, char **argv ) opt.ask_sig_expire=0; opt.def_compress_algo=1; } - else if(opt.pgp8) + else if(PGP8) { opt.escape_from=1; opt.def_compress_algo=1; diff --git a/g10/getkey.c b/g10/getkey.c index c5ed4868b..ff26d05d9 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2078,7 +2078,7 @@ finish_lookup (GETKEY_CTX ctx) do not understand signatures made by a signing subkey. PGP 8 does. */ int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) || - ((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG)); + ((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG)); u32 latest_date; KBNODE latest_key; u32 curtime = make_timestamp (); diff --git a/g10/keyedit.c b/g10/keyedit.c index be726cfd9..b06506496 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -284,7 +284,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int all_v3=1; /* Are there any non-v3 sigs on this key already? */ - if(opt.pgp2) + if(PGP2) for(node=keyblock;node;node=node->next) if(node->pkt->pkttype==PKT_SIGNATURE && node->pkt->pkt.signature->version>3) @@ -569,7 +569,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, /* Is --pgp2 on, it's a v3 key, all the sigs on the key are currently v3 and we're about to sign it with a v4 sig? If so, danger! */ - if(opt.pgp2 && all_v3 && + if(PGP2 && all_v3 && (sk->version>3 || force_v4) && primary_pk->version<=3) { tty_printf(_("You may not make an OpenPGP signature on a " @@ -1215,11 +1215,11 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, break; case cmdADDPHOTO: - if (opt.rfc2440 || opt.rfc1991 || opt.pgp2) + if (RFC2440 || RFC1991 || PGP2) { tty_printf( _("This command is not allowed while in %s mode.\n"), - opt.rfc2440?"OpenPGP":opt.pgp2?"PGP2":"RFC-1991"); + RFC2440?"OpenPGP":PGP2?"PGP2":"RFC-1991"); break; } photo=1; diff --git a/g10/options.h b/g10/options.h index 5e1cb2e32..e913a5edc 100644 --- a/g10/options.h +++ b/g10/options.h @@ -91,12 +91,12 @@ struct { int compress_sigs; int always_trust; /* TODO: change these to an emulate_pgp variable */ - int pgp2; - int pgp6; - int pgp7; - int pgp8; - int rfc1991; - int rfc2440; + int xpgp2; + int xpgp6; + int xpgp7; + int xpgp8; + int xrfc1991; + int xrfc2440; int pgp2_workarounds; unsigned int emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ int shm_coprocess; @@ -207,5 +207,11 @@ struct { #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) #define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE) +#define RFC1991 (opt.xrfc1991) +#define RFC2440 (opt.xrfc2440) +#define PGP2 (opt.xpgp2) +#define PGP6 (opt.xpgp6) +#define PGP7 (opt.xpgp7) +#define PGP8 (opt.xpgp8) #endif /*G10_OPTIONS_H*/ diff --git a/g10/pkclist.c b/g10/pkclist.c index 982b16774..07bf2be5b 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1092,10 +1092,10 @@ static int algo_available( int preftype, int algo, void *hint ) { if( preftype == PREFTYPE_SYM ) { - if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) ) + if( PGP6 && ( algo != 1 && algo != 2 && algo != 3) ) return 0; - if( (opt.pgp7 || opt.pgp8) + if( (PGP7 || PGP8) && (algo != 1 && algo != 2 && algo != 3 && algo != 7 && algo != 8 && algo != 9 && algo != 10) ) return 0; @@ -1111,16 +1111,16 @@ algo_available( int preftype, int algo, void *hint ) if(bits && (bits != md_digest_length(algo))) return 0; - if( (opt.pgp6 || opt.pgp7) && (algo != 1 && algo != 2 && algo != 3) ) + if( (PGP6 || PGP7) && (algo != 1 && algo != 2 && algo != 3) ) return 0; - if( opt.pgp8 && (algo != 1 && algo != 2 && algo != 3 && algo != 8)) + if( PGP8 && (algo != 1 && algo != 2 && algo != 3 && algo != 8)) return 0; return algo && !check_digest_algo( algo ); } else if( preftype == PREFTYPE_ZIP ) { - if ( ( opt.pgp6 || opt.pgp7 || opt.pgp8 ) + if ( ( PGP6 || PGP7 || PGP8 ) && ( algo !=0 && algo != 1) ) return 0; @@ -1154,7 +1154,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint) memset( mask, 0, 8 * sizeof *mask ); if( preftype == PREFTYPE_SYM ) { - if( opt.pgp2 && + if( PGP2 && pkr->pk->version < 4 && pkr->pk->selfsigversion < 4 ) mask[0] |= (1<<1); /* IDEA is implicitly there for v3 keys @@ -1172,7 +1172,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, int request, void *hint) wasn't locked at MD5, we don't support sign+encrypt in --pgp2 mode, and that's the only time PREFTYPE_HASH is used anyway. -dms */ - if( opt.pgp2 && + if( PGP2 && pkr->pk->version < 4 && pkr->pk->selfsigversion < 4 ) mask[0] |= (1<<1); /* MD5 is there for v3 keys with v3 diff --git a/g10/revoke.c b/g10/revoke.c index 4421bea62..3cce08740 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -549,7 +549,7 @@ gen_revoke( const char *uname ) goto leave; } - if(opt.pgp2 || opt.pgp6 || opt.pgp7 | opt.pgp8) + if(PGP2 || PGP6 || PGP7 || PGP8) { /* Use a minimal pk for PGPx mode, since PGP can't import bare revocation certificates. */ diff --git a/g10/sign.c b/g10/sign.c index 2760a8dbb..f6fb89dbe 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -487,7 +487,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode) pt->timestamp = make_timestamp (); pt->mode = ptmode; pt->len = filesize; - pt->new_ctb = !pt->len && !opt.rfc1991; + pt->new_ctb = !pt->len && !RFC1991; pt->buf = inp; init_packet(&pkt); pkt.pkttype = PKT_PLAINTEXT; @@ -538,7 +538,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, MD_HANDLE hash, /* build the signature packet */ sig = m_alloc_clear (sizeof *sig); - if(opt.force_v3_sigs || opt.rfc1991) + if(opt.force_v3_sigs || RFC1991) sig->version=3; else if(duration || opt.sig_policy_url || opt.sig_notation_data) sig->version=4; @@ -637,18 +637,18 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( fname && filenames->next && (!detached || encryptflag) ) log_bug("multiple files can only be detached signed"); - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991) + if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) duration=ask_expire_interval(1); if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; - if(opt.pgp2 && !only_old_style(sk_list)) + if(PGP2 && !only_old_style(sk_list)) { log_info(_("you can only detach-sign with PGP 2.x style keys " "while in --pgp2 mode\n")); log_info(_("this message may not be usable by %s\n"),"PGP 2.x"); - opt.pgp2=0; + opt.xpgp2=0; } if(encryptflag && (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC ))) @@ -734,7 +734,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( !multifile ) iobuf_push_filter( inp, md_filter, &mfx ); - if( detached && !encryptflag && !opt.rfc1991 ) + if( detached && !encryptflag && !RFC1991 ) afx.what = 2; if( opt.armor && !outfile ) @@ -780,7 +780,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, } /* Write the one-pass signature packets if needed */ - if (!detached && !opt.rfc1991) { + if (!detached && !RFC1991) { rc = write_onepass_sig_packets (sk_list, out, opt.textmode && !outfile ? 0x01:0x00); if (rc) @@ -874,14 +874,14 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) int rc = 0; SK_LIST sk_list = NULL; SK_LIST sk_rover = NULL; - int old_style = opt.rfc1991; + int old_style = RFC1991; int only_md5 = 0; u32 duration=0; memset( &afx, 0, sizeof afx); init_packet( &pkt ); - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991) + if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) duration=ask_expire_interval(1); if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) @@ -890,12 +890,12 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) if( !old_style && !duration ) old_style = only_old_style( sk_list ); - if(!old_style && opt.pgp2) + if(!old_style && PGP2) { log_info(_("you can only clearsign with PGP 2.x style keys " "while in --pgp2 mode\n")); log_info(_("this message may not be usable by %s\n"),"PGP 2.x"); - opt.pgp2=0; + opt.xpgp2=0; } /* prepare iobufs */ @@ -1022,7 +1022,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr) memset( &cfx, 0, sizeof cfx); init_packet( &pkt ); - if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !opt.rfc1991) + if(opt.ask_sig_expire && !opt.force_v3_sigs && !opt.batch && !RFC1991) duration=ask_expire_interval(1); rc = build_sk_list (locusr, &sk_list, 1, PUBKEY_USAGE_SIG); @@ -1041,7 +1041,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr) /* prepare key */ s2k = m_alloc_clear( sizeof *s2k ); - s2k->mode = opt.rfc1991? 0:opt.s2k_mode; + s2k->mode = RFC1991? 0:opt.s2k_mode; s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo : opt.s2k_digest_algo; @@ -1080,7 +1080,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr) /* Write the symmetric key packet */ /*(current filters: armor)*/ - if (!opt.rfc1991) { + if (!RFC1991) { PKT_symkey_enc *enc = m_alloc_clear( sizeof *enc ); enc->version = 4; enc->cipher_algo = cfx.dek->algo; @@ -1113,7 +1113,7 @@ sign_symencrypt_file (const char *fname, STRLIST locusr) /* Write the one-pass signature packets */ /*(current filters: zip - encrypt - armor)*/ - if (!opt.rfc1991) { + if (!RFC1991) { rc = write_onepass_sig_packets (sk_list, out, opt.textmode? 0x01:0x00); if (rc) |