gpg: Make card key generation work again.
[gnupg.git] / g10 / mainproc.c
index d4a0549..50d1d27 100644 (file)
@@ -623,7 +623,7 @@ proc_plaintext( CTX c, PACKET *pkt )
     literals_seen++;
 
     if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
-       log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
+       log_info(_("Note: sender requested \"for-your-eyes-only\"\n"));
     else if( opt.verbose )
        log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
     free_md_filter_context( &c->mfx );
@@ -694,7 +694,8 @@ proc_plaintext( CTX c, PACKET *pkt )
        gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
        gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
       }
-    if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) {
+    if (opt.pgp2_workarounds && only_md5 && !opt.skip_verify
+        && opt.flags.allow_weak_digest_algos) {
        /* This is a kludge to work around a bug in pgp2.  It does only
         * catch those mails which are armored.  To catch the non-armored
         * pgp mails we could see whether there is the signature packet
@@ -921,267 +922,203 @@ print_userid( PACKET *pkt )
 static void
 list_node( CTX c, KBNODE node )
 {
-    int any=0;
-    int mainkey;
-    char pkstrbuf[PUBKEY_STRING_SIZE];
+  int mainkey;
+  char pkstrbuf[PUBKEY_STRING_SIZE];
 
-    if( !node )
-       ;
-    else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
-            || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
-       PKT_public_key *pk = node->pkt->pkt.public_key;
+  if (!node)
+    ;
+  else if ((mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY))
+           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+    {
+      PKT_public_key *pk = node->pkt->pkt.public_key;
 
-       if( opt.with_colons )
-         {
-           u32 keyid[2];
-           keyid_from_pk( pk, keyid );
-           if( mainkey )
-             c->trustletter = opt.fast_list_mode?
-               0 : get_validity_info( pk, NULL );
-           printf("%s:", mainkey? "pub":"sub" );
-           if( c->trustletter )
-             putchar( c->trustletter );
-           printf(":%u:%d:%08lX%08lX:%s:%s::",
-                  nbits_from_pk( pk ),
-                  pk->pubkey_algo,
-                  (ulong)keyid[0],(ulong)keyid[1],
-                  colon_datestr_from_pk( pk ),
-                  colon_strtime (pk->expiredate) );
-           if( mainkey && !opt.fast_list_mode )
-             putchar( get_ownertrust_info (pk) );
-           putchar(':');
-           if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
-             putchar('\n'); any=1;
-             if( opt.fingerprint )
-               print_fingerprint (NULL, pk, 0);
-             printf("rtv:1:%u:\n",
-                    node->next->pkt->pkt.ring_trust->trustval );
-           }
-         }
-       else
-         printf("%s  %s/%s %s%s",
-                mainkey? "pub":"sub",
-                 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
-                keystr_from_pk( pk ),
-                datestr_from_pk( pk ), mainkey?" ":"");
-
-       if( mainkey ) {
-           /* and now list all userids with their signatures */
-           for( node = node->next; node; node = node->next ) {
-               if( node->pkt->pkttype == PKT_SIGNATURE ) {
-                   if( !any ) {
-                       if( node->pkt->pkt.signature->sig_class == 0x20 )
-                           puts("[revoked]");
-                       else
-                           putchar('\n');
-                       any = 1;
-                   }
-                   list_node(c,  node );
-               }
-               else if( node->pkt->pkttype == PKT_USER_ID ) {
-                   if( any ) {
-                       if( opt.with_colons )
-                           printf("%s:::::::::",
-                             node->pkt->pkt.user_id->attrib_data?"uat":"uid");
-                       else
-                           printf( "uid%*s", 28, "" );
-                   }
-                   print_userid( node->pkt );
-                   if( opt.with_colons )
-                       putchar(':');
-                   putchar('\n');
-                   if( opt.fingerprint && !any )
-                        print_fingerprint (NULL, pk, 0 );
-                   if( opt.with_colons
-                        && node->next
-                       && node->next->pkt->pkttype == PKT_RING_TRUST ) {
-                       printf("rtv:2:%u:\n",
-                               node->next->pkt->pkt.ring_trust?
-                               node->next->pkt->pkt.ring_trust->trustval : 0);
-                   }
-                   any=1;
-               }
-               else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
-                   if( !any ) {
-                       putchar('\n');
-                       any = 1;
-                   }
-                   list_node(c,  node );
-               }
-           }
-       }
-       else
-         {
-           /* of subkey */
-           if( pk->flags.revoked )
-             {
-               printf(" [");
-               printf(_("revoked: %s"),revokestr_from_pk(pk));
-               printf("]");
-             }
-           else if( pk->expiredate )
-             {
-               printf(" [");
-               printf(_("expires: %s"),expirestr_from_pk(pk));
-               printf("]");
-             }
-         }
+      if (opt.with_colons)
+        {
+          u32 keyid[2];
+
+          keyid_from_pk( pk, keyid );
+          if (mainkey)
+            c->trustletter = (opt.fast_list_mode?
+                              0 : get_validity_info( pk, NULL));
+          es_printf ("%s:", mainkey? "pub":"sub" );
+          if (c->trustletter)
+            es_putc (c->trustletter, es_stdout);
+          es_printf (":%u:%d:%08lX%08lX:%s:%s::",
+                     nbits_from_pk( pk ),
+                     pk->pubkey_algo,
+                     (ulong)keyid[0],(ulong)keyid[1],
+                     colon_datestr_from_pk( pk ),
+                     colon_strtime (pk->expiredate) );
+          if (mainkey && !opt.fast_list_mode)
+            es_putc (get_ownertrust_info (pk), es_stdout);
+          es_putc (':', es_stdout);
+        }
+      else
+        es_printf ("%s  %s/%s %s",
+                   mainkey? "pub":"sub",
+                   pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
+                   keystr_from_pk (pk),
+                   datestr_from_pk (pk));
+
+      if (pk->flags.revoked)
+        {
+          es_printf (" [");
+          es_printf (_("revoked: %s"), revokestr_from_pk (pk));
+          es_printf ("]\n");
+        }
+      else if( pk->expiredate && !opt.with_colons)
+        {
+          es_printf (" [");
+          es_printf (_("expires: %s"), expirestr_from_pk (pk));
+          es_printf ("]\n");
+        }
+      else
+        es_putc ('\n', es_stdout);
 
-       if( !any )
-           putchar('\n');
-       if( !mainkey && opt.fingerprint > 1 )
-            print_fingerprint (NULL, pk, 0);
+      if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
+        print_fingerprint (NULL, pk, 0);
+
+      if (opt.with_colons)
+        {
+          if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
+            es_printf ("rtv:1:%u:\n",
+                       node->next->pkt->pkt.ring_trust->trustval);
+        }
+
+      if (mainkey)
+        {
+          /* Now list all userids with their signatures. */
+          for (node = node->next; node; node = node->next)
+            {
+              if (node->pkt->pkttype == PKT_SIGNATURE)
+                {
+                  list_node (c,  node );
+                }
+              else if (node->pkt->pkttype == PKT_USER_ID)
+                {
+                  if (opt.with_colons)
+                    es_printf ("%s:::::::::",
+                               node->pkt->pkt.user_id->attrib_data?"uat":"uid");
+                  else
+                    es_printf ("uid%*s", 28, "" );
+                  print_userid (node->pkt);
+                  if (opt.with_colons)
+                    es_putc (':', es_stdout);
+                  es_putc ('\n', es_stdout);
+                  if (opt.with_colons
+                      && node->next
+                      && node->next->pkt->pkttype == PKT_RING_TRUST)
+                    {
+                      es_printf ("rtv:2:%u:\n",
+                                 node->next->pkt->pkt.ring_trust?
+                                 node->next->pkt->pkt.ring_trust->trustval : 0);
+                    }
+               }
+              else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+                {
+                  list_node(c,  node );
+                }
+            }
+        }
     }
-    else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
-            || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+  else if ((mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
+           || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+    {
 
       log_debug ("FIXME: No way to print secret key packets here\n");
-      /* fixme: We may use a fucntion to trun a secret key packet into
+      /* fixme: We may use a fucntion to turn a secret key packet into
          a public key one and use that here.  */
-       /* PKT_secret_key *sk = node->pkt->pkt.secret_key; */
-
-       /* if( opt.with_colons ) */
-       /*   { */
-       /*     u32 keyid[2]; */
-       /*     keyid_from_sk( sk, keyid ); */
-       /*     printf("%s::%u:%d:%08lX%08lX:%s:%s:::", */
-       /*         mainkey? "sec":"ssb", */
-       /*         nbits_from_sk( sk ), */
-       /*         sk->pubkey_algo, */
-       /*         (ulong)keyid[0],(ulong)keyid[1], */
-       /*         colon_datestr_from_sk( sk ), */
-       /*         colon_strtime (sk->expiredate) */
-       /*         /\* fixme: add LID *\/ ); */
-       /*   } */
-       /* else */
-       /*   printf("%s  %4u%c/%s %s ", mainkey? "sec":"ssb", */
-       /*       nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), */
-       /*       keystr_from_sk( sk ), datestr_from_sk( sk )); */
-       /* if( mainkey ) { */
-       /*     /\* and now list all userids with their signatures *\/ */
-       /*     for( node = node->next; node; node = node->next ) { */
-       /*      if( node->pkt->pkttype == PKT_SIGNATURE ) { */
-       /*          if( !any ) { */
-       /*              if( node->pkt->pkt.signature->sig_class == 0x20 ) */
-       /*                  puts("[revoked]"); */
-       /*              else */
-       /*                  putchar('\n'); */
-       /*              any = 1; */
-       /*          } */
-       /*          list_node(c,  node ); */
-       /*      } */
-       /*      else if( node->pkt->pkttype == PKT_USER_ID ) { */
-       /*          if( any ) { */
-       /*              if( opt.with_colons ) */
-       /*                  printf("%s:::::::::", */
-       /*                    node->pkt->pkt.user_id->attrib_data?"uat":"uid"); */
-       /*              else */
-       /*                  printf( "uid%*s", 28, "" ); */
-       /*          } */
-       /*          print_userid( node->pkt ); */
-       /*          if( opt.with_colons ) */
-       /*              putchar(':'); */
-       /*          putchar('\n'); */
-       /*          if( opt.fingerprint && !any ) */
-       /*              print_fingerprint( NULL, sk, 0 ); */
-       /*          any=1; */
-       /*      } */
-       /*      else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { */
-       /*          if( !any ) { */
-       /*              putchar('\n'); */
-       /*              any = 1; */
-       /*          } */
-       /*          list_node(c,  node ); */
-       /*      } */
-       /*     } */
-       /* } */
-       /* if( !any ) */
-       /*     putchar('\n'); */
-       /* if( !mainkey && opt.fingerprint > 1 ) */
-       /*     print_fingerprint( NULL, sk, 0 ); */
     }
-    else if( node->pkt->pkttype == PKT_SIGNATURE  ) {
-       PKT_signature *sig = node->pkt->pkt.signature;
-       int is_selfsig = 0;
-       int rc2=0;
-       size_t n;
-       char *p;
-       int sigrc = ' ';
+  else if (node->pkt->pkttype == PKT_SIGNATURE)
+    {
+      PKT_signature *sig = node->pkt->pkt.signature;
+      int is_selfsig = 0;
+      int rc2 = 0;
+      size_t n;
+      char *p;
+      int sigrc = ' ';
 
-       if( !opt.verbose )
-           return;
+      if (!opt.verbose)
+        return;
 
-       if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
-           fputs("rev", stdout);
-       else
-           fputs("sig", stdout);
-       if( opt.check_sigs ) {
-           fflush(stdout);
-           rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
-           switch (gpg_err_code (rc2)) {
-             case 0:                        sigrc = '!'; break;
-             case GPG_ERR_BAD_SIGNATURE:    sigrc = '-'; break;
-             case GPG_ERR_NO_PUBKEY:
-             case GPG_ERR_UNUSABLE_PUBKEY:  sigrc = '?'; break;
-             default:                       sigrc = '%'; break;
+      if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
+        es_fputs ("rev", es_stdout);
+      else
+        es_fputs ("sig", es_stdout);
+      if (opt.check_sigs)
+        {
+          fflush (stdout);
+          rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL);
+          switch (gpg_err_code (rc2))
+            {
+            case 0:                      sigrc = '!'; break;
+            case GPG_ERR_BAD_SIGNATURE:   sigrc = '-'; break;
+            case GPG_ERR_NO_PUBKEY:
+            case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
+            default:                     sigrc = '%'; break;
            }
        }
-       else {  /* check whether this is a self signature */
-           u32 keyid[2];
+      else /* Check whether this is a self signature.  */
+        {
+          u32 keyid[2];
 
-           if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
-               || c->list->pkt->pkttype == PKT_SECRET_KEY )
-              {
-                keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
+          if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
+              || c->list->pkt->pkttype == PKT_SECRET_KEY )
+            {
+              keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
 
-                if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
-                  is_selfsig = 1;
-              }
+              if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
+                is_selfsig = 1;
+            }
        }
-       if( opt.with_colons ) {
-           putchar(':');
-           if( sigrc != ' ' )
-               putchar(sigrc);
-           printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
-                  (ulong)sig->keyid[0], (ulong)sig->keyid[1],
-                  colon_datestr_from_sig(sig),
-                  colon_expirestr_from_sig(sig));
-
-           if(sig->trust_depth || sig->trust_value)
-             printf("%d %d",sig->trust_depth,sig->trust_value);
-           printf(":");
-
-           if(sig->trust_regexp)
-             es_write_sanitized (es_stdout,sig->trust_regexp,
-                                  strlen(sig->trust_regexp), ":", NULL);
-           printf(":");
+
+      if (opt.with_colons)
+        {
+          es_putc (':', es_stdout);
+          if (sigrc != ' ')
+            es_putc (sigrc, es_stdout);
+          es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
+                     (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+                     colon_datestr_from_sig (sig),
+                     colon_expirestr_from_sig (sig));
+
+          if (sig->trust_depth || sig->trust_value)
+            es_printf ("%d %d",sig->trust_depth,sig->trust_value);
+          es_putc (':', es_stdout);
+
+          if (sig->trust_regexp)
+            es_write_sanitized (es_stdout, sig->trust_regexp,
+                                strlen (sig->trust_regexp), ":", NULL);
+          es_putc (':', es_stdout);
        }
-       else
-         printf("%c       %s %s   ",
-                sigrc, keystr(sig->keyid), datestr_from_sig(sig));
-       if( sigrc == '%' )
-           printf("[%s] ", g10_errstr(rc2) );
-       else if( sigrc == '?' )
-           ;
-       else if( is_selfsig ) {
-           if( opt.with_colons )
-               putchar(':');
-           fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
-           if( opt.with_colons )
-               putchar(':');
+      else
+        es_printf ("%c       %s %s   ",
+                   sigrc, keystr (sig->keyid), datestr_from_sig(sig));
+      if (sigrc == '%')
+        es_printf ("[%s] ", g10_errstr(rc2) );
+      else if (sigrc == '?')
+        ;
+      else if (is_selfsig)
+        {
+          if (opt.with_colons)
+            es_putc (':', es_stdout);
+          es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
+          if (opt.with_colons)
+            es_putc (':', es_stdout);
        }
-       else if( !opt.fast_list_mode ) {
-           p = get_user_id( sig->keyid, &n );
-           es_write_sanitized (es_stdout, p, n,
-                                opt.with_colons?":":NULL, NULL );
-           xfree(p);
+      else if (!opt.fast_list_mode)
+        {
+          p = get_user_id (sig->keyid, &n);
+          es_write_sanitized (es_stdout, p, n,
+                              opt.with_colons?":":NULL, NULL );
+          xfree (p);
        }
-       if( opt.with_colons )
-           printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
-       putchar('\n');
+      if (opt.with_colons)
+        es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
+      es_putc ('\n', es_stdout);
     }
-    else
-       log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
+  else
+    log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
 }
 
 
@@ -1564,6 +1501,9 @@ check_sig_and_print (CTX c, KBNODE node)
   int rc;
   int is_expkey = 0;
   int is_revkey = 0;
+  char pkstrbuf[PUBKEY_STRING_SIZE];
+
+  *pkstrbuf = 0;
 
   if (opt.skip_verify)
     {
@@ -1843,6 +1783,8 @@ check_sig_and_print (CTX c, KBNODE node)
             log_printf (" [%s]\n",trust_value_to_string(valid));
           else
             log_printf ("\n");
+
+          pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
           count++;
        }
 
@@ -2017,10 +1959,12 @@ check_sig_and_print (CTX c, KBNODE node)
         log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
 
       if (opt.verbose)
-        log_info (_("%s signature, digest algorithm %s\n"),
+        log_info (_("%s signature, digest algorithm %s%s%s\n"),
                   sig->sig_class==0x00?_("binary"):
                   sig->sig_class==0x01?_("textmode"):_("unknown"),
-                  gcry_md_algo_name (sig->digest_algo));
+                  gcry_md_algo_name (sig->digest_algo),
+                  *pkstrbuf?_(", key algorithm "):"",
+                  pkstrbuf);
 
       if (rc)
         g10_errors_seen = 1;
@@ -2189,7 +2133,8 @@ proc_tree( CTX c, KBNODE node )
            if( !opt.pgp2_workarounds )
                ;
            else if( sig->digest_algo == DIGEST_ALGO_MD5
-                    && is_RSA( sig->pubkey_algo ) ) {
+                    && is_RSA( sig->pubkey_algo)
+                     && opt.flags.allow_weak_digest_algos) {
                /* enable a workaround for a pgp2 bug */
                 if (gcry_md_open (&c->mfx.md2, DIGEST_ALGO_MD5, 0))
                   BUG ();
@@ -2202,16 +2147,17 @@ proc_tree( CTX c, KBNODE node )
               if (gcry_md_open (&c->mfx.md2, sig->digest_algo, 0 ))
                 BUG ();
            }
-#if 0 /* workaround disabled */
-           /* Here we have another hack to work around a pgp 2 bug
-            * It works by not using the textmode for detached signatures;
-            * this will let the first signature check (on md) fail
-            * but the second one (on md2) which adds an extra CR should
-            * then produce the "correct" hash.  This is very, very ugly
-            * hack but it may help in some cases (and break others)
-            */
-                   /*  c->mfx.md2? 0 :(sig->sig_class == 0x01) */
-#endif
+
+           /* Here we used to have another hack to work around a pgp
+            * 2 bug: It worked by not using the textmode for detached
+            * signatures; this would let the first signature check
+            * (on md) fail but the second one (on md2), which adds an
+            * extra CR would then have produced the "correct" hash.
+            * This is very, very ugly hack but it may haved help in
+            * some cases (and break others).
+            *   c->mfx.md2? 0 :(sig->sig_class == 0x01)
+             */
+
             if ( DBG_HASHING ) {
                 gcry_md_debug( c->mfx.md, "verify" );
                 if ( c->mfx.md2  )