gpg: Remove options --pgp2 and --rfc1991.

* g10/gpg.c (oRFC1991, oPGP2): Remove (opts): Remove --pgp2 and --rfc1991. * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users. (RFC2440, PGP2): Remove. Remove all code only enabled by these conditions. * tests/openpgp/clearsig.test: Remove --rfc1991 test. -- The use of PGP 2.c is considered insecure for quite some time now (e.g. due to the use of MD5). Thus we remove all support for _creating_ PGP 2 compatible messages.
author: Werner Koch <wk@gnupg.org> 2014-08-12 10:36:30 +0200
committer: Werner Koch <wk@gnupg.org> 2014-08-14 11:03:55 +0200
commit: 2b8d8369d59249b89526c18c5ac276e6445dc35e (patch)
tree: cee8f7b5adb668e0893ab13812c571db329b119b /g10/encrypt.c
parent: build: Fix autogen.sh base version hack. (diff)
download: gnupg2-2b8d8369d59249b89526c18c5ac276e6445dc35e.tar.xz
gnupg2-2b8d8369d59249b89526c18c5ac276e6445dc35e.zip
1 files changed, 10 insertions, 36 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c
index 5b10b73ea..d1ce933c2 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -104,8 +104,8 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
 static int
 use_mdc(PK_LIST pk_list,int algo)
 {
-  /* RFC-1991 and 2440 don't have MDC */
-  if(RFC1991 || RFC2440)
+  /* RFC-2440 don't has MDC */
+  if (RFC2440)
     return 0;
 
   /* --force-mdc overrides --disable-mdc */
@@ -174,7 +174,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
   compress_filter_context_t zfx;
   text_filter_context_t tfx;
   progress_filter_context_t *pfx;
-  int do_compress = !RFC1991 && default_compress_algo();
+  int do_compress = !!default_compress_algo();
 
   pfx = new_progress_context ();
   memset( &cfx, 0, sizeof cfx);
@@ -206,19 +206,13 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
   if (opt.textmode)
     iobuf_push_filter( inp, text_filter, &tfx );
 
-  /* Due the the fact that we use don't use an IV to encrypt the
-     session key we can't use the new mode with RFC1991 because it has
-     no S2K salt.  RFC1991 always uses simple S2K. */
-  if ( RFC1991 && use_seskey )
-    use_seskey = 0;
-
   cfx.dek = NULL;
   if ( mode )
     {
       int canceled;
 
       s2k = xmalloc_clear( sizeof *s2k );
-      s2k->mode = RFC1991? 0:opt.s2k_mode;
+      s2k->mode = opt.s2k_mode;
       s2k->hash_algo = S2K_DIGEST_ALGO;
       cfx.dek = passphrase_to_dek (NULL, 0,
                                    default_cipher_algo(), s2k, 4,
@@ -279,7 +273,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
       push_armor_filter (afx, out);
     }
 
-  if ( s2k && !RFC1991 )
+  if ( s2k )
     {
       PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc + seskeylen + 1 );
       enc->version = 4;
@@ -335,7 +329,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
       pt->timestamp = make_timestamp();
       pt->mode = opt.textmode? 't' : 'b';
       pt->len = filesize;
-      pt->new_ctb = !pt->len && !RFC1991;
+      pt->new_ctb = !pt->len;
       pt->buf = inp;
       pkt.pkttype = PKT_PLAINTEXT;
       pkt.pkt.plaintext = pt;
@@ -478,13 +472,13 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
   compress_filter_context_t zfx;
   text_filter_context_t tfx;
   progress_filter_context_t *pfx;
-  PK_LIST pk_list, work_list;
+  PK_LIST pk_list;
   int do_compress;
 
   if (filefd != -1 && filename)
     return gpg_error (GPG_ERR_INV_ARG);
 
-  do_compress = opt.compress_algo && !RFC1991;
+  do_compress = !!opt.compress_algo;
 
   pfx = new_progress_context ();
   memset( &cfx, 0, sizeof cfx);
@@ -510,19 +504,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
         }
     }
 
-  if(PGP2)
-    {
-      for (work_list=pk_list; work_list; work_list=work_list->next)
-        if (!(is_RSA (work_list->pk->pubkey_algo)
-              && nbits_from_pk (work_list->pk) <= 2048))
-          {
-            log_info(_("you can only encrypt to RSA keys of 2048 bits or "
-                       "less in --pgp2 mode\n"));
-            compliance_failure();
-            break;
-          }
-    }
-
   /* Prepare iobufs. */
 #ifdef HAVE_W32_SYSTEM
   if (filefd == -1)
@@ -592,13 +573,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
       if (cfx.dek->algo == -1)
         {
           cfx.dek->algo = CIPHER_ALGO_3DES;
-
-          if (PGP2)
-            {
-              log_info(_("unable to use the IDEA cipher for all of the keys "
-                         "you are encrypting to.\n"));
-              compliance_failure();
-            }
         }
 
       /* In case 3DES has been selected, print a warning if any key
@@ -687,7 +661,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
       pt->timestamp = make_timestamp();
       pt->mode = opt.textmode ? 't' : 'b';
       pt->len = filesize;
-      pt->new_ctb = !pt->len && !RFC1991;
+      pt->new_ctb = !pt->len;
       pt->buf = inp;
       pkt.pkttype = PKT_PLAINTEXT;
       pkt.pkt.plaintext = pt;
@@ -895,7 +869,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
       keyid_from_pk( pk, enc->keyid );
       enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
 
-      if (opt.throw_keyid && (PGP2 || PGP6 || PGP7 || PGP8))
+      if (opt.throw_keyid && (PGP6 || PGP7 || PGP8))
         {
           log_info(_("you may not use %s while in %s mode\n"),
                    "--throw-keyid",compliance_option_string());
author	Werner Koch <wk@gnupg.org>	2014-08-12 10:36:30 +0200
committer	Werner Koch <wk@gnupg.org>	2014-08-14 11:03:55 +0200
commit	2b8d8369d59249b89526c18c5ac276e6445dc35e (patch)
tree	cee8f7b5adb668e0893ab13812c571db329b119b /g10/encrypt.c
parent	build: Fix autogen.sh base version hack. (diff)
download	gnupg2-2b8d8369d59249b89526c18c5ac276e6445dc35e.tar.xz gnupg2-2b8d8369d59249b89526c18c5ac276e6445dc35e.zip