See ChangeLog: Wed May 19 16:04:30 CEST 1999 Werner Koch

g10/ChangeLog

@@ -1,5 +1,15 @@
-Mon May 17 21:54:43 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+Wed May 19 16:04:30 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
+	* g10.c: New option --interactive.
+
+	* mainproc.c (proc_plaintext): Add workaround for pgp2 bug
+	(do_check_sig): Ditto.
+	(proc_tree): Ditto.
+	* plaintext.c (do_hash): Ditto.
+	(hash_datafiles): Ditto, add an arg, changed all callers.
+	* mdfilter.c (md_filter): Add support for the alternate hash context.
+
+Mon May 17 21:54:43 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* parse-packet.c (parse_encrypted): Support for PKT_ENCRYPTED_MDC.
 	* build-packet.c (do_encrypted_mdc): Ditto.
@@ -13,7 +23,6 @@ Mon May 17 21:54:43 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	length calculation
 	(parse_signature): Fixed even more stupid bug.
 
-
 Sat May  8 19:28:08 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* build-packet.c (do_signature): Removed MDC hack.

g10/filter.h

@@ -25,6 +25,7 @@
 
 typedef struct {
     MD_HANDLE md;      /* catch all */
+    MD_HANDLE md2;     /* if we want to calculate an alternate hash */
     size_t maxbuf_size;
 } md_filter_context_t;
 

g10/g10.c

@@ -52,6 +52,7 @@ enum cmd_and_opt_values { aNull = 0,
     aSym	  = 'c',
     aDecrypt	  = 'd',
     aEncr	  = 'e',
+    oInteractive  = 'i',
     oKOption	  = 'k',
     oDryRun	  = 'n',
     oOutput	  = 'o',
@@ -223,6 +224,7 @@ static ARGPARSE_OPTS opts[] = {
     { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
     { oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
     { oDryRun, "dry-run",   0, N_("do not make any changes") },
+    { oInteractive, "interactive", 0, N_("prompt before overwriting") },
     { oBatch, "batch",     0, N_("batch mode: never ask")},
     { oAnswerYes, "yes",       0, N_("assume yes on most questions")},
     { oAnswerNo,  "no",        0, N_("assume no on most questions")},
@@ -637,6 +639,7 @@ main( int argc, char **argv )
 	  case oOutput: opt.outfile = pargs.r.ret_str; break;
 	  case oQuiet: opt.quiet = 1; break;
 	  case oDryRun: opt.dry_run = 1; break;
+	  case oInteractive: opt.interactive = 1; break;
 	  case oVerbose: g10_opt_verbose++;
 		    opt.verbose++; opt.list_sigs=1; break;
 	  case oKOption: set_cmd( &cmd, aKMode ); break;

g10/import.c

@@ -423,8 +423,11 @@ import_one( const char *fname, KBNODE keyblock, int fast )
 	}
 	/* and try to merge the block */
 	clear_kbnode_flags( keyblock_orig );
-	clear_kbnode_flags( keyblock );
 	n_uids = n_sigs = n_subk = 0;
+	rc = collapse_uids( fname, keyblock, keyid );
+	if( rc )
+	    goto leave;
+	clear_kbnode_flags( keyblock );
 	rc = merge_blocks( fname, keyblock_orig, keyblock,
 				keyid, &n_uids, &n_sigs, &n_subk );
 	if( rc )
@@ -844,6 +847,43 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
 }
 
 
+/****************
+ * It may happen that the imported keyblock has duplicated user IDs.
+ * We check this here and collapse those user IDs together with their
+ * sigs into one.
+ * This function modifies the node flags!
+ */
+static int
+collapse_uids( const char *fname, KBNODE keyblock, u32 *keyid )
+{
+    KBNODE n, n2, n3;
+    int rc, found;
+
+    for(found = 0, n=keyblock; n && !found ; n = n->next ) {
+	if( n->pkt->pkttype == PKT_USER_ID ) {
+	    for( n2 = n->next; n2; n2 = n2->next ) {
+		if( n2->pkt->pkttype == PKT_USER_ID
+		    && !cmp_user_ids( n->pkt->pkt.user_id,
+				      n2->pkt->pkt.user_id ) ) {
+		    found = 1;
+		    break;
+		}
+	    }
+	}
+    }
+    if( !found )
+	return 0; /* nothing to do */
+
+    clear_kbnode_flags( keyblock );
+
+    /* now transfer the cloned nodes to the original ones */
+    #warning We are working HERE!!!
+
+    return 0;
+}
+
+
+
 /****************
  * compare and merge the blocks
  *
@@ -991,11 +1031,6 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
 
 /****************
  * append the userid starting with NODE and all signatures to KEYBLOCK.
- * Mark all new and copied packets by setting flag bit 0.
- * FIXME: It may happen that two identical user ID gets imported; should we
- *	  add another check and how can we handle the signature?  Maybe
- *	  we have to collapse both UIDs into one and then remove duplicated
- *	  signatures.
  */
 static int
 append_uid( KBNODE keyblock, KBNODE node, int *n_sigs,

g10/keyedit.c

@@ -474,7 +474,7 @@ change_passphrase( KBNODE keyblock )
 /****************
  * There are some keys out (due to a bug in gnupg), where the sequence
  * of the packets is wrong.  This function fixes that.
- * Returns: true if the keyblock has fixed.
+ * Returns: true if the keyblock has been fixed.
  */
 static int
 fix_keyblock( KBNODE keyblock )

g10/main.h

@@ -137,8 +137,8 @@ int verify_signatures( int nfiles, char **files );
 int decrypt_message( const char *filename );
 
 /*-- plaintext.c --*/
-int hash_datafiles( MD_HANDLE md, STRLIST files, const char *sigfilename,
-		    int textmode );
+int hash_datafiles( MD_HANDLE md, MD_HANDLE md2,
+		    STRLIST files, const char *sigfilename, int textmode );
 
 /*-- signal.c --*/
 void init_signals(void);

g10/mainproc.c

@@ -268,7 +268,7 @@ static void
 proc_plaintext( CTX c, PACKET *pkt )
 {
     PKT_plaintext *pt = pkt->pkt.plaintext;
-    int any, clearsig, rc;
+    int any, clearsig, only_md5, rc;
     KBNODE n;
 
     if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
@@ -283,13 +283,21 @@ proc_plaintext( CTX c, PACKET *pkt )
      * Should we assume that plaintext in mode 't' has always sigclass 1??
      * See: Russ Allbery's mail 1999-02-09
      */
-    any = clearsig = 0;
+    any = clearsig = only_md5 = 0;
     for(n=c->list; n; n = n->next ) {
 	if( n->pkt->pkttype == PKT_ONEPASS_SIG ) {
 	    if( n->pkt->pkt.onepass_sig->digest_algo ) {
 		md_enable( c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo );
+		if( !any && n->pkt->pkt.onepass_sig->digest_algo
+						      == DIGEST_ALGO_MD5 )
+		    only_md5 = 1;
+		else
+		    only_md5 = 0;
 		any = 1;
 	    }
+	    if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
+		only_md5 = 0;
+
 	    /* Check whether this is a cleartext signature.  We assume that
 	     * we have one if the sig_class is 1 and the keyid is 0, that
 	     * are the faked packets produced by armor.c.  There is a
@@ -309,6 +317,14 @@ proc_plaintext( CTX c, PACKET *pkt )
 	md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
 	md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
     }
+    if( only_md5 ) {
+	/* This is a kludge to work around a bug in pgp2.  It does only
+	 * catch those mails which are armored.  To catch the non-armored
+	 * pgp mails we could see whether there is the signature packet
+	 * in front of the plaintext.  If someone needs this, send me a patch.
+	 */
+	c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0);
+    }
   #if 0
     #warning md_start_debug is enabled
     md_start_debug( c->mfx.md, "verify" );
@@ -366,7 +382,7 @@ static int
 do_check_sig( CTX c, KBNODE node, int *is_selfsig )
 {
     PKT_signature *sig;
-    MD_HANDLE md;
+    MD_HANDLE md = NULL, md2 = NULL;
     int algo, rc;
 
     assert( node->pkt->pkttype == PKT_SIGNATURE );
@@ -387,10 +403,16 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
     else if( sig->sig_class == 0x01 ) {
 	/* how do we know that we have to hash the (already hashed) text
 	 * in canonical mode ??? (calculating both modes???) */
-	if( c->mfx.md )
+	if( c->mfx.md ) {
 	    md = md_copy( c->mfx.md );
-	else /* detached signature */
+	    if( c->mfx.md2 )
+	       md2 = md_copy( c->mfx.md2 );
+	}
+	else { /* detached signature */
+	  log_debug("Do we really need this here?");
 	    md = md_open( 0, 0 ); /* signature_check() will enable the md*/
+	    md2 = md_open( 0, 0 );
+	}
     }
     else if( (sig->sig_class&~3) == 0x10
 	     || sig->sig_class == 0x18
@@ -409,7 +431,10 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
     else
 	return G10ERR_SIG_CLASS;
     rc = signature_check( sig, md );
+    if( rc == G10ERR_BAD_SIGN && md2 )
+	rc = signature_check( sig, md2 );
     md_close(md);
+    md_close(md2);
 
     return rc;
 }
@@ -978,13 +1003,15 @@ proc_tree( CTX c, KBNODE node )
 	    free_md_filter_context( &c->mfx );
 	    /* prepare to create all requested message digests */
 	    c->mfx.md = md_open(0, 0);
+
 	    /* fixme: why looking for the signature packet and not 1passpacket*/
 	    for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) {
 		md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
 	    }
 	    /* ask for file and hash it */
 	    if( c->sigs_only )
-		rc = hash_datafiles( c->mfx.md, c->signed_data, c->sigfilename,
+		rc = hash_datafiles( c->mfx.md, NULL,
+				     c->signed_data, c->sigfilename,
 			n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
 	    else
 		rc = ask_for_detached_datafile( &c->mfx,
@@ -1004,8 +1031,14 @@ proc_tree( CTX c, KBNODE node )
 	if( !c->have_data ) {
 	    free_md_filter_context( &c->mfx );
 	    c->mfx.md = md_open(sig->digest_algo, 0);
+	    if( sig->digest_algo == DIGEST_ALGO_MD5
+		&& is_RSA( sig->pubkey_algo ) ) {
+		/* enable a workaround for a pgp2 bug */
+		c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 );
+	    }
 	    if( c->sigs_only )
-		rc = hash_datafiles( c->mfx.md, c->signed_data, c->sigfilename,
+		rc = hash_datafiles( c->mfx.md, c->mfx.md2,
+				     c->signed_data, c->sigfilename,
 				     sig->sig_class == 0x01 );
 	    else
 		rc = ask_for_detached_datafile( &c->mfx,

g10/mdfilter.c

@@ -53,8 +53,11 @@ md_filter( void *opaque, int control,
 	    buf[i] = c;
 	}
 
-	if( i )
+	if( i ) {
 	    md_write(mfx->md, buf, i );
+	    if( mfx->md2 )
+		md_write(mfx->md2, buf, i );
+	}
 	else
 	    rc = -1; /* eof */
 	*ret_len = i;
@@ -69,7 +72,9 @@ void
 free_md_filter_context( md_filter_context_t *mfx )
 {
     md_close(mfx->md);
+    md_close(mfx->md2);
     mfx->md = NULL;
+    mfx->md2 = NULL;
     mfx->maxbuf_size = 0;
 }
 

g10/openfile.c

@@ -39,6 +39,8 @@
   #define SKELEXT ".skel"
 #endif
 
+#warning Implement opt.interactive.
+
 /****************
  * Check whether FNAME exists and ask if it's okay to overwrite an
  * existing one.

g10/options.h

@@ -72,6 +72,7 @@ struct {
     int lock_once;
     const char *keyserver_name;
     int no_encrypt_to;
+    int interactive;
 } opt;
 
 

g10/plaintext.c

@@ -247,7 +247,7 @@ ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname )
 
 
 static void
-do_hash( MD_HANDLE md, IOBUF fp, int textmode )
+do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode )
 {
     text_filter_context_t tfx;
     int c;
@@ -256,8 +256,18 @@ do_hash( MD_HANDLE md, IOBUF fp, int textmode )
 	memset( &tfx, 0, sizeof tfx);
 	iobuf_push_filter( fp, text_filter, &tfx );
     }
-    while( (c = iobuf_get(fp)) != -1 )
-	md_putc(md, c );
+    if( md2 ) { /* work around a strange behaviour in pgp2 */
+	while( (c = iobuf_get(fp)) != -1 ) {
+	    if( c == '\n' )
+	       md_putc(md2, '\r' );
+	    md_putc(md, c );
+	    md_putc(md2, c );
+	}
+    }
+    else {
+	while( (c = iobuf_get(fp)) != -1 )
+	    md_putc(md, c );
+    }
 }
 
 
@@ -266,7 +276,7 @@ do_hash( MD_HANDLE md, IOBUF fp, int textmode )
  * If FILES is NULL, hash stdin.
  */
 int
-hash_datafiles( MD_HANDLE md, STRLIST files,
+hash_datafiles( MD_HANDLE md, MD_HANDLE md2, STRLIST files,
 		const char *sigfilename, int textmode )
 {
     IOBUF fp;
@@ -276,7 +286,7 @@ hash_datafiles( MD_HANDLE md, STRLIST files,
 	/* check whether we can open the signed material */
 	fp = open_sigfile( sigfilename );
 	if( fp ) {
-	    do_hash( md, fp, textmode );
+	    do_hash( md, md2, fp, textmode );
 	    iobuf_close(fp);
 	    return 0;
 	}
@@ -295,7 +305,7 @@ hash_datafiles( MD_HANDLE md, STRLIST files,
 		free_strlist(sl);
 	    return G10ERR_OPEN_FILE;
 	}
-	do_hash( md, fp, textmode );
+	do_hash( md, md2, fp, textmode );
 	iobuf_close(fp);
     }