More tests added; make distcheck works

2006-03-07 11:05:41 +00:00 · 2006-03-07 11:05:41 +00:00 · 4aeb4d4b10
parent 199f4bd626
commit 4aeb4d4b10
33 changed files with 8147 additions and 7806 deletions
--- a/4
+++ b/4
@ -53,7 +53,9 @@ Noteworthy changes in version 1.4.3

    * Files containing several signed messages are not anymore allowed
      because there is no clean way to report the status of such files
-      back to the caller.
+      back to the caller.  To partly revert to the old behaviour the
+      new option --allow-multisig-verification may be used.
+


 Noteworthy changes in version 1.4.2 (2005-07-26)
--- a/checks/verify.test
+++ b/checks/verify.test
@ -99,7 +99,128 @@ yW5Pvxz/XHjl
 =UNM4
 -----END PGP MESSAGE-----'

+# A signed message suffixed with an unsigned literal packet.
+# (fols = faked-literal-data, one-pass, literal-data, signature)
+# This should throw an error because running gpg to extract the
+# signed data will return both literal data packets
+tests="$tests bad_olsf_asc"
+bad_olsf_asc='-----BEGIN PGP MESSAGE-----

+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45axdYgxtc2cudW5zaWduZWREDGNMdGltZXNoYXJpbmcsIG46CglB
+biBhY2Nlc3MgbWV0aG9kIHdoZXJlYnkgb25lIGNvbXB1dGVyIGFidXNlcyBtYW55
+IHBlb3BsZS4K
+=3gnG
+-----END PGP MESSAGE-----'
+
+
+# Two standard signed messages in a row
+tests="$tests msg_olsols_asc_multisig"
+msg_olsols_asc_multisig='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45ZANAwACES1yfMdoaXc0Aa0BB2IDbXNnRAxSWkkgdGhpbmsgdGhh
+dCBhbGwgcmlnaHQtdGhpbmtpbmcgcGVvcGxlIGluIHRoaXMgY291bnRyeSBhcmUg
+c2ljayBhbmQKdGlyZWQgb2YgYmVpbmcgdG9sZCB0aGF0IG9yZGluYXJ5IGRlY2Vu
+dCBwZW9wbGUgYXJlIGZlZCB1cCBpbiB0aGlzCmNvdW50cnkgd2l0aCBiZWluZyBz
+aWNrIGFuZCB0aXJlZC4gIEknbSBjZXJ0YWlubHkgbm90LiAgQnV0IEknbQpzaWNr
+IGFuZCB0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgSSBhbS4KLSBNb250eSBQeXRo
+b24KiD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCg
+iI5MyzgJpGTZtA/Jbk+/HP9ceOU=
+=8nLN
+-----END PGP MESSAGE-----'
+
+# A standard message with two signatures (actually the same signature
+# duplicated).
+tests="$tests msg_oolss_asc"
+msg_oolss_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Yg/AwUARAxSWi1yfMdoaXc0EQJHggCg
+mUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQPyW5Pvxz/XHjl
+=KVw5
+-----END PGP MESSAGE-----'
+
+# A standard message with two one-pass packet but only one signature
+# packet
+tests="$tests bad_ools_asc"
+bad_ools_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
+=1/ix
+-----END PGP MESSAGE-----'
+
+# Standard cleartext signature
+tests="$tests msg_cls_asc"
+msg_cls_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+I think that all right-thinking people in this country are sick and
+tired of being told that ordinary decent people are fed up in this
+country with being sick and tired.  I'm certainly not.  But I'm
+sick and tired of being told that I am.
+- - Monty Python
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVp1LXJ8x2hpdzQRAplUAKCMfpG3GPw/TLN52tosgXP5lNECkwCfQhAa
+emmev7IuQjWYrGF9Lxj+zj8=
+=qJsY
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Cleartext signature with two signatures
+tests="$tests msg_clss_asc"
+msg_clss_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+What is the difference between a Turing machine and the modern computer?
+It's the same as that between Hillary's ascent of Everest and the
+establishment of a Hilton on its peak.
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVz6LXJ8x2hpdzQRAtkGAKCeMhNbHnh339fpjNj9owsYcC4zBwCfYO5l
+2u+KEfXX0FKyk8SMzLjZ536IPwMFAUQNXPr+GAsdqeOwshEC2QYAoPOWAiQm0EF/
+FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
+=1Xvv
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Two clear text signatures in a row
+tests="$tests msg_clsclss_asc"
+msg_clsclss_asc="${msg_cls_asc}
+${msg_clss_asc}"
+
+
+# Fixme:  We need more tests with manipulated cleartext signatures.


 #
@ -107,13 +228,17 @@ yW5Pvxz/XHjl
 #
 for i in $tests ; do
   info "checking: $i"
+   eval "(IFS=; echo \"\$$i\")" >x
   case "$i" in
    msg_*_asc)
-       eval "(IFS=; echo \"\$$i\")" >x
       $GPG --verify x || error "verify of $i failed"
       ;;
+    msg_*_asc_multisig)
+       $GPG --verify --allow-multisig-verification x \
+           || error "verify of $i failed"
+       $GPG --verify x && error "verify of $i succeeded but should not"
+       ;;
    bad_*_asc)
-       eval "(IFS=; echo \"\$$i\")" >x
       $GPG --verify x && error "verify of $i succeeded but should not"
       ;;
    *)
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@ -2877,6 +2877,15 @@ behaviour as used by anonymous recipients (created by using
 message contains a bogus key ID.
 </para></listitem></varlistentry>

+<varlistentry>
+<term>--allow-multisig-verification</term>
+<listitem><para>
+Allow verification of concatenated signed messages.  This will run a
+signature verification for each data+signature block.  There are some
+security issues with this option thus it is off by default.  Note that
+versions of gpg rpior to version 1.4.3 implicityly allowed for this.
+</para></listitem></varlistentry>
+
 <varlistentry>
 <term>--enable-special-filenames</term>
 <listitem><para>
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,9 @@
+2006-03-07  Werner Koch  <wk@g10code.com>
+
+	* mainproc.c (proc_signature_packets): Return any_sig_seen to caller.
+	(check_sig_and_print): Option to partly allow the old behaviour.
+	* gpg.c: New option --allow-multisig-verification.
+
 2006-03-06  David Shaw  <dshaw@jabberwocky.com>

 	* sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -362,6 +362,7 @@ enum cmd_and_opt_values
    oNoRequireBacksigs,
    oAutoKeyLocate,
    oNoAutoKeyLocate,
+    oAllowMultisigVerification,

    oNoop
  };
@ -699,6 +700,8 @@ static ARGPARSE_OPTS opts[] = {
 #if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB)
    { oDebugCCIDDriver, "debug-ccid-driver", 0, "@"},
 #endif
+    { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
+
    /* These two are aliases to help users of the PGP command line
       product use gpg with minimal pain.  Many commands are common
       already as they seem to have borrowed commands from us.  Now
@ -2669,6 +2672,10 @@ main (int argc, char **argv )
 	    release_akl();
 	    break;

+          case oAllowMultisigVerification:
+            opt.allow_multisig_verification = 1;
+            break;
+
 	  case oNoop: break;

 	  default : pargs.err = configfp? 1:2; break;
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1163,6 +1163,13 @@ proc_signature_packets( void *anchor, IOBUF a,
        log_error (_("no signature found\n"));
        rc = G10ERR_NO_DATA;
      }
+
+    /* Propagate the signature seen flag upward. Do this only on
+       success so that we won't issue the nodata status several
+       times. */
+    if (!rc && c->anchor && c->any_sig_seen)
+      c->anchor->any_sig_seen = 1;
+
    xfree( c );
    return rc;
 }
@ -1445,8 +1452,8 @@ check_sig_and_print( CTX c, KBNODE node )
    KBNODE n;
    int n_onepass, n_sig;

-    log_debug ("checking signature packet composition\n");
-    dump_kbnode (c->list);
+/*     log_debug ("checking signature packet composition\n"); */
+/*     dump_kbnode (c->list); */

    n = c->list;
    assert (n);
@ -1482,7 +1489,9 @@ check_sig_and_print( CTX c, KBNODE node )
        for (n_sig=0, n = n->next;
             n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
          n_sig++;
-        if (n || !n_sig)
+        if (!n_sig)
+          goto ambiguous;
+        if (n && !opt.allow_multisig_verification)
          goto ambiguous;
        if (n_onepass != n_sig)
          {
--- a/g10/options.h
+++ b/g10/options.h
@ -231,6 +231,9 @@ struct
    struct akl *next;
  } *auto_key_locate;

+  /* True if multiple concatenated signatures may be verified. */
+  int allow_multisig_verification; 
+
 } opt;

 /* CTRL is used to keep some global variables we currently can't
--- a/po/be.po
+++ b/po/be.po
--- a/po/ca.po
+++ b/po/ca.po
--- a/po/cs.po
+++ b/po/cs.po
--- a/po/da.po
+++ b/po/da.po
--- a/po/de.po
+++ b/po/de.po
--- a/po/el.po
+++ b/po/el.po
--- a/po/eo.po
+++ b/po/eo.po
--- a/po/es.po
+++ b/po/es.po
--- a/po/et.po
+++ b/po/et.po
--- a/po/fi.po
+++ b/po/fi.po
--- a/po/fr.po
+++ b/po/fr.po
--- a/po/gl.po
+++ b/po/gl.po
--- a/po/hu.po
+++ b/po/hu.po
--- a/po/id.po
+++ b/po/id.po
--- a/po/it.po
+++ b/po/it.po
--- a/po/ja.po
+++ b/po/ja.po
--- a/po/pl.po
+++ b/po/pl.po
--- a/po/pt.po
+++ b/po/pt.po
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
--- a/po/ro.po
+++ b/po/ro.po
--- a/po/ru.po
+++ b/po/ru.po
--- a/po/sk.po
+++ b/po/sk.po
--- a/po/sv.po
+++ b/po/sv.po
--- a/po/tr.po
+++ b/po/tr.po
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
--- a/po/zh_TW.po
+++ b/po/zh_TW.po