gpg: Remove PGP-2 related cruft.

* g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
header.
(fake_packet): Remove pgp-2 workaround for white space stripping.
* g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
* g10/options.h (opt): Remove field pgp2_workarounds.
* g10/gpg.c (main): Do not set this field.
* g10/gpgv.c (main): Ditto.
* g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
  algo.  Using MD5 here is useless.
(proc_plaintext): Remove PGP-2 related woraround
(proc_tree): Remove another workaround but keep the one for PGP-5.
--

The removed code was either not anymore used or its use would have
caused an error message later anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>

g10/armor.c

@@ -286,8 +286,6 @@ parse_hash_header( const char *line )
 	    found |= 1;
 	else if( !strncmp( s, "SHA1", s2-s ) )
 	    found |= 2;
-	else if( !strncmp( s, "MD5", s2-s ) )
-	    found |= 4;
 	else if( !strncmp( s, "SHA224", s2-s ) )
 	    found |= 8;
 	else if( !strncmp( s, "SHA256", s2-s ) )
@@ -664,10 +662,9 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
 	  {
 	    int crlf = n > 1 && p[n-2] == '\r' && p[n-1]=='\n';
 
-	    /* PGP2 does not treat a tab as white space character */
 	    afx->buffer_len=
 	      trim_trailing_chars( &p[afx->buffer_pos], n-afx->buffer_pos,
-				   afx->pgp2mode ? " \r\n" : " \t\r\n");
+				   " \t\r\n");
 	    afx->buffer_len+=afx->buffer_pos;
 	    /* the buffer is always allocated with enough space to append
 	     * the removed [CR], LF and a Nul
@@ -1009,14 +1006,9 @@ armor_filter( void *opaque, int control,
 		/* the buffer is at least 15+n*15 bytes long, so it
 		 * is easy to construct the packets */
 
-		hashes &= 1|2|4|8|16|32|64;
+		hashes &= 1|2|8|16|32|64;
 		if( !hashes ) {
-		    hashes |= 4;  /* default to MD 5 */
-		    /* This is non-ideal since PGP 5-8 have the same
-		       end-of-line bugs as PGP 2. However, we only
-		       enable pgp2mode if there is no Hash: header. */
-		    if( opt.pgp2_workarounds )
-			afx->pgp2mode = 1;
+		    hashes |= 2;  /* Default to SHA-1. */
 		}
 		n=0;
                 /* First a gpg control packet... */
@@ -1029,8 +1021,6 @@ armor_filter( void *opaque, int control,
                     buf[n++] = DIGEST_ALGO_RMD160;
                 if( hashes & 2 )
                     buf[n++] = DIGEST_ALGO_SHA1;
-                if( hashes & 4 )
-                    buf[n++] = DIGEST_ALGO_MD5;
                 if( hashes & 8 )
                     buf[n++] = DIGEST_ALGO_SHA224;
                 if( hashes & 16 )

g10/filter.h

@@ -49,7 +49,6 @@ typedef struct {
     int faked;		    /* we are faking a literal data packet */
     int truncated;	    /* number of truncated lines */
     int qp_detected;
-    int pgp2mode;
     byte eol[3];            /* The end of line characters as a
 			       zero-terminated string.  Defaults
 			       (eol[0]=='\0') to whatever the local

g10/gpg.c

@@ -2099,7 +2099,6 @@ main (int argc, char **argv)
     opt.completes_needed = 1;
     opt.marginals_needed = 3;
     opt.max_cert_depth = 5;
-    opt.pgp2_workarounds = 1;
     opt.escape_from = 1;
     opt.flags.require_cross_cert = 1;
     opt.import_options = 0;
@@ -2528,7 +2527,6 @@ main (int argc, char **argv)
 	    opt.rfc2440_text = 0;
 	    opt.allow_non_selfsigned_uid = 1;
 	    opt.allow_freeform_uid = 1;
-	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 1;
 	    opt.not_dash_escaped = 0;
 	    opt.def_cipher_algo = 0;
@@ -2545,7 +2543,6 @@ main (int argc, char **argv)
 	    opt.rfc2440_text = 1;
 	    opt.allow_non_selfsigned_uid = 1;
 	    opt.allow_freeform_uid = 1;
-	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 0;
 	    opt.not_dash_escaped = 0;
 	    opt.def_cipher_algo = 0;

g10/gpgv.c

@@ -161,7 +161,6 @@ main( int argc, char **argv )
   gnupg_init_signals (0, NULL);
 
   opt.command_fd = -1; /* no command fd */
-  opt.pgp2_workarounds = 1;
   opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
   opt.trust_model = TM_ALWAYS;
   opt.batch = 1;

g10/mainproc.c

@@ -555,9 +555,9 @@ proc_encrypted( CTX c, PACKET *pkt )
 		algo = CIPHER_ALGO_IDEA;
 		if (!opt.s2k_digest_algo)
 		  {
-		    /* If no digest is given we assume MD5 */
+		    /* If no digest is given we assume SHA-1. */
 		    s2kbuf.mode = 0;
-		    s2kbuf.hash_algo = DIGEST_ALGO_MD5;
+		    s2kbuf.hash_algo = DIGEST_ALGO_SHA1;
 		    s2k = &s2kbuf;
 		  }
 		log_info (_("assuming %s encrypted data\n"), "IDEA");
@@ -617,7 +617,7 @@ static void
 proc_plaintext( CTX c, PACKET *pkt )
 {
     PKT_plaintext *pt = pkt->pkt.plaintext;
-    int any, clearsig, only_md5, rc;
+    int any, clearsig, rc;
     KBNODE n;
 
     literals_seen++;
@@ -635,7 +635,7 @@ proc_plaintext( CTX c, PACKET *pkt )
      * Should we assume that plaintext in mode 't' has always sigclass 1??
      * See: Russ Allbery's mail 1999-02-09
      */
-    any = clearsig = only_md5 = 0;
+    any = clearsig = 0;
     for(n=c->list; n; n = n->next )
       {
 	if( n->pkt->pkttype == PKT_ONEPASS_SIG )
@@ -645,15 +645,8 @@ proc_plaintext( CTX c, PACKET *pkt )
 	      {
 		gcry_md_enable (c->mfx.md,
                                 n->pkt->pkt.onepass_sig->digest_algo);
-		if( !any && n->pkt->pkt.onepass_sig->digest_algo
-		    == DIGEST_ALGO_MD5 )
-		  only_md5 = 1;
-		else
-		  only_md5 = 0;
 		any = 1;
 	      }
-	    if( n->pkt->pkt.onepass_sig->sig_class != 0x01 )
-	      only_md5 = 0;
 	  }
 	else if( n->pkt->pkttype == PKT_GPG_CONTROL
                  && n->pkt->pkt.gpg_control->control
@@ -692,18 +685,7 @@ proc_plaintext( CTX c, PACKET *pkt )
 	   answer. */
 	gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
 	gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
-	gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
       }
-    if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify
-        && opt.flags.allow_weak_digest_algos) {
-	/* This is a kludge to work around a bug in pgp2.  It does only
-	 * catch those mails which are armored.  To catch the non-armored
-	 * pgp mails we could see whether there is the signature packet
-	 * in front of the plaintext.  If someone needs this, send me a patch.
-	 */
-      if ( gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0) )
-        BUG ();
-    }
     if ( DBG_HASHING ) {
 	gcry_md_debug ( c->mfx.md, "verify" );
 	if ( c->mfx.md2  )
@@ -2130,20 +2112,13 @@ proc_tree( CTX c, KBNODE node )
             if (gcry_md_open (&c->mfx.md, sig->digest_algo, 0))
               BUG ();
 
-	    if( !opt.pgp2_workarounds )
-		;
-	    else if( sig->digest_algo == DIGEST_ALGO_MD5
-		     && is_RSA( sig->pubkey_algo)
-                     && opt.flags.allow_weak_digest_algos) {
-		/* enable a workaround for a pgp2 bug */
-                if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
-                  BUG ();
-	    }
+	    if (RFC2440 || RFC4880)
+              ; /* Strict RFC mode.  */
 	    else if( sig->digest_algo == DIGEST_ALGO_SHA1
 		     && sig->pubkey_algo == PUBKEY_ALGO_DSA
 		     && sig->sig_class == 0x01 ) {
-		/* enable the workaround also for pgp5 when the detached
-		 * signature has been created in textmode */
+		/* Enable a workaround for a pgp5 bug when the
+		 * detached signature has been created in textmode.  */
               if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
                 BUG ();
 	    }

g10/options.h

@@ -126,7 +126,6 @@ struct
     {
       KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG
     } keyid_format;
-  int pgp2_workarounds;
   int shm_coprocess;
   const char *set_filename;
   strlist_t comments;