diff options
| author | Werner Koch <[email protected]> | 2014-11-13 11:01:42 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2014-11-13 11:01:42 +0000 |
| commit | e30cb8f61792e3808f7c8f343fc8545e6c81fe74 (patch) | |
| tree | 5d9b73db973dbb96556f11881646c3176b7cc6b1 | |
| parent | gpg: Improve perceived speed of secret key listings. (diff) | |
| download | gnupg-e30cb8f61792e3808f7c8f343fc8545e6c81fe74.tar.gz gnupg-e30cb8f61792e3808f7c8f343fc8545e6c81fe74.zip | |
gpg: Remove PGP-2 related cruft.
* g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
header.
(fake_packet): Remove pgp-2 workaround for white space stripping.
* g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
* g10/options.h (opt): Remove field pgp2_workarounds.
* g10/gpg.c (main): Do not set this field.
* g10/gpgv.c (main): Ditto.
* g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
algo. Using MD5 here is useless.
(proc_plaintext): Remove PGP-2 related woraround
(proc_tree): Remove another workaround but keep the one for PGP-5.
--
The removed code was either not anymore used or its use would have
caused an error message later anyway.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | g10/armor.c | 16 | ||||
| -rw-r--r-- | g10/filter.h | 1 | ||||
| -rw-r--r-- | g10/gpg.c | 3 | ||||
| -rw-r--r-- | g10/gpgv.c | 1 | ||||
| -rw-r--r-- | g10/mainproc.c | 41 | ||||
| -rw-r--r-- | g10/options.h | 1 |
6 files changed, 11 insertions, 52 deletions
diff --git a/g10/armor.c b/g10/armor.c index efdc92ebc..b00f9854f 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -286,8 +286,6 @@ parse_hash_header( const char *line ) found |= 1; else if( !strncmp( s, "SHA1", s2-s ) ) found |= 2; - else if( !strncmp( s, "MD5", s2-s ) ) - found |= 4; else if( !strncmp( s, "SHA224", s2-s ) ) found |= 8; else if( !strncmp( s, "SHA256", s2-s ) ) @@ -664,10 +662,9 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, { int crlf = n > 1 && p[n-2] == '\r' && p[n-1]=='\n'; - /* PGP2 does not treat a tab as white space character */ afx->buffer_len= trim_trailing_chars( &p[afx->buffer_pos], n-afx->buffer_pos, - afx->pgp2mode ? " \r\n" : " \t\r\n"); + " \t\r\n"); afx->buffer_len+=afx->buffer_pos; /* the buffer is always allocated with enough space to append * the removed [CR], LF and a Nul @@ -1009,14 +1006,9 @@ armor_filter( void *opaque, int control, /* the buffer is at least 15+n*15 bytes long, so it * is easy to construct the packets */ - hashes &= 1|2|4|8|16|32|64; + hashes &= 1|2|8|16|32|64; if( !hashes ) { - hashes |= 4; /* default to MD 5 */ - /* This is non-ideal since PGP 5-8 have the same - end-of-line bugs as PGP 2. However, we only - enable pgp2mode if there is no Hash: header. */ - if( opt.pgp2_workarounds ) - afx->pgp2mode = 1; + hashes |= 2; /* Default to SHA-1. */ } n=0; /* First a gpg control packet... */ @@ -1029,8 +1021,6 @@ armor_filter( void *opaque, int control, buf[n++] = DIGEST_ALGO_RMD160; if( hashes & 2 ) buf[n++] = DIGEST_ALGO_SHA1; - if( hashes & 4 ) - buf[n++] = DIGEST_ALGO_MD5; if( hashes & 8 ) buf[n++] = DIGEST_ALGO_SHA224; if( hashes & 16 ) diff --git a/g10/filter.h b/g10/filter.h index 731ad0fba..c3c7966e5 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -49,7 +49,6 @@ typedef struct { int faked; /* we are faking a literal data packet */ int truncated; /* number of truncated lines */ int qp_detected; - int pgp2mode; byte eol[3]; /* The end of line characters as a zero-terminated string. Defaults (eol[0]=='\0') to whatever the local @@ -2099,7 +2099,6 @@ main (int argc, char **argv) opt.completes_needed = 1; opt.marginals_needed = 3; opt.max_cert_depth = 5; - opt.pgp2_workarounds = 1; opt.escape_from = 1; opt.flags.require_cross_cert = 1; opt.import_options = 0; @@ -2528,7 +2527,6 @@ main (int argc, char **argv) opt.rfc2440_text = 0; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; - opt.pgp2_workarounds = 0; opt.escape_from = 1; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; @@ -2545,7 +2543,6 @@ main (int argc, char **argv) opt.rfc2440_text = 1; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; - opt.pgp2_workarounds = 0; opt.escape_from = 0; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; diff --git a/g10/gpgv.c b/g10/gpgv.c index d79b8994f..7bba53501 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -161,7 +161,6 @@ main( int argc, char **argv ) gnupg_init_signals (0, NULL); opt.command_fd = -1; /* no command fd */ - opt.pgp2_workarounds = 1; opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE; opt.trust_model = TM_ALWAYS; opt.batch = 1; diff --git a/g10/mainproc.c b/g10/mainproc.c index 50d1d2713..19f1aac5e 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -555,9 +555,9 @@ proc_encrypted( CTX c, PACKET *pkt ) algo = CIPHER_ALGO_IDEA; if (!opt.s2k_digest_algo) { - /* If no digest is given we assume MD5 */ + /* If no digest is given we assume SHA-1. */ s2kbuf.mode = 0; - s2kbuf.hash_algo = DIGEST_ALGO_MD5; + s2kbuf.hash_algo = DIGEST_ALGO_SHA1; s2k = &s2kbuf; } log_info (_("assuming %s encrypted data\n"), "IDEA"); @@ -617,7 +617,7 @@ static void proc_plaintext( CTX c, PACKET *pkt ) { PKT_plaintext *pt = pkt->pkt.plaintext; - int any, clearsig, only_md5, rc; + int any, clearsig, rc; KBNODE n; literals_seen++; @@ -635,7 +635,7 @@ proc_plaintext( CTX c, PACKET *pkt ) * Should we assume that plaintext in mode 't' has always sigclass 1?? * See: Russ Allbery's mail 1999-02-09 */ - any = clearsig = only_md5 = 0; + any = clearsig = 0; for(n=c->list; n; n = n->next ) { if( n->pkt->pkttype == PKT_ONEPASS_SIG ) @@ -645,15 +645,8 @@ proc_plaintext( CTX c, PACKET *pkt ) { gcry_md_enable (c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo); - if( !any && n->pkt->pkt.onepass_sig->digest_algo - == DIGEST_ALGO_MD5 ) - only_md5 = 1; - else - only_md5 = 0; any = 1; } - if( n->pkt->pkt.onepass_sig->sig_class != 0x01 ) - only_md5 = 0; } else if( n->pkt->pkttype == PKT_GPG_CONTROL && n->pkt->pkt.gpg_control->control @@ -692,18 +685,7 @@ proc_plaintext( CTX c, PACKET *pkt ) answer. */ gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); - gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } - if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify - && opt.flags.allow_weak_digest_algos) { - /* This is a kludge to work around a bug in pgp2. It does only - * catch those mails which are armored. To catch the non-armored - * pgp mails we could see whether there is the signature packet - * in front of the plaintext. If someone needs this, send me a patch. - */ - if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) ) - BUG (); - } if ( DBG_HASHING ) { gcry_md_debug ( c->mfx.md, "verify" ); if ( c->mfx.md2 ) @@ -2130,20 +2112,13 @@ proc_tree( CTX c, KBNODE node ) if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0)) BUG (); - if( !opt.pgp2_workarounds ) - ; - else if( sig->digest_algo == DIGEST_ALGO_MD5 - && is_RSA( sig->pubkey_algo) - && opt.flags.allow_weak_digest_algos) { - /* enable a workaround for a pgp2 bug */ - if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0)) - BUG (); - } + if (RFC2440 || RFC4880) + ; /* Strict RFC mode. */ else if( sig->digest_algo == DIGEST_ALGO_SHA1 && sig->pubkey_algo == PUBKEY_ALGO_DSA && sig->sig_class == 0x01 ) { - /* enable the workaround also for pgp5 when the detached - * signature has been created in textmode */ + /* Enable a workaround for a pgp5 bug when the + * detached signature has been created in textmode. */ if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 )) BUG (); } diff --git a/g10/options.h b/g10/options.h index 95d165157..6a94ff43a 100644 --- a/g10/options.h +++ b/g10/options.h @@ -126,7 +126,6 @@ struct { KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG } keyid_format; - int pgp2_workarounds; int shm_coprocess; const char *set_filename; strlist_t comments; |