More multiple signature fixes

2025-01-30 16:17:02 +01:00 · 2000-10-16 09:25:36 +00:00 · 2000-10-16 09:25:36 +00:00 · c9c435d91f
commit c9c435d91f
parent d94440db99
4 changed files with 97 additions and 18 deletions
--- a/2
+++ b/2
@ -7,6 +7,8 @@

    * Rijndael (AES) is now supported and listed as first preference.

+    * --with-colons now works with --print-md[s].
+
 Noteworthy changes in version 1.0.3 (2000-09-18)
 ------------------------------------------------

--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,11 @@
+2000-10-16  Werner Koch  <wk@gnupg.org>
+
+	* g10.c (print_hashline): New.
+	(print_mds): Use above func with --with-colons.
+
+	* mainproc.c (check_sig_and_print): Detect multiple signatures
+	and don't verify them.
+
 2000-10-14  Werner Koch  <wk@gnupg.org>

 	* mainproc.c (add_onepass_sig): There is an easier solution to the
--- a/g10/g10.c
+++ b/g10/g10.c
@ -1607,6 +1607,30 @@ print_hex( byte *p, size_t n )
    }
 }

+static void
+print_hashline( MD_HANDLE md, int algo, const char *fname )
+{
+    int i, n;
+    const byte *p;
+    
+    if ( fname ) {
+        for (p = fname; *p; p++ ) {
+            if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
+                printf("%%%02X", *p );
+            else 
+                putchar( *p );
+        }
+    }
+    putchar(':');
+    printf("%d:", algo );
+    p = md_read( md, algo );
+    n = md_digest_length(algo);
+    for(i=0; i < n ; i++, p++ ) 
+        printf("%02X", *p );
+    putchar(':');
+    putchar('\n');
+}
+
 static void
 print_mds( const char *fname, int algo )
 {
@ -1651,24 +1675,37 @@ print_mds( const char *fname, int algo )
 	log_error("%s%s\n", pname, strerror(errno) );
    else {
 	md_final(md);
-	if( algo ) {
-	    if( fname )
-		fputs( pname, stdout );
-	    print_hex(md_read(md, algo), md_digest_length(algo) );
-	}
-	else {
-	    printf(  "%s   MD5 = ", fname?pname:"" );
-			    print_hex(md_read(md, DIGEST_ALGO_MD5), 16 );
-	    printf("\n%s  SHA1 = ", fname?pname:""  );
-			    print_hex(md_read(md, DIGEST_ALGO_SHA1), 20 );
-	    printf("\n%sRMD160 = ", fname?pname:""  );
-			    print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 );
-	    if( !check_digest_algo(DIGEST_ALGO_TIGER) ) {
-		printf("\n%s TIGER = ", fname?pname:""  );
-			    print_hex(md_read(md, DIGEST_ALGO_TIGER), 24 );
-	    }
-	}
-	putchar('\n');
+        if ( opt.with_colons ) {
+            if ( algo ) 
+                print_hashline( md, algo, fname );
+            else {
+                print_hashline( md, DIGEST_ALGO_MD5, fname );
+                print_hashline( md, DIGEST_ALGO_SHA1, fname );
+                print_hashline( md, DIGEST_ALGO_RMD160, fname );
+                if( !check_digest_algo(DIGEST_ALGO_TIGER) ) 
+                    print_hashline( md, DIGEST_ALGO_TIGER, fname );
+            }
+        }
+        else {
+            if( algo ) {
+                if( fname )
+                    fputs( pname, stdout );
+                print_hex(md_read(md, algo), md_digest_length(algo) );
+            }
+            else {
+                printf(  "%s   MD5 = ", fname?pname:"" );
+                print_hex(md_read(md, DIGEST_ALGO_MD5), 16 );
+                printf("\n%s  SHA1 = ", fname?pname:""  );
+                print_hex(md_read(md, DIGEST_ALGO_SHA1), 20 );
+                printf("\n%sRMD160 = ", fname?pname:""  );
+                print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 );
+                if( !check_digest_algo(DIGEST_ALGO_TIGER) ) {
+                    printf("\n%s TIGER = ", fname?pname:""  );
+                    print_hex(md_read(md, DIGEST_ALGO_TIGER), 24 );
+                }
+            }
+            putchar('\n');
+        }
    }
    md_close(md);

--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1114,6 +1114,37 @@ check_sig_and_print( CTX c, KBNODE node )
 	return 0;
    }

+    /* It is not in all cases possible to check multiple signatures:
+     * PGP 2 (which is also allowed by OpenPGP), does use the packet
+     * sequence: sig+data,  OpenPGP does use onepas+data=sig and GnuPG
+     * sometimes uses (because I did'nt read the specs right) data+sig.
+     * Because it is possible to create multiple signatures with
+     * different packet sequence (e.g. data+sig and sig+data) it might
+     * not be possible to get it right:  let's say we have:
+     * data+sig, sig+data,sig+data and we have not yet encountered the last
+     * data, we could also see this a one data with 2 signatures and then 
+     * data+sig.
+     * To protect against this we check that we all signatures follow
+     * without any intermediate packets.  Note, that we won't get this
+     * error when we use onepass packets or cleartext signatures because
+     * we reset the list every time
+     */
+    {
+        KBNODE n;
+        int tmp=0;
+
+        for(n=c->list; n; n=n->next ) {
+            if ( tmp && n->pkt->pkttype == PKT_SIGNATURE ) {
+                log_error("can't handle these multiple signatures\n");
+                return 0;
+            }
+            else if ( n->pkt->pkttype == PKT_SIGNATURE ) 
+                tmp = 1;
+        }
+    }
+    
+
+
    tstr = asctimestamp(sig->timestamp);
    astr = pubkey_algo_to_string( sig->pubkey_algo );
    log_info(_("Signature made %.*s using %s key ID %08lX\n"),
@ -1338,3 +1369,4 @@ proc_tree( CTX c, KBNODE node )



+