From 946916a53d4643c7855fc446ac24193248aa3831 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 25 Feb 1999 17:51:55 +0000
Subject: [PATCH] See ChangeLog: Thu Feb 25 18:47:39 CET 1999  Werner Koch

---
 BUGS           |  3 ++-
 NEWS           |  1 +
 TODO           | 11 ++++++++++-
 cipher/md5.c   |  1 +
 g10/ChangeLog  | 14 ++++++++++++++
 g10/g10.c      |  3 ++-
 g10/mainproc.c |  4 ++++
 g10/openfile.c |  7 ++++++-
 g10/options.h  |  1 +
 g10/pkclist.c  | 35 ++++++++++++++++++++++++++++-------
 g10/ringedit.c |  6 ++++++
 g10/trustdb.c  | 15 +++++++++++++++
 12 files changed, 90 insertions(+), 11 deletions(-)

diff --git a/BUGS b/BUGS
index e60e0ebdc..da991bd08 100644
--- a/BUGS
+++ b/BUGS
@@ -64,6 +64,7 @@ an "info standards" to find out why a disclaimer is needed for GNU.)
     tries to find public keys specified with the -r option. I don't like
     this.
 
-
+[ **] #9 1999-02-25
+    Misalignment in md5.c#md5_write.
 
 
diff --git a/NEWS b/NEWS
index 6cdbcf9f1..5fb4e48e4 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@
     * New configure option --enable-static-rnd=[egd|linux|unix|none]
       to select a random gathering module for static linking.
 
+
 Noteworthy changes in version 0.9.3
 -----------------------------------
 
diff --git a/TODO b/TODO
index 809f2f285..94aca828a 100644
--- a/TODO
+++ b/TODO
@@ -17,9 +17,18 @@
   * Use capabilities if available.  glibc2 does not support it yet?
     What about 2.2 or should we use the system calls directly?
 
-  * wehndecryptiong multiple key: print a warning only if no usable pubkey
+  * when decryptiong multiple key: print a warning only if no usable pubkey
     encrypte package was found.  Extension: display a list of all recipients.
 
+  * in pkclist.c : display info about the key before saying that
+    we have (no) trust info.
+
+  * for new key: the last keyring specified is used.  Order is: default
+    keyrings, keyrings from options, keyrings from the command line.
+
+  * display a kind of message-id from a signature (the timestamp may not
+    be suffiecient but DSA signatures are always different).  This can
+    be used to prevent replay attacks.	(something is mentioned in rfc2440).
 
 
 Nice to have
diff --git a/cipher/md5.c b/cipher/md5.c
index 6a53deda8..f49f71c73 100644
--- a/cipher/md5.c
+++ b/cipher/md5.c
@@ -270,6 +270,7 @@ md5_write( MD5_CONTEXT *ctx, const void *buffer, size_t len)
 
 	buffer = (const char *) buffer + add;
 	len -= add;
+	/* FIXME: misalignment occurs ... tsssss */
       }
 
     /* Process available complete blocks.  */
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 3d6c04268..6834b7257 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,17 @@
+Thu Feb 25 18:47:39 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* pkclist.c (algo_available): New.
+	(select_algo_from_prefs): Check whether algo is available.
+
+	* ringedit.c (keyring_copy): Take care of opt.dry_run.
+	(do_gdbm_store): Ditto.
+	* openfile.c (open_outfile). Ditto.
+	(copy_options_file): Ditto.
+	* trustdb.c (update_trustdb): Ditto.
+	(clear_trust_checked_flag): Ditto.
+	(update_trust_record): Ditto.
+	(insert_trust_record): Ditto.
+
 Wed Feb 24 11:07:27 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* keylist.c (secret_key_list): Now really list the secret key.
diff --git a/g10/g10.c b/g10/g10.c
index 2694fe09e..c86961d91 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -232,7 +232,7 @@ static ARGPARSE_OPTS opts[] = {
     { oVerbose, "verbose",   0, N_("verbose") },
     { oQuiet,	"quiet",   0, N_("be somewhat more quiet") },
     { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
- /* { oDryRun, "dry-run",   0, N_("do not make any changes") }, */
+    { oDryRun, "dry-run",   0, N_("do not make any changes") },
     { oBatch, "batch",     0, N_("batch mode: never ask")},
     { oAnswerYes, "yes",       0, N_("assume yes on most questions")},
     { oAnswerNo,  "no",        0, N_("assume no on most questions")},
@@ -695,6 +695,7 @@ main( int argc, char **argv )
 	  case oArmor: opt.armor = 1; opt.no_armor=0; break;
 	  case oOutput: opt.outfile = pargs.r.ret_str; break;
 	  case oQuiet: opt.quiet = 1; break;
+	  case oDryRun: opt.dry_run = 1; break;
 	  case oVerbose: g10_opt_verbose++;
 		    opt.verbose++; opt.list_sigs=1; break;
 	  case oKOption: set_cmd( &cmd, aKMode ); break;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index dace37a23..fa90d003e 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -199,6 +199,10 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
 	    log_info( _("public key encrypted data: good DEK\n") );
     }
     else {
+	/* fixme: defer this message until we have parsed all packets of
+	 * this type - do this by building a list of keys with their stati
+	 * and store it with the conetxt.  do_proc_packets can then use
+	 * this list to display some information */
 	log_error(_("public key decryption failed: %s\n"), g10_errstr(result));
     }
     free_packet(pkt);
diff --git a/g10/openfile.c b/g10/openfile.c
index 8e5a51afe..afe531465 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -93,7 +93,9 @@ open_outfile( const char *iname, int mode, IOBUF *a )
 	char *buf=NULL;
 	const char *name;
 
-	if( opt.outfile )
+	if( opt.dry_run )
+	    name = "/dev/null";
+	else if( opt.outfile )
 	    name = opt.outfile;
 	else {
 	  #ifdef USE_ONLY_8DOT3
@@ -162,6 +164,9 @@ copy_options_file( const char *destdir )
     int linefeeds=0;
     int c;
 
+    if( opt.dry_run )
+	return;
+
     fname = m_alloc( strlen(datadir) + strlen(destdir) + 15 );
     strcpy(stpcpy(fname, datadir), "/options" SKELEXT );
     src = fopen( fname, "r" );
diff --git a/g10/options.h b/g10/options.h
index 4fc35c159..c01bbd2a6 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -31,6 +31,7 @@ struct {
     int armor;
     int compress;
     char *outfile;
+    int dry_run;
     int textmode;
     int batch;	    /* run in batch mode */
     int answer_yes; /* answer yes on most questions */
diff --git a/g10/pkclist.c b/g10/pkclist.c
index aa21510d4..4f19753ba 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -367,7 +367,9 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
 static int
 do_we_trust_pre( PKT_public_key *pk, int trustlevel )
 {
-    int rc = do_we_trust( pk, trustlevel );
+    int rc;
+
+    rc = do_we_trust( pk, trustlevel );
 
     if( (trustlevel & TRUST_FLAG_REVOKED) && !rc )
 	return 0;
@@ -650,6 +652,23 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 }
 
 
+
+static int
+algo_available( int preftype, int algo )
+{
+    if( preftype == PREFTYPE_SYM ) {
+	return algo && !check_cipher_algo( algo );
+    }
+    else if( preftype == PREFTYPE_HASH ) {
+	return algo && !check_digest_algo( algo );
+    }
+    else if( preftype == PREFTYPE_COMPR ) {
+	return !algo || algo == 1 || algo == 2;
+    }
+    else
+	return 0;
+}
+
 /****************
  * Return -1 if we could not find an algorithm.
  */
@@ -726,9 +745,10 @@ select_algo_from_prefs( PK_LIST pk_list, int preftype )
 	    if( pref[j] == preftype ) {
 		any = 1;
 		if( (bits[pref[j+1]/32] & (1<<(pref[j+1]%32))) ) {
-		    /* fixme: check whether this algoritm is available */
-		    i = pref[j+1];
-		    break;
+		    if( algo_available( preftype, pref[j+1] ) ) {
+			i = pref[j+1];
+			break;
+		    }
 		}
 	    }
 	}
@@ -736,9 +756,10 @@ select_algo_from_prefs( PK_LIST pk_list, int preftype )
     if( !pref || !any ) {
 	for(j=0; j < 256; j++ )
 	    if( (bits[j/32] & (1<<(j%32))) ) {
-		/* fixme: check whether this algoritm is available */
-		i = j;
-		break;
+		if( algo_available( preftype, j ) ) {
+		    i = j;
+		    break;
+		}
 	    }
     }
   #if 0
diff --git a/g10/ringedit.c b/g10/ringedit.c
index d5ac6ac77..bc7d40e05 100644
--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@@ -1297,6 +1297,9 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
     if( kbpos->fp )
 	BUG(); /* not allowed with such a handle */
 
+    if( opt.dry_run )
+	return 0;
+
     lock_rentry( rentry );
 
     /* open the source file */
@@ -1535,6 +1538,9 @@ do_gdbm_store( KBPOS *kbpos, KBNODE root, int update )
     if( !(rentry = check_pos( kbpos )) )
 	return G10ERR_GENERAL;
 
+    if( opt.dry_run )
+	return 0;
+
     /* construct the fingerprint which is used as the primary key */
     node = find_kbnode( root, PKT_PUBLIC_KEY );
     if( !node )
diff --git a/g10/trustdb.c b/g10/trustdb.c
index fee87f933..c96de91f4 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1506,8 +1506,10 @@ list_trust_path( const char *username )
     int rc;
     ulong lid;
     TRUSTREC rec;
+  #if 0
     TRUST_INFO *tmppath;
     TRUST_SEG_LIST trust_seg_list, tsl, tsl2;
+  #endif
     PKT_public_key *pk = m_alloc_clear( sizeof *pk );
 
     INIT_TRUSTDB();
@@ -1688,6 +1690,9 @@ update_trustdb( )
     KBPOS kbpos;
     int rc;
 
+    if( opt.dry_run )
+	return;
+
     INIT_TRUSTDB();
     rc = enum_keyblocks( 0, &kbpos, &keyblock );
     if( !rc ) {
@@ -2121,6 +2126,9 @@ clear_trust_checked_flag( PKT_public_key *pk )
     TRUSTREC rec;
     int rc;
 
+    if( opt.dry_run )
+	return 0;
+
     INIT_TRUSTDB();
     rc = get_dir_record( pk, &rec );
     if( rc )
@@ -3108,6 +3116,9 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
     RECNO_LIST recno_list = NULL; /* list of verified records */
     /* fixme: replace recno_list by a lookup on node->recno */
 
+    if( opt.dry_run )
+	return 0;
+
     INIT_TRUSTDB();
     if( modified )
 	*modified = 0;
@@ -3237,6 +3248,10 @@ insert_trust_record( PKT_public_key *pk )
     int rc = 0;
     ulong hintlist = 0;
 
+
+    if( opt.dry_run )
+	return 0;
+
     INIT_TRUSTDB();
 
     if( pk->local_id )