gpg: Disable an MD5 workaround for pgp2 by default.

* g10/sig-check.c (do_check): Move some code to ...
* g10/misc.c (print_md5_rejected_note): new function.
* g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
only if option --allow-weak-digest-algos is used.

g10/main.h

@@ -74,6 +74,7 @@ extern int g10_errors_seen;
 void print_pubkey_algo_note (pubkey_algo_t algo);
 void print_cipher_algo_note (cipher_algo_t algo);
 void print_digest_algo_note (digest_algo_t algo);
+void print_md5_rejected_note (void);
 
 /*-- armor.c --*/
 char *make_radix64_string( const byte *data, size_t len );

g10/mainproc.c

@@ -694,7 +694,8 @@ proc_plaintext( CTX c, PACKET *pkt )
 	gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
 	gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
       }
-    if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
+    if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify
+        && opt.flags.allow_weak_digest_algos) {
 	/* This is a kludge to work around a bug in pgp2.  It does only
 	 * catch those mails which are armored.  To catch the non-armored
 	 * pgp mails we could see whether there is the signature packet
@@ -2132,7 +2133,8 @@ proc_tree( CTX c, KBNODE node )
 	    if( !opt.pgp2_workarounds )
 		;
 	    else if( sig->digest_algo == DIGEST_ALGO_MD5
-		     && is_RSA( sig->pubkey_algo ) ) {
+		     && is_RSA( sig->pubkey_algo)
+                     && opt.flags.allow_weak_digest_algos) {
 		/* enable a workaround for a pgp2 bug */
                 if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
                   BUG ();
@@ -2145,16 +2147,17 @@ proc_tree( CTX c, KBNODE node )
               if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
                 BUG ();
 	    }
-#if 0 /* workaround disabled */
-	    /* Here we have another hack to work around a pgp 2 bug
-	     * It works by not using the textmode for detached signatures;
-	     * this will let the first signature check (on md) fail
-	     * but the second one (on md2) which adds an extra CR should
-	     * then produce the "correct" hash.  This is very, very ugly
-	     * hack but it may help in some cases (and break others)
-	     */
-		    /*	c->mfx.md2? 0 :(sig->sig_class == 0x01) */
-#endif
+
+	    /* Here we used to have another hack to work around a pgp
+	     * 2 bug: It worked by not using the textmode for detached
+	     * signatures; this would let the first signature check
+	     * (on md) fail but the second one (on md2), which adds an
+	     * extra CR would then have produced the "correct" hash.
+	     * This is very, very ugly hack but it may haved help in
+	     * some cases (and break others).
+	     *	 c->mfx.md2? 0 :(sig->sig_class == 0x01)
+             */
+
             if ( DBG_HASHING ) {
                 gcry_md_debug( c->mfx.md, "verify" );
                 if ( c->mfx.md2  )

g10/misc.c

@@ -342,6 +342,21 @@ print_digest_algo_note (digest_algo_t algo)
 }
 
 
+void
+print_md5_rejected_note (void)
+{
+  static int shown;
+
+  if (!shown)
+    {
+      log_info
+        (_("Note: signatures using the %s algorithm are rejected\n"),
+         "MD5");
+      shown = 1;
+    }
+}
+
+
 /* Map OpenPGP algo numbers to those used by Libgcrypt.  We need to do
    this for algorithms we implemented in Libgcrypt after they become
    part of OpenPGP.  */

g10/sig-check.c

@@ -269,16 +269,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
     if (sig->digest_algo == GCRY_MD_MD5
         && !opt.flags.allow_weak_digest_algos)
       {
-        static int shown;
-
-        if (!shown)
-          {
-            log_info
-              (_("Note: signatures using the %s algorithm are rejected\n"),
-               "MD5");
-            shown = 1;
-          }
-
+        print_md5_rejected_note ();
         return GPG_ERR_DIGEST_ALGO;
       }