See ChangeLog: Mon Jun 5 12:37:43 CEST 2000 Werner Koch

2025-03-28 22:49:59 +01:00 · 2000-06-05 10:27:46 +00:00 · 2000-06-05 10:27:46 +00:00 · b65f9a8b0d
commit b65f9a8b0d
parent a74c85b4a0
21 changed files with 201 additions and 82 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
 Mon Jun  5 12:37:43 CEST 2000  Werner Koch  <wk@openit.de>
  * acnclude.m4 (GNUPG_CHECK_EXPORTDYNAMIC): Replacement for
  GNUPG_CHECK_RDYNAMIC which should handle gcc with non GNU ld nicer.
  Contributed by Dave Dykstra.
  * configure.in (GNYPG_CHECK_RDYNAMIC): Replaced by the new check.
  * configure.in (AC_CHECK_AWK): Moved before the first use of AWK. Suggested
  by Dave Dykstra.
 Tue May 30 16:37:55 CEST 2000  Werner Koch  <wk@openit.de>
  Version 1.0.1-ePit-1
--- a/10
+++ b/10
@ -1,5 +1,5 @@
-Noteworthy changes in version 1.0.1-ePit-1
+Noteworthy changes in the current test release
------------------------------------------
+----------------------------------------------
    * Fixed expiration handling of encryption keys.
@ -45,6 +45,12 @@ Noteworthy changes in version 1.0.1-ePit-1
    * There is a new status PROGRESS which is used to show progress during
      key generation.
    * Support for the new MDC encryption packets.  To create them either
      --force-mdc must be use or cipher algorithm with a blocksize other
      than 64 bits is to be used.  --openpgp currently disables MDC packets
      entirely.
 Noteworthy changes in version 1.0.1 (1999-12-16)
 -----------------------------------
--- a/5
+++ b/5
@ -7,12 +7,11 @@
  * Fix localtime() in W32.
  * export sollte exit(1) machen bei einem Fehler - testen! Es wird ein
    leerer File erzeugt.  Nur unter Windows?
  * No TCP support yet for W32? arggg - should go into a separate program
    anyway.
  * Replace Valid/Invalid by Known/Unknown?
 Scheduled for 1.1
 -----------------
--- a/2
+++ b/2
@ -1 +1 @@
-1.0.1-ePit-1
+1.0.1h
--- a/acinclude.m4
+++ b/acinclude.m4
@ -206,39 +206,38 @@ define(GNUPG_CHECK_PIC,
 ######################################################################
-# Check for rdynamic flag
+# Check for export-dynamic flag
-# This sets CFLAGS_RDYNAMIC to the required flags
+# This sets CFLAGS_EXPORTDYNAMIC to the required flags
 ######################################################################
-dnl GNUPG_CHECK_RDYNAMIC
+dnl GNUPG_CHECK_EXPORTDYNAMIC
 dnl
-define(GNUPG_CHECK_RDYNAMIC,
+define(GNUPG_CHECK_EXPORTDYNAMIC,
-  [ AC_MSG_CHECKING(how to specify -rdynamic)
+  [ AC_MSG_CHECKING(how to specify -export-dynamic)
    CFLAGS_RDYNAMIC=
    if test "$cross_compiling" = yes; then
-        AC_MSG_RESULT(assume none)
+      AC_MSG_RESULT(assume none)
      CFLAGS_EXPORTDYNAMIC=""
    else
-        case "$host_os" in
+      AC_CACHE_VAL(gnupg_cv_export_dynamic,[
-          solaris* )
+      if AC_TRY_COMMAND([${CC-cc} $CFLAGS -Wl,--version 2>&1 |
-            CFLAGS_RDYNAMIC="-Wl,-dy"
+                                          grep "GNU ld" >/dev/null]); then
-            ;;
+          # using gnu's linker
-
+          gnupg_cv_export_dynamic="-Wl,-export-dynamic"
-          hpux* )
+      else
-            CFLAGS_RDYNAMIC="-Wl,-E"
+          case "$host_os" in
-            ;;
+            hpux* )
-
+              gnupg_cv_export_dynamic="-Wl,-E"
-          openbsd* | freebsd2* | osf4* | irix* | netbsd* | bsdi* )
+              ;;
-            CFLAGS_RDYNAMIC=""
+            * )
-            ;;
+              gnupg_cv_export_dynamic=""
-
+              ;;
-          * )
+          esac
-            CFLAGS_RDYNAMIC="-Wl,-export-dynamic"
+      fi
-            ;;
+      ])
-        esac
+      AC_MSG_RESULT($gnupg_cv_export_dynamic)
-        AC_MSG_RESULT($CFLAGS_RDYNAMIC)
+      CFLAGS_EXPORTDYNAMIC="$gnupg_cv_export_dynamic"
    fi
  ])
 #####################################################################
 # Check for SysV IPC  (from GIMP)
 #   And see whether we have a SHM_LOCK (FreeBSD does not have it).
--- a/checks/Makefile.am
+++ b/checks/Makefile.am
@ -11,7 +11,7 @@ TESTS = version.test mds.test \
 	signencrypt.test signencrypt-dsa.test \
 	armsignencrypt.test armdetach.test \
 	armdetachm.test detachm.test genkey1024.test \
-	conventional.test
+	conventional.test conventional-mdc.test
 TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
--- a/checks/conventional-mdc.test
+++ b/checks/conventional-mdc.test
@ -0,0 +1,16 @@
 #!/bin/sh
 . $srcdir/defs.inc || exit 3
 #info Checking conventional encryption
 for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do
  for ciph in 3des cast5 blowfish twofish; do
    dd if=data-80000 of=z bs=1 count=$i 2>/dev/null
    echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 \
 	--force-mdc --cipher $ciph -c -o x --yes z
    echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 \
 	-o y --yes x
    cmp z y || error "$ciph/$i: mismatch"
  done
 done
--- a/checks/conventional.test
+++ b/checks/conventional.test
@ -2,7 +2,7 @@
 . $srcdir/defs.inc || exit 3
-# temp. hack cause the format for 128 biut blocksize messages may change
+# temp. hack cause the format for 128 bit blocksize messages may change
 GNUPG_ENABLE_TWOFISH=1
 export GNUPG_ENABLE_TWOFISH
--- a/configure.in
+++ b/configure.in
@ -23,7 +23,9 @@ AC_SUBST(PACKAGE)
 AC_DEFINE_UNQUOTED(VERSION, "$VERSION")
 AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE")
-MODULES_IN_CIPHER=`awk '/^EXTRA_PROGRAMS/ { for(i=3;i<=NF;i++) print $i}' \
+AC_PROG_AWK
 MODULES_IN_CIPHER=`$AWK '/^EXTRA_PROGRAMS/ { for(i=3;i<=NF;i++) print $i}' \
                                              $srcdir/cipher/Makefile.am`
 dnl
@ -221,7 +223,7 @@ esac
 AC_SUBST(MPI_OPT_FLAGS)
 GNUPG_SYS_SYMBOL_UNDERSCORE
 GNUPG_CHECK_PIC
-GNUPG_CHECK_RDYNAMIC
+GNUPG_CHECK_EXPORTDYNAMIC
 if test "$NO_PIC" = yes; then
    try_dynload=no
 fi
@ -320,21 +322,21 @@ if test "$try_dynload" = yes ; then
  if test "$ac_cv_lib_dl_dlopen" = "yes"; then
    AC_DEFINE(USE_DYNAMIC_LINKING)
    AC_DEFINE(HAVE_DL_DLOPEN)
-    DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
+    DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC"
    use_gnupg_extensions=yes
  else
    AC_CHECK_FUNCS(dlopen)
    if test "$ac_cv_func_dlopen" = "yes"; then
      AC_DEFINE(USE_DYNAMIC_LINKING)
      AC_DEFINE(HAVE_DL_DLOPEN)
-      DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
+      DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC"
      use_gnupg_extensions=yes
    else
      AC_CHECK_LIB(dld,shl_load)
      if test "$ac_cv_lib_dld_shl_load" = "yes"; then
        AC_DEFINE(USE_DYNAMIC_LINKING)
        AC_DEFINE(HAVE_DL_SHL_LOAD)
-        DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
+        DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC"
        use_gnupg_extensions=yes
 dnl -----------------
 dnl  DLD is not ready for use. So I better disable this test
@ -343,7 +345,7 @@ dnl    AC_CHECK_LIB(dld,dld_link)
 dnl    if test "$ac_cv_lib_dld_dld_link" = "yes"; then
 dnl      AC_DEFINE(USE_DYNAMIC_LINKING)
 dnl      AC_DEFINE(HAVE_DLD_DLD_LINK)
-dnl      DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC"
+dnl      DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC"
 dnl      use_gnupg_extensions=yes
 dnl ---------------
      fi
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,18 @@
 Mon Jun  5 12:37:43 CEST 2000  Werner Koch  <wk@openit.de>
  * build-packet.c (do_mdc): New.
  (do_encrypted_mdc): Changed for the new proposal.
  * parse-packet.c (parse_mdc): New.
  (parse_encrypted): Fixed for the new proposal.
  * packet.h (PKT_MDC): New.
  * cipher.c (cipher_filter): Build the MDC packet here.
  * g10.c (main): Enable --force-mdc.
  * encr-data.c (mdc_decode_filter): Fixed for new MDC method
  * options.h(rfc2440): New.
  * g10.c (main): Changed the selected values for --openpgp to not include
  optional algorithms.
 Thu May 18 11:38:54 CEST 2000  Werner Koch  <wk@openit.de>
 	* keyedit.c (keyedit_menu): Add a keyword arg to the prompt.
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@ -44,6 +44,7 @@ static u32 calc_plaintext( PKT_plaintext *pt );
 static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt );
 static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed );
 static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed );
 static int do_mdc( IOBUF out, PKT_mdc *mdc );
 static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd );
 static int do_signature( IOBUF out, int ctb, PKT_signature *sig );
 static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops );
@ -121,6 +122,9 @@ build_packet( IOBUF out, PACKET *pkt )
      case PKT_ENCRYPTED_MDC:
 	rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted );
 	break;
      case PKT_MDC:
 	rc = do_mdc( out, pkt->pkt.mdc );
 	break;
      case PKT_COMPRESSED:
 	rc = do_compressed( out, ctb, pkt->pkt.compressed );
 	break;
@ -550,13 +554,24 @@ do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed )
    n = ed->len ? (ed->len + 10) : 0;
    write_header(out, ctb, n );
    iobuf_put(out, 1 );  /* version */
    iobuf_put(out, ed->mdc_method );
    /* This is all. The caller has to write the real data */
    return rc;
 }
 static int
 do_mdc( IOBUF out, PKT_mdc *mdc )
 {
    /* This packet requires a fixed header encoding */
    iobuf_put( out, 0xd3 ); /* packet ID and 1 byte length */
    iobuf_put( out, 0x14 ); /* length = 20 */
    if( iobuf_write( out, mdc->hash, sizeof(mdc->hash) ) )
 	return G10ERR_WRITE_FILE;
    return 0;
 }
 static int
 do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
 {
--- a/g10/cipher.c
+++ b/g10/cipher.c
@ -49,22 +49,27 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
    unsigned nprefix;
    int use_mdc = opt.force_mdc;
    blocksize = cipher_get_blocksize( cfx->dek->algo );
    if( blocksize < 8 || blocksize > 16 )
 	log_fatal("unsupported blocksize %u\n", blocksize );
    if( blocksize != 8 )
 	use_mdc = 1;  /* enable it for all modern ciphers */
    if( opt.rfc2440 )
 	use_mdc = 0;  /* override - rfc2440 does not know about MDC */
    memset( &ed, 0, sizeof ed );
    ed.len = cfx->datalen;
    ed.new_ctb = !ed.len && !opt.rfc1991;
    if( use_mdc ) {
 	ed.mdc_method = DIGEST_ALGO_SHA1;
 	cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 );
-	/*md_start_debug( cfx->mdc_hash, "mdccreat" );*/
+	/*md_start_debug( cfx->mdc_hash, "creatmdc" );*/
    }
    init_packet( &pkt );
    pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
    pkt.pkt.encrypted = &ed;
    if( build_packet( a, &pkt ))
 	log_bug("build_packet(ENCR_DATA) failed\n");
    blocksize = cipher_get_blocksize( cfx->dek->algo );
    if( blocksize < 8 || blocksize > 16 )
 	log_fatal("unsupported blocksize %u\n", blocksize );
    nprefix = blocksize;
    randomize_buffer( temp, nprefix, 1 );
    temp[nprefix] = temp[nprefix-2];
@ -75,8 +80,6 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
    cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
    cipher_setiv( cfx->cipher_hd, NULL, 0 );
 /*  log_hexdump( "prefix", temp, nprefix+2 ); */
    if( cfx->mdc_hash )
 	md_write( cfx->mdc_hash, temp, nprefix+2 );
    cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2);
    cipher_sync( cfx->cipher_hd );
    iobuf_write(a, temp, nprefix+2);
@ -115,12 +118,22 @@ cipher_filter( void *opaque, int control,
 	if( cfx->mdc_hash ) {
 	    byte *hash;
 	    int hashlen = md_digest_length( md_get_algo( cfx->mdc_hash ) );
 	    byte temp[22];
 	    assert( hashlen == 20 );
 	    /* we must hash the prefix of the MDC packet here */
 	    temp[0] = 0xd3;
 	    temp[1] = 0x14;
 	    md_putc( cfx->mdc_hash, temp[0] );
 	    md_putc( cfx->mdc_hash, temp[1] );
 	    md_final( cfx->mdc_hash );
 	    hash = md_read( cfx->mdc_hash, 0 );
-	    cipher_encrypt( cfx->cipher_hd, hash, hash, hashlen );
+	    memcpy(temp+2, hash, 20);
-	    if( iobuf_write( a, hash, hashlen ) )
+	    cipher_encrypt( cfx->cipher_hd, temp, temp, 22 );
 		rc = G10ERR_WRITE_FILE;
 	    md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL;
 	    if( iobuf_write( a, temp, 22 ) )
 		log_error("writing MDC packet failed\n" );
 	}
 	cipher_close(cfx->cipher_hd);
 	write_status( STATUS_END_ENCRYPTION );
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@ -32,9 +32,9 @@
 #include "i18n.h"
 static int decode_filter( void *opaque, int control, IOBUF a,
 					byte *buf, size_t *ret_len);
 static int mdc_decode_filter( void *opaque, int control, IOBUF a,
 					      byte *buf, size_t *ret_len);
 static int decode_filter( void *opaque, int control, IOBUF a,
 					byte *buf, size_t *ret_len);
 typedef struct {
@ -76,8 +76,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
    if( ed->len && ed->len < (nprefix+2) )
 	BUG();
-    if( ed->mdc_method )
+    if( ed->mdc_method ) {
 	dfx.mdc_hash = md_open( ed->mdc_method, 0 );
 	/*md_start_debug(dfx.mdc_hash, "checkmdc");*/
    }
    dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
 /* log_hexdump( "thekey", dek->key, dek->keylen );*/
    rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
@ -107,8 +109,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 		temp[i] = c;
    }
    cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
    if( dfx.mdc_hash )
 	md_write( dfx.mdc_hash, temp, nprefix+2 );
    cipher_sync( dfx.cipher_hd );
    p = temp;
 /* log_hexdump( "prefix", temp, nprefix+2 ); */
@ -116,29 +116,36 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 	rc = G10ERR_BAD_KEY;
 	goto leave;
    }
    if( ed->mdc_method )
 	iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );
    else
 	iobuf_push_filter( ed->buf, decode_filter, &dfx );
-    proc_packets( procctx, ed->buf);
+
    proc_packets( procctx, ed->buf );
    ed->buf = NULL;
    if( ed->mdc_method && dfx.eof_seen == 2 )
 	rc = G10ERR_INVALID_PACKET;
    else if( ed->mdc_method ) { /* check the mdc */
 	int datalen = md_digest_length( ed->mdc_method );
 	cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 20);
 	md_final( dfx.mdc_hash );
 	if( datalen != 20
 	    || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
 	    rc = G10ERR_BAD_SIGN;
-	log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);
+	/*log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);*/
-	log_hexdump("MDC message   :", dfx.defer, 20);
+	/*log_hexdump("MDC message   :", dfx.defer, 20);*/
    }
  leave:
    cipher_close(dfx.cipher_hd);
    md_close( dfx.mdc_hash );
    return rc;
 }
 /* I think we should merge this with cipher_filter */
 static int
 mdc_decode_filter( void *opaque, int control, IOBUF a,
@ -166,10 +173,13 @@ mdc_decode_filter( void *opaque, int control, IOBUF a,
 	if( n == 40 ) {
 	    /* we have enough stuff - flush the deferred stuff */
 	    /* (we have asserted that the buffer is large enough) */
-	    if( !dfx->defer_filled ) /* the first time */
+	    if( !dfx->defer_filled ) { /* the first time */
 		memcpy(buf, buf+20, 20 );
-	    else
+		n = 20;
 	    }
 	    else {
 		memcpy(buf, dfx->defer, 20 );
 	    }
 	    /* now fill up */
 	    for(; n < size; n++ ) {
 		if( (c = iobuf_get(a)) == -1 )
@ -183,7 +193,7 @@ mdc_decode_filter( void *opaque, int control, IOBUF a,
 	    dfx->defer_filled = 1;
 	}
 	else if( !dfx->defer_filled ) { /* eof seen buf empty defer */
-	    /* this is very bad because there is an incomplete hash */
+	    /* this is bad because there is an incomplete hash */
 	    n -= 20;
 	    memcpy(buf, buf+20, n );
 	    dfx->eof_seen = 2; /* eof with incomplete hash */
--- a/g10/filter.h
+++ b/g10/filter.h
@ -83,6 +83,8 @@ typedef struct {
    CIPHER_HANDLE cipher_hd;
    int header;
    MD_HANDLE mdc_hash;
    byte enchash[20];
    int create_mdc; /* flag will be set by the cipher filter */
 } cipher_filter_context_t;
--- a/g10/g10.c
+++ b/g10/g10.c
@ -821,11 +821,13 @@ main( int argc, char **argv )
 	    break;
 	  case oRFC1991:
 	    opt.rfc1991 = 1;
 	    opt.rfc2440 = 0;
 	    opt.no_comment = 1;
 	    opt.escape_from = 1;
 	    break;
 	  case oOpenPGP:
 	    opt.rfc1991 = 0;
 	    opt.rfc2440 = 1;
 	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 0;
 	    opt.force_v3_sigs = 0;
@ -834,10 +836,10 @@ main( int argc, char **argv )
 	    opt.not_dash_escaped = 0;
 	    opt.def_cipher_algo = 0;
 	    opt.def_digest_algo = 0;
-	    opt.def_compress_algo = 2;
+	    opt.def_compress_algo = 1;
 	    opt.s2k_mode = 3; /* iterated+salted */
-	    opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
+	    opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
-	    opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
+	    opt.s2k_cipher_algo = CIPHER_ALGO_CAST5;
 	    break;
 	  case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
 	  case oEmu3DESS2KBug:	opt.emulate_bugs |= EMUBUG_3DESS2K; break;
@ -936,11 +938,6 @@ main( int argc, char **argv )
 	log_info("used in a production environment or with production keys!\n");
    }
  #endif
    if( opt.force_mdc ) {
 	log_info("--force-mdc ignored because"
 		 " the OpenPGP WG has not yet aggreed on MDCs\n");
 	opt.force_mdc = 0;
    }
    if (opt.no_literal) {
 	log_info(_("NOTE: %s is not for normal use!\n"), "--no-literal");
 	if (opt.textmode)
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -333,6 +333,7 @@ proc_encrypted( CTX c, PACKET *pkt )
 	result = G10ERR_NO_SECKEY;
    if( !result )
 	result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
    m_free(c->dek); c->dek = NULL;
    if( result == -1 )
 	;
@ -350,7 +351,7 @@ proc_encrypted( CTX c, PACKET *pkt )
    else {
 	write_status( STATUS_DECRYPTION_FAILED );
 	log_error(_("decryption failed: %s\n"), g10_errstr(result));
-	/* Hmmm: does this work when we have encrypted using a multiple
+	/* Hmmm: does this work when we have encrypted using multiple
 	 * ways to specify the session key (symmmetric and PK)*/
    }
    free_packet(pkt);
@ -884,6 +885,7 @@ list_node( CTX c, KBNODE node )
 }
 int
 proc_packets( void *anchor, IOBUF a )
 {
@ -896,6 +898,8 @@ proc_packets( void *anchor, IOBUF a )
    return rc;
 }
 int
 proc_signature_packets( void *anchor, IOBUF a,
 			STRLIST signedfiles, const char *sigfilename )
--- a/g10/options.h
+++ b/g10/options.h
@ -64,6 +64,7 @@ struct {
    int compress_sigs;
    int always_trust;
    int rfc1991;
    int rfc2440;
    int pgp2_workarounds;
    unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */
    int shm_coprocess;
--- a/g10/packet.h
+++ b/g10/packet.h
@ -47,8 +47,9 @@ typedef enum {
 	PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */
 	PKT_OLD_COMMENT   =16, /* comment packet from an OpenPGP draft */
 	PKT_PHOTO_ID	  =17, /* PGP's photo ID */
 	PKT_ENCRYPTED_MDC =18, /* integrity protected encrypted data */
 	PKT_MDC 	  =19, /* manipulaion detection code packet */
 	PKT_COMMENT	  =61, /* new comment packet (private) */
 	PKT_ENCRYPTED_MDC =62, /* test: encrypted data with MDC */
 } pkttype_t;
 typedef struct packet_struct PACKET;
@ -171,10 +172,14 @@ typedef struct {
 typedef struct {
    u32  len;		  /* length of encrypted data */
    byte new_ctb;	  /* uses a new CTB */
-    byte mdc_method;	  /* test: > 0: this is is an encrypted_mdc packet */
+    byte mdc_method;	  /* > 0: integrity protected encrypted data packet */
    IOBUF buf;		  /* IOBUF reference */
 } PKT_encrypted;
 typedef struct {
    byte hash[20];
 } PKT_mdc;
 typedef struct {
    unsigned int trustval;
 } PKT_ring_trust;
@ -205,6 +210,7 @@ struct packet_struct {
 	PKT_user_id	*user_id;	/* PKT_USER_ID */
 	PKT_compressed	*compressed;	/* PKT_COMPRESSED */
 	PKT_encrypted	*encrypted;	/* PKT_ENCRYPTED[_MDC] */
 	PKT_mdc 	*mdc;		/* PKT_MDC */
 	PKT_ring_trust	*ring_trust;	/* PKT_RING_TRUST */
 	PKT_plaintext	*plaintext;	/* PKT_PLAINTEXT */
    } pkt;
@ -333,7 +339,6 @@ int handle_compressed( void *ctx, PKT_compressed *cd,
 /*-- encr-data.c --*/
 int decrypt_data( void *ctx, PKT_encrypted *ed, DEK *dek );
 int encrypt_data( PKT_encrypted *ed, DEK *dek );
 /*-- plaintext.c --*/
 int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -73,6 +73,8 @@ static int  parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
 					       PACKET *packet, int new_ctb );
 static int  parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
 					       PACKET *packet, int new_ctb);
 static int  parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen,
 					       PACKET *packet, int new_ctb);
 static unsigned short
 read_16(IOBUF inp)
@ -441,6 +443,9 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
      case PKT_ENCRYPTED_MDC:
 	rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb );
 	break;
      case PKT_MDC:
 	rc = parse_mdc(inp, pkttype, pktlen, pkt, new_ctb );
 	break;
      default:
 	skip_packet(inp, pkttype, pktlen);
 	break;
@ -1697,9 +1702,8 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
    ed->new_ctb = new_ctb;
    ed->mdc_method = 0;
    if( pkttype == PKT_ENCRYPTED_MDC ) {
 	/* test: this is the new encrypted_mdc packet */
 	/* fixme: add some pktlen sanity checks */
-	int version, method;
+	int version;
 	version = iobuf_get_noeof(inp); pktlen--;
 	if( version != 1 ) {
@ -1707,12 +1711,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
 								version);
 	    goto leave;
 	}
-	method = iobuf_get_noeof(inp); pktlen--;
+	ed->mdc_method = DIGEST_ALGO_SHA1;
 	if( method != DIGEST_ALGO_SHA1 ) {
 	    log_error("encrypted_mdc does not use SHA1 method\n" );
 	    goto leave;
 	}
 	ed->mdc_method = method;
    }
    if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
 	log_error("packet(%d) too short\n", pkttype);
@ -1735,3 +1734,26 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
    return 0;
 }
 static int
 parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen,
 				   PACKET *pkt, int new_ctb )
 {
    PKT_mdc *mdc;
    byte *p;
    mdc = pkt->pkt.mdc=  m_alloc(sizeof *pkt->pkt.mdc );
    if( list_mode )
 	printf(":mdc packet: length=%lu\n", pktlen);
    if( !new_ctb || pktlen != 20 ) {
 	log_error("mdc_packet with invalid encoding\n");
 	goto leave;
    }
    p = mdc->hash;
    for( ; pktlen; pktlen--, p++ )
 	*p = iobuf_get_noeof(inp);
  leave:
    return 0;
 }
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -518,6 +518,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
 	    keyid_from_pk( pk, keyid );
 	    md = md_open( algo, 0 );
 	    md_start_debug( md, "rsa" );
 	    hash_public_key( md, pk );
 	    hash_uid_node( unode, md, sig );
 	    if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
--- a/scripts/mk-w32-dist
+++ b/scripts/mk-w32-dist
@ -22,7 +22,9 @@ ln ../g10/gpg gpg.exe
 i386--mingw32-strip gpg.exe
 man -T latin1 -l ../doc/gpg.1 >gpg.man
 todos gpg.man
-ln ${srcdir}/README .
+cp ${srcdir}/README .
 todos README
 ln ${srcdir}/doc/README.W32 .
 todos README.W32
 for i in ${srcdir}/po/*.gmo; do ln $i "$(basename $i .gmo).mo" ; done
 zip "gnupg-w32-$(cat ${srcdir}/VERSION).zip" *