v3 keys have long been considered insecure. While we want to retain
support for them there's no reason most keyservers should actually store
them these days. So drop them by default when running cleankeys()
*/
int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
{
*/
int cleankeys(struct openpgp_publickey **keys, uint64_t policies)
{
- struct openpgp_publickey *curkey;
+ struct openpgp_publickey **curkey, *tmp;
int changed = 0, count = 0;
if (keys == NULL)
return 0;
int changed = 0, count = 0;
if (keys == NULL)
return 0;
- curkey = *keys;
- while (curkey != NULL) {
+ curkey = keys;
+ while (*curkey != NULL) {
+ if (policies & ONAK_CLEAN_DROP_V3_KEYS) {
+ if ((*curkey)->publickey->data[0] < 4) {
+ /* Remove the key from the list */
+ tmp = *curkey;
+ *curkey = tmp->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
+ changed++;
+ continue;
+ }
+ }
if (policies & ONAK_CLEAN_LARGE_PACKETS) {
if (policies & ONAK_CLEAN_LARGE_PACKETS) {
- count += clean_large_packets(curkey);
+ count += clean_large_packets(*curkey);
- count += dedupuids(curkey);
- count += dedupsubkeys(curkey);
+ count += dedupuids(*curkey);
+ count += dedupsubkeys(*curkey);
if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
if (policies & ONAK_CLEAN_CHECK_SIGHASH) {
- count += clean_key_sighashes(curkey);
+ count += clean_key_sighashes(*curkey);
}
if (count > 0) {
changed++;
}
}
if (count > 0) {
changed++;
}
+ curkey = &(*curkey)->next;
#define ONAK_CLEAN_CHECK_SIGHASH (1 << 0)
#define ONAK_CLEAN_LARGE_PACKETS (1 << 1)
#define ONAK_CLEAN_CHECK_SIGHASH (1 << 0)
#define ONAK_CLEAN_LARGE_PACKETS (1 << 1)
+#define ONAK_CLEAN_DROP_V3_KEYS (1 << 2)
#define ONAK_CLEAN_ALL (uint64_t) -1
/**
#define ONAK_CLEAN_ALL (uint64_t) -1
/**
- .clean_policies = ONAK_CLEAN_CHECK_SIGHASH,
+ .clean_policies = ONAK_CLEAN_DROP_V3_KEYS | ONAK_CLEAN_CHECK_SIGHASH,
.bin_dir = NULL,
.mail_dir = NULL,
.bin_dir = NULL,
.mail_dir = NULL,
config.syncsites = lladd(config.syncsites,
strdup(value));
/* [verification] section */
config.syncsites = lladd(config.syncsites,
strdup(value));
/* [verification] section */
+ } else if (MATCH("verification", "drop_v3")) {
+ if (parsebool(value, config.clean_policies &
+ ONAK_CLEAN_DROP_V3_KEYS)) {
+ config.clean_policies |=
+ ONAK_CLEAN_DROP_V3_KEYS;
+ } else {
+ config.clean_policies &=
+ ~ONAK_CLEAN_DROP_V3_KEYS;
+ }
} else if (MATCH("verification", "check_sighash")) {
if (parsebool(value, config.clean_policies &
ONAK_CLEAN_CHECK_SIGHASH)) {
} else if (MATCH("verification", "check_sighash")) {
if (parsebool(value, config.clean_policies &
ONAK_CLEAN_CHECK_SIGHASH)) {
; Verify signature hashes - verify that the hash a signature claims to be
; over matches the hash of the data. Does not actually verify the signature.
check_sighash=true
; Verify signature hashes - verify that the hash a signature claims to be
; over matches the hash of the data. Does not actually verify the signature.
check_sighash=true
+; Drop v3 (and older) keys. These are long considered insecure, so unless there
+; is a good reason you should accept this default.
+drop_v3=true
; Settings related to the email interface to onak.
[mail]
; Settings related to the email interface to onak.
[mail]