diff options
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | doc/gpg.texi | 12 | ||||
| -rw-r--r-- | g10/cipher.c | 2 | ||||
| -rw-r--r-- | g10/encrypt.c | 46 | ||||
| -rw-r--r-- | g10/gpg.c | 87 | ||||
| -rw-r--r-- | g10/keyedit.c | 38 | ||||
| -rw-r--r-- | g10/keygen.c | 10 | ||||
| -rw-r--r-- | g10/misc.c | 10 | ||||
| -rw-r--r-- | g10/options.h | 6 | ||||
| -rw-r--r-- | g10/pkclist.c | 16 | ||||
| -rw-r--r-- | g10/revoke.c | 2 | ||||
| -rw-r--r-- | g10/server.c | 4 | ||||
| -rw-r--r-- | g10/sign.c | 51 | ||||
| -rwxr-xr-x | tests/openpgp/clearsig.test | 13 |
14 files changed, 51 insertions, 249 deletions
@@ -1,6 +1,9 @@ Noteworthy changes in version 2.1.0-betaxxx (unreleased) -------------------------------------------------------- + * gpg: Removed the option --pgp2 and --rfc1991 and the ability to + create PGP-2 compatible messages. + Noteworthy changes in version 2.1.0-beta751 (2014-07-03) -------------------------------------------------------- diff --git a/doc/gpg.texi b/doc/gpg.texi index d0da83706..36aa18ef1 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1476,7 +1476,7 @@ Set what trust model GnuPG should follow. The models are: @item classic @opindex trust-mode:classic - This is the standard Web of Trust as used in PGP 2.x and earlier. + This is the standard Web of Trust as introduced by PGP 2. @item direct @opindex trust-mode:direct @@ -2342,9 +2342,11 @@ behavior. Note that this is currently the same thing as Reset all packet, cipher and digest options to strict RFC-2440 behavior. +@ifclear gpgtowone @item --rfc1991 @opindex rfc1991 -Try to be more RFC-1991 (PGP 2.x) compliant. +Try to be more RFC-1991 (PGP 2.x) compliant. This option is +deprecated will be removed in GnuPG 2.1. @item --pgp2 @opindex pgp2 @@ -2367,6 +2369,12 @@ This option implies @end ifclear It also disables @option{--textmode} when encrypting. +This option is deprecated will be removed in GnuPG 2.1. The reason +for dropping PGP-2 support is that the PGP 2 format is not anymore +considered safe (for example due to the use of the broken MD5 algorithm). +Note that the decryption of PGP-2 created messages will continue to work. +@end ifclear + @item --pgp6 @opindex pgp6 Set up all options to be as PGP 6 compliant as possible. This diff --git a/g10/cipher.c b/g10/cipher.c index 10f0ebb96..b72b144bb 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -56,7 +56,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.extralen = blocksize+2; - ed.new_ctb = !ed.len && !RFC1991; + ed.new_ctb = !ed.len; if( cfx->dek->use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; gcry_md_open (&cfx->mdc_hash, DIGEST_ALGO_SHA1, 0); diff --git a/g10/encrypt.c b/g10/encrypt.c index 5b10b73ea..d1ce933c2 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -104,8 +104,8 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey) static int use_mdc(PK_LIST pk_list,int algo) { - /* RFC-1991 and 2440 don't have MDC */ - if(RFC1991 || RFC2440) + /* RFC-2440 don't has MDC */ + if (RFC2440) return 0; /* --force-mdc overrides --disable-mdc */ @@ -174,7 +174,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) compress_filter_context_t zfx; text_filter_context_t tfx; progress_filter_context_t *pfx; - int do_compress = !RFC1991 && default_compress_algo(); + int do_compress = !!default_compress_algo(); pfx = new_progress_context (); memset( &cfx, 0, sizeof cfx); @@ -206,19 +206,13 @@ encrypt_simple (const char *filename, int mode, int use_seskey) if (opt.textmode) iobuf_push_filter( inp, text_filter, &tfx ); - /* Due the the fact that we use don't use an IV to encrypt the - session key we can't use the new mode with RFC1991 because it has - no S2K salt. RFC1991 always uses simple S2K. */ - if ( RFC1991 && use_seskey ) - use_seskey = 0; - cfx.dek = NULL; if ( mode ) { int canceled; s2k = xmalloc_clear( sizeof *s2k ); - s2k->mode = RFC1991? 0:opt.s2k_mode; + s2k->mode = opt.s2k_mode; s2k->hash_algo = S2K_DIGEST_ALGO; cfx.dek = passphrase_to_dek (NULL, 0, default_cipher_algo(), s2k, 4, @@ -279,7 +273,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) push_armor_filter (afx, out); } - if ( s2k && !RFC1991 ) + if ( s2k ) { PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc + seskeylen + 1 ); enc->version = 4; @@ -335,7 +329,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) pt->timestamp = make_timestamp(); pt->mode = opt.textmode? 't' : 'b'; pt->len = filesize; - pt->new_ctb = !pt->len && !RFC1991; + pt->new_ctb = !pt->len; pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; @@ -478,13 +472,13 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, compress_filter_context_t zfx; text_filter_context_t tfx; progress_filter_context_t *pfx; - PK_LIST pk_list, work_list; + PK_LIST pk_list; int do_compress; if (filefd != -1 && filename) return gpg_error (GPG_ERR_INV_ARG); - do_compress = opt.compress_algo && !RFC1991; + do_compress = !!opt.compress_algo; pfx = new_progress_context (); memset( &cfx, 0, sizeof cfx); @@ -510,19 +504,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, } } - if(PGP2) - { - for (work_list=pk_list; work_list; work_list=work_list->next) - if (!(is_RSA (work_list->pk->pubkey_algo) - && nbits_from_pk (work_list->pk) <= 2048)) - { - log_info(_("you can only encrypt to RSA keys of 2048 bits or " - "less in --pgp2 mode\n")); - compliance_failure(); - break; - } - } - /* Prepare iobufs. */ #ifdef HAVE_W32_SYSTEM if (filefd == -1) @@ -592,13 +573,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, if (cfx.dek->algo == -1) { cfx.dek->algo = CIPHER_ALGO_3DES; - - if (PGP2) - { - log_info(_("unable to use the IDEA cipher for all of the keys " - "you are encrypting to.\n")); - compliance_failure(); - } } /* In case 3DES has been selected, print a warning if any key @@ -687,7 +661,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, pt->timestamp = make_timestamp(); pt->mode = opt.textmode ? 't' : 'b'; pt->len = filesize; - pt->new_ctb = !pt->len && !RFC1991; + pt->new_ctb = !pt->len; pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; @@ -895,7 +869,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out) keyid_from_pk( pk, enc->keyid ); enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1)); - if (opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8)) + if (opt.throw_keyid && (PGP6 || PGP7 || PGP8)) { log_info(_("you may not use %s while in %s mode\n"), "--throw-keyid",compliance_option_string()); @@ -205,11 +205,9 @@ enum cmd_and_opt_values oMaxCertDepth, oLoadExtension, oGnuPG, - oRFC1991, oRFC2440, oRFC4880, oOpenPGP, - oPGP2, oPGP6, oPGP7, oPGP8, @@ -573,11 +571,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"), ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"), ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"), - ARGPARSE_s_n (oRFC1991, "rfc1991", "@"), ARGPARSE_s_n (oRFC2440, "rfc2440", "@"), ARGPARSE_s_n (oRFC4880, "rfc4880", "@"), ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")), - ARGPARSE_s_n (oPGP2, "pgp2", "@"), ARGPARSE_s_n (oPGP6, "pgp6", "@"), ARGPARSE_s_n (oPGP7, "pgp7", "@"), ARGPARSE_s_n (oPGP8, "pgp8", "@"), @@ -2484,11 +2480,6 @@ main (int argc, char **argv) /* Dummy so that gpg 1.4 conf files can work. Should eventually be removed. */ break; - case oRFC1991: - opt.compliance = CO_RFC1991; - opt.force_v4_certs = 0; - opt.escape_from = 1; - break; case oOpenPGP: case oRFC4880: /* This is effectively the same as RFC2440, but with @@ -2530,7 +2521,6 @@ main (int argc, char **argv) opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; break; - case oPGP2: opt.compliance = CO_PGP2; break; case oPGP6: opt.compliance = CO_PGP6; break; case oPGP7: opt.compliance = CO_PGP7; break; case oPGP8: opt.compliance = CO_PGP8; break; @@ -3238,78 +3228,7 @@ main (int argc, char **argv) log_clock ("start"); /* Do these after the switch(), so they can override settings. */ - if(PGP2) - { - int unusable=0; - - if(cmd==aSign && !detached_sig) - { - log_info(_("you can only make detached or clear signatures " - "while in --pgp2 mode\n")); - unusable=1; - } - else if(cmd==aSignEncr || cmd==aSignSym) - { - log_info(_("you can't sign and encrypt at the " - "same time while in --pgp2 mode\n")); - unusable=1; - } - else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym)) - { - log_info(_("you must use files (and not a pipe) when " - "working with --pgp2 enabled.\n")); - unusable=1; - } - else if(cmd==aEncr || cmd==aSym) - { - /* Everything else should work without IDEA (except using - a secret key encrypted with IDEA and setting an IDEA - preference, but those have their own error - messages). */ - - if (openpgp_cipher_test_algo(CIPHER_ALGO_IDEA)) - { - log_info(_("encrypting a message in --pgp2 mode requires " - "the IDEA cipher\n")); - unusable=1; - } - else if(cmd==aSym) - { - /* This only sets IDEA for symmetric encryption - since it is set via select_algo_from_prefs for - pk encryption. */ - xfree(def_cipher_string); - def_cipher_string = xstrdup("idea"); - } - - /* PGP2 can't handle the output from the textmode - filter, so we disable it for anything that could - create a literal packet (only encryption and - symmetric encryption, since we disable signing - above). */ - if(!unusable) - opt.textmode=0; - } - - if(unusable) - compliance_failure(); - else - { - opt.force_v4_certs = 0; - opt.escape_from = 1; - opt.force_v3_sigs = 1; - opt.pgp2_workarounds = 1; - opt.ask_sig_expire = 0; - opt.ask_cert_expire = 0; - opt.flags.allow_weak_digest_algos = 1; - xfree(def_digest_string); - def_digest_string = xstrdup("md5"); - xfree(s2k_digest_string); - s2k_digest_string = xstrdup("md5"); - opt.compress_algo = COMPRESS_ALGO_ZIP; - } - } - else if(PGP6) + if(PGP6) { opt.disable_mdc=1; opt.escape_from=1; @@ -3675,7 +3594,7 @@ main (int argc, char **argv) else if(opt.s2k_mode==0) log_error(_("you cannot use --symmetric --encrypt" " with --s2k-mode 0\n")); - else if(PGP2 || PGP6 || PGP7 || RFC1991) + else if(PGP6 || PGP7) log_error(_("you cannot use --symmetric --encrypt" " while in %s mode\n"),compliance_option_string()); else @@ -3726,7 +3645,7 @@ main (int argc, char **argv) else if(opt.s2k_mode==0) log_error(_("you cannot use --symmetric --sign --encrypt" " with --s2k-mode 0\n")); - else if(PGP2 || PGP6 || PGP7 || RFC1991) + else if(PGP6 || PGP7) log_error(_("you cannot use --symmetric --sign --encrypt" " while in %s mode\n"),compliance_option_string()); else diff --git a/g10/keyedit.c b/g10/keyedit.c index 77bd37f58..1d8062546 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -518,19 +518,6 @@ sign_uids (estream_t fp, KBNODE node, uidnode; PKT_public_key *primary_pk = NULL; int select_all = !count_selected_uids (keyblock) || interactive; - int all_v3 = 1; - - /* Are there any non-v3 sigs on this key already? */ - if (PGP2) - { - for (node = keyblock; node; node = node->next) - if (node->pkt->pkttype == PKT_SIGNATURE && - node->pkt->pkt.signature->version > 3) - { - all_v3 = 0; - break; - } - } /* Build a list of all signators. * @@ -894,29 +881,6 @@ sign_uids (estream_t fp, if (duration) force_v4 = 1; - /* Is --pgp2 on, it's a v3 key, all the sigs on the key are - currently v3 and we're about to sign it with a v4 sig? If - so, danger! */ - if (PGP2 && all_v3 && - (pk->version > 3 || force_v4) && primary_pk->version <= 3) - { - tty_fprintf (fp, _("You may not make an OpenPGP signature on a " - "PGP 2.x key while in --pgp2 mode.\n")); - tty_fprintf (fp, _("This would make the key unusable in PGP 2.x.\n")); - - if (opt.expert && !quick) - { - if (!cpr_get_answer_is_yes ("sign_uid.v4_on_v3_okay", - _("Are you sure you still " - "want to sign it? (y/N) "))) - continue; - - all_v3 = 0; - } - else - continue; - } - if (selfsig) ; else @@ -1773,7 +1737,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, break; case cmdADDPHOTO: - if (RFC2440 || RFC1991 || PGP2) + if (RFC2440) { tty_printf (_("This command is not allowed while in %s mode.\n"), compliance_option_string ()); diff --git a/g10/keygen.c b/g10/keygen.c index af5d34d24..ed11a2fff 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -341,16 +341,6 @@ keygen_set_std_prefs (const char *string,int personal) if ( !openpgp_cipher_test_algo (CIPHER_ALGO_CAST5) ) strcat(dummy_string,"S3 "); strcat(dummy_string,"S2 "); /* 3DES */ - /* If we have it, IDEA goes *after* 3DES so it won't be - used unless we're encrypting along with a V3 key. - Ideally, we would only put the S1 preference in if the - key was RSA and <=2048 bits, as that is what won't - break PGP2, but that is difficult with the current - code, and not really worth checking as a non-RSA <=2048 - bit key wouldn't be usable by PGP2 anyway. -dms */ - if (PGP2 && !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) ) - strcat(dummy_string,"S1 "); - /* The default hash algo order is: SHA-256, SHA-1, SHA-384, SHA-512, SHA-224. diff --git a/g10/misc.c b/g10/misc.c index 0125da4b0..0ad4602f9 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1191,8 +1191,6 @@ compliance_option_string(void) case CO_GNUPG: return "--gnupg"; case CO_RFC4880: return "--openpgp"; case CO_RFC2440: return "--rfc2440"; - case CO_RFC1991: return "--rfc1991"; - case CO_PGP2: return "--pgp2"; case CO_PGP6: return "--pgp6"; case CO_PGP7: return "--pgp7"; case CO_PGP8: return "--pgp8"; @@ -1220,14 +1218,6 @@ compliance_failure(void) ver="OpenPGP (older)"; break; - case CO_RFC1991: - ver="old PGP"; - break; - - case CO_PGP2: - ver="PGP 2.x"; - break; - case CO_PGP6: ver="PGP 6.x"; break; diff --git a/g10/options.h b/g10/options.h index e407aa400..7efb3d6e6 100644 --- a/g10/options.h +++ b/g10/options.h @@ -121,7 +121,7 @@ struct int force_ownertrust; enum { - CO_GNUPG, CO_RFC4880, CO_RFC2440, CO_RFC1991, CO_PGP2, + CO_GNUPG, CO_RFC4880, CO_RFC2440, CO_PGP6, CO_PGP7, CO_PGP8 } compliance; enum @@ -307,14 +307,12 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; /* Compatibility flags. */ #define GNUPG (opt.compliance==CO_GNUPG) -#define RFC1991 (opt.compliance==CO_RFC1991 || opt.compliance==CO_PGP2) #define RFC2440 (opt.compliance==CO_RFC2440) #define RFC4880 (opt.compliance==CO_RFC4880) -#define PGP2 (opt.compliance==CO_PGP2) #define PGP6 (opt.compliance==CO_PGP6) #define PGP7 (opt.compliance==CO_PGP7) #define PGP8 (opt.compliance==CO_PGP8) -#define PGPX (PGP2 || PGP6 || PGP7 || PGP8) +#define PGPX (PGP6 || PGP7 || PGP8) /* Various option flags. Note that there should be no common string names between the IMPORT_ and EXPORT_ flags as they can be mixed in diff --git a/g10/pkclist.c b/g10/pkclist.c index e783ae419..1032b0193 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -928,7 +928,7 @@ build_pk_list (ctrl_t ctrl, /* Hidden recipients are not allowed while in PGP mode, issue a warning and switch into GnuPG mode. */ - if ((rov->flags&2) && (PGP2 || PGP6 || PGP7 || PGP8)) + if ((rov->flags&2) && (PGP6 || PGP7 || PGP8)) { log_info(_("you may not use %s while in %s mode\n"), "--hidden-recipient", @@ -978,7 +978,7 @@ build_pk_list (ctrl_t ctrl, /* Hidden encrypt-to recipients are not allowed while in PGP mode, issue a warning and switch into GnuPG mode. */ - if ((r->flags&1) && (PGP2 || PGP6 || PGP7 || PGP8)) + if ((r->flags&1) && (PGP6 || PGP7 || PGP8)) { log_info(_("you may not use %s while in %s mode\n"), "--hidden-encrypt-to", @@ -1344,10 +1344,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, dropped from 4880 but is still relevant to GPG's 1991 support. All this doesn't mean IDEA is actually available, of course. */ - if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4) - implicit=CIPHER_ALGO_IDEA; - else - implicit=CIPHER_ALGO_3DES; + implicit=CIPHER_ALGO_3DES; break; @@ -1359,12 +1356,7 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype, mode, and that's the only time PREFTYPE_HASH is used anyway. -dms */ - /* MD5 is there for v3 keys with v3 selfsigs when --pgp2 is - on. */ - if(PGP2 && pkr->pk->version<4 && pkr->pk->selfsigversion<4) - implicit=DIGEST_ALGO_MD5; - else - implicit=DIGEST_ALGO_SHA1; + implicit=DIGEST_ALGO_SHA1; break; diff --git a/g10/revoke.c b/g10/revoke.c index bf5e33b3f..67f62e5cc 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -473,7 +473,7 @@ create_revocation (const char *filename, goto leave; } - if (keyblock && (PGP2 || PGP6 || PGP7 || PGP8)) + if (keyblock && (PGP6 || PGP7 || PGP8)) { /* Use a minimal pk for PGPx mode, since PGP can't import bare revocation certificates. */ diff --git a/g10/server.c b/g10/server.c index e87c871e3..b019d1aa1 100644 --- a/g10/server.c +++ b/g10/server.c @@ -320,10 +320,6 @@ cmd_encrypt (assuan_context_t ctx, char *line) goto leave; } - /* Fixme: Check that we are using real files and not pipes if in - PGP-2 mode. Do all the other checks we do in gpg.c for aEncr. - Maybe we should drop the PGP2 compatibility. */ - /* FIXME: GPGSM does this here: Add all encrypt-to marked recipients from the default list. */ diff --git a/g10/sign.c b/g10/sign.c index 9aa4da49d..c8139d74c 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -509,11 +509,6 @@ hash_for (PKT_public_key *pk) return DIGEST_ALGO_SHA1; } - else if (PGP2 && pk->pubkey_algo == PUBKEY_ALGO_RSA && pk->version < 4 ) - { - /* Old-style PGP only understands MD5 */ - return DIGEST_ALGO_MD5; - } else if (opt.personal_digest_prefs) { /* It's not DSA, so we can use whatever the first hash algorithm @@ -659,7 +654,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode) pt->timestamp = make_timestamp (); pt->mode = ptmode; pt->len = filesize; - pt->new_ctb = !pt->len && !RFC1991; + pt->new_ctb = !pt->len; pt->buf = inp; init_packet(&pkt); pkt.pkttype = PKT_PLAINTEXT; @@ -710,7 +705,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, /* Build the signature packet. */ sig = xmalloc_clear (sizeof *sig); - if (opt.force_v3_sigs || RFC1991) + if (opt.force_v3_sigs) sig->version = 3; else if (duration || opt.sig_policy_url || opt.sig_notations || opt.sig_keyserver_url) @@ -819,7 +814,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) goto leave; - if(!opt.force_v3_sigs && !RFC1991) + if(!opt.force_v3_sigs) { if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); @@ -832,13 +827,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) ) goto leave; - if(PGP2 && !only_old_style(sk_list)) - { - log_info(_("you can only detach-sign with PGP 2.x style keys " - "while in --pgp2 mode\n")); - compliance_failure(); - } - if (encryptflag && (rc=build_pk_list (ctrl, remusr, &pk_list, PUBKEY_USAGE_ENC))) goto leave; @@ -986,7 +974,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, if( !multifile ) iobuf_push_filter( inp, md_filter, &mfx ); - if( detached && !encryptflag && !RFC1991 ) + if( detached && !encryptflag) afx->what = 2; if( opt.armor && !outfile ) @@ -1029,7 +1017,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, } /* Write the one-pass signature packets if needed */ - if (!detached && !RFC1991) { + if (!detached) { rc = write_onepass_sig_packets (sk_list, out, opt.textmode && !outfile ? 0x01:0x00); if (rc) @@ -1135,7 +1123,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) int rc = 0; SK_LIST sk_list = NULL; SK_LIST sk_rover = NULL; - int old_style = RFC1991; + int old_style = 0; int only_md5 = 0; u32 duration=0; @@ -1143,7 +1131,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) afx = new_armor_context (); init_packet( &pkt ); - if(!opt.force_v3_sigs && !RFC1991) + if(!opt.force_v3_sigs) { if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); @@ -1156,16 +1144,9 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) ) goto leave; - if( !old_style && !duration ) + if(!duration ) old_style = only_old_style( sk_list ); - if(PGP2 && !only_old_style(sk_list)) - { - log_info(_("you can only clearsign with PGP 2.x style keys " - "while in --pgp2 mode\n")); - compliance_failure(); - } - /* prepare iobufs */ inp = iobuf_open(fname); if (inp && is_secured_file (iobuf_get_fd (inp))) @@ -1311,7 +1292,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) memset( &cfx, 0, sizeof cfx); init_packet( &pkt ); - if(!opt.force_v3_sigs && !RFC1991) + if(!opt.force_v3_sigs) { if(opt.ask_sig_expire && !opt.batch) duration=ask_expire_interval(1,opt.def_sig_expire); @@ -1343,7 +1324,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) /* prepare key */ s2k = xmalloc_clear( sizeof *s2k ); - s2k->mode = RFC1991? 0:opt.s2k_mode; + s2k->mode = opt.s2k_mode; s2k->hash_algo = S2K_DIGEST_ALGO; algo = default_cipher_algo(); @@ -1389,7 +1370,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) /* Write the symmetric key packet */ /*(current filters: armor)*/ - if (!RFC1991) { + { PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc ); enc->version = 4; enc->cipher_algo = cfx.dek->algo; @@ -1410,12 +1391,10 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) /* Write the one-pass signature packets */ /*(current filters: zip - encrypt - armor)*/ - if (!RFC1991) { - rc = write_onepass_sig_packets (sk_list, out, - opt.textmode? 0x01:0x00); - if (rc) - goto leave; - } + rc = write_onepass_sig_packets (sk_list, out, + opt.textmode? 0x01:0x00); + if (rc) + goto leave; write_status_begin_signing (mfx.md); diff --git a/tests/openpgp/clearsig.test b/tests/openpgp/clearsig.test index 74631e180..bf67916d0 100755 --- a/tests/openpgp/clearsig.test +++ b/tests/openpgp/clearsig.test @@ -24,17 +24,6 @@ done # ====================================== -# and once more to check rfc1991 -# ====================================== - -if have_pubkey_algo "RSA"; then - for i in $plain_files plain-large ; do - $GPG -u $usrname3 --rfc1991 --digest-algo md5 --clearsign -o x --yes $i - $GPG --verify x - done -fi - -# ====================================== # and one with long lines # ====================================== cat >y <<EOF @@ -100,7 +89,7 @@ cat >y <<EOF } /* ask for file and hash it */ - if( c->sigs_only ) { -+ if( c->sigs_only ) ++ if( c->sigs_only ) rc = hash_datafiles( c->mfx.md, NULL, c->signed_data, c->sigfilename, n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 ); |