[svn] GnuPG - r4047 - in tags/V1-4-2: . checks g10
svn author wk
cvs at cvs.gnupg.org
Wed Mar 8 10:11:36 CET 2006
Author: wk
Date: 2006-03-08 10:11:34 +0100 (Wed, 08 Mar 2006)
New Revision: 4047
Modified:
tags/V1-4-2/ChangeLog
tags/V1-4-2/NEWS
tags/V1-4-2/checks/ChangeLog
tags/V1-4-2/checks/defs.inc
tags/V1-4-2/checks/multisig.test
tags/V1-4-2/checks/verify.test
tags/V1-4-2/configure.ac
tags/V1-4-2/g10/ChangeLog
tags/V1-4-2/g10/g10.c
tags/V1-4-2/g10/mainproc.c
tags/V1-4-2/g10/options.h
Log:
Backported verification fixes from 1.4.3-cvs
Modified: tags/V1-4-2/ChangeLog
===================================================================
--- tags/V1-4-2/ChangeLog 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/ChangeLog 2006-03-08 09:11:34 UTC (rev 4047)
@@ -1,3 +1,7 @@
+2006-03-08 Werner Koch <wk at g10code.com>
+
+ Released 1.4.2.2.
+
2006-02-14 Werner Koch <wk at gnupg.org>
Released 1.4.2.1.
Modified: tags/V1-4-2/NEWS
===================================================================
--- tags/V1-4-2/NEWS 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/NEWS 2006-03-08 09:11:34 UTC (rev 4047)
@@ -1,3 +1,12 @@
+Noteworthy changes in version 1.4.2.2 (2006-03-08)
+--------------------------------------------------
+
+ * Files containing several signed messages are not allowed any
+ longer as there is no clean way to report the status of such
+ files back to the caller. To partly revert to the old behaviour
+ the new option --allow-multisig-verification may be used.
+
+
Noteworthy changes in version 1.4.2.1 (2006-02-14)
--------------------------------------------------
Modified: tags/V1-4-2/checks/ChangeLog
===================================================================
--- tags/V1-4-2/checks/ChangeLog 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/checks/ChangeLog 2006-03-08 09:11:34 UTC (rev 4047)
@@ -1,3 +1,9 @@
+2006-03-08 Werner Koch <wk at g10code.com>
+
+ * verify.test: More tests
+ * multisig.test: Adjusted.
+ * defs.inc: A few more support functions.
+
2005-06-21 Werner Koch <wk at g10code.com>
* conventional.test (algos): Uhh ohh, cut+paste error and not
Modified: tags/V1-4-2/checks/defs.inc
===================================================================
--- tags/V1-4-2/checks/defs.inc 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/checks/defs.inc 2006-03-08 09:11:34 UTC (rev 4047)
@@ -31,25 +31,55 @@
LC_ALL=
LC_MESSAGES=
+# Internal use.
+defs_stop_on_error=no
+defs_error_seen=no
+
#--------------------------------
#------ utility functions -------
#--------------------------------
fatal () {
echo "$pgmname: fatal:" $* >&2
+ [ -n "${BASH_VERSION+set}" ] && echo "$pgmname: fatal:" $* >&5
exit 1;
}
error () {
echo "$pgmname:" $* >&2
- exit 1
+ defs_error_seen=yes
+ [ -n "${BASH_VERSION+set}" ] && echo "$pgmname:" $* >&5
+ if [ x$defs_stop_on_error != xyes ]; then
+ exit 1
+ fi
}
+# Call this at the start of a test and resume_error at the end to keep
+# on running all subtests without immediately exiting on error.
+suspend_error () {
+ defs_stop_on_error=yes
+}
+
+resume_error () {
+ if [ x$defs_error_seen = xyes ]; then
+ exit 1
+ fi
+ defs_stop_on_error=no
+ defs_error_seen=no
+}
+
info () {
echo "$pgmname:" $* >&2
+ if [ -n "${verbose+set}" ]; then
+ [ -n "${BASH_VERSION+set}" ] && echo "$pgmname:" $* >&5
+ fi
}
+linefeed () {
+ echo >&2
+}
+
echo_n_init=no
echo_n () {
if test "$echo_n_init" = "no"; then
@@ -126,6 +156,8 @@
GPG="../g10/gpg --no-permission-warning --homedir . "
+[ -n "${BASH_VERSION+set}" ] && exec 5>/dev/stderr
+
exec 2> ${pgmname}.log
:
Modified: tags/V1-4-2/checks/multisig.test
===================================================================
--- tags/V1-4-2/checks/multisig.test 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/checks/multisig.test 2006-03-08 09:11:34 UTC (rev 4047)
@@ -2,13 +2,15 @@
# Check that gpg verifies only signatures where there is no ambiguity
# in the order of packets. Needs the Demo Keys Lima and Mike.
+# Note: We do son't support multiple signaturess anymore thus thsi test is
+# not really needed becuase verify could do the same. We keep it anyway.
+
. $srcdir/defs.inc || exit 3
-# (variable intialization was created using:
-# for i in files; do echo "`echo $i | sed 's,[.-],_,g'`='"; \
-# gpg --no-version --enarmor <$i | grep -v ^Comment:; echo "'" ; done
-# )
+suspend_error
+
+
sig_1ls1ls_valid='
-----BEGIN PGP ARMORED FILE-----
@@ -119,13 +121,11 @@
-----END PGP ARMORED FILE-----
'
-save_IFS="${IFS}"
-IFS=""
-for i in "$sig_1ls1ls_valid" "$sig_ls_valid" "$sig_sl_valid"; do
- echo "$i" | ./gpg_dearmor >x
- IFS="${save_IFS}"
- $GPG --verify x 2>/dev/null || error "valid is invalid"
- IFS=""
+
+for i in sig_sl_valid ; do
+ eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x
+ $GPG --verify x 2>/dev/null || error "valid is invalid ($i)"
+ linefeed
done
#for i in "$sig_11lss_valid_but_is_not" "$sig_11lss11lss_valid_but_is_not" \
# "$sig_ssl_valid_but_is_not"; do
@@ -133,13 +133,13 @@
# $GPG --verify <x 2>/dev/null || error "valid is invalid"
#done
-# without the +e ksh seems to terminate the for loop
-set +e
-for i in "$sig_1lsls_invalid" "$sig_lsls_invalid" \
- "$sig_lss_invalid" "$sig_slsl_invalid" ; do
- echo "$i" | ./gpg_dearmor >x
- IFS="${save_IFS}"
- $GPG --verify <x 2>/dev/null && error "invalid is valid"
- IFS=""
+for i in sig_1ls1ls_valid sig_ls_valid \
+ sig_1lsls_invalid sig_lsls_invalid \
+ sig_lss_invalid sig_slsl_invalid ; do
+ eval "(IFS=; echo \"\$$i\")" | ./gpg_dearmor >x
+ $GPG --verify <x 2>/dev/null && error "invalid is valid ($i)"
+ linefeed
done
-IFS="${save_IFS}"
+
+
+resume_error
\ No newline at end of file
Modified: tags/V1-4-2/checks/verify.test
===================================================================
--- tags/V1-4-2/checks/verify.test 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/checks/verify.test 2006-03-08 09:11:34 UTC (rev 4047)
@@ -2,10 +2,251 @@
. $srcdir/defs.inc || exit 3
-#info check that verify fails for bad input data
+suspend_error
+
+#
+# Two simple tests to check that verify fails for bad input data
+#
+info "checking bogus signature 1"
../tools/mk-tdata --char 0x2d 64 >x
$GPG --verify x data-500 && error "no error code from verify"
+info "checking bogus signature 2"
../tools/mk-tdata --char 0xca 64 >x
$GPG --verify x data-500 && error "no error code from verify"
-exit 0
+linefeed
+
+# A variable to collect the test names
+tests=""
+
+# A plain signed message created using
+# echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -z0 -sa msg
+tests="$tests msg_ols_asc"
+msg_ols_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45Q==
+=a29i
+-----END PGP MESSAGE-----'
+
+# A plain signed message created using
+# echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -sa msg
+tests="$tests msg_cols_asc"
+msg_cols_asc='-----BEGIN PGP MESSAGE-----
+
+owGbwMvMwCSoW1RzPCOz3IRxLSN7EnNucboLT6Cgp0JJRmZeNpBMLFFIzMlRKMpM
+zyjRBQtm5qUrFKTmF+SkKmTmgdQVKyTnl+aVFFUqJBalKhRnJmcrJOalcJVkFqWm
+KOSnKSSlgrSU5OekQMzLL0rJzEsEKk9JTU7NK4EZBtKcBtRRWgAzlwtmbnlmSQbU
+GJjxCmDj9RQUPNVzFZJTi0oSM/NyKhXy8kuAYk6lJSBxLlTF2NziqZCYq8elq+Cb
+n1dSqRBQWZKRn8fVYc/MygAKBljYCDIFiTDMT+9seu836Q+bevyHTJ0dzPNuvCjn
+ZpgrwX38z58rJsfYDhwOSS4SkN/d6vUAAA==
+=s6sY
+-----END PGP MESSAGE-----'
+
+# A PGP 2 style message.
+tests="$tests msg_sl_asc"
+msg_sl_asc='-----BEGIN PGP MESSAGE-----
+
+iD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCgiI5M
+yzgJpGTZtA/Jbk+/HP9ceOWtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJp
+Z2h0LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5k
+CnRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxl
+IGFyZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQg
+dGlyZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGly
+ZWQgb2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCg==
+=0ukK
+-----END PGP MESSAGE-----'
+
+# An OpenPGP message lacking the onepass packet. We used to accept
+# such messages but now consider them invalid.
+tests="$tests bad_ls_asc"
+bad_ls_asc='-----BEGIN PGP MESSAGE-----
+
+rQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9w
+bGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0
+b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRo
+aXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRh
+aW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQg
+dGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IA
+oJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
+=Mpiu
+-----END PGP MESSAGE-----'
+
+
+# A signed message prefixed with an unsigned literal packet.
+# (fols = faked-literal-data, one-pass, literal-data, signature)
+# This should throw an error because running gpg to extract the
+# signed data will return both literal data packets
+tests="$tests bad_fols_asc"
+bad_fols_asc='-----BEGIN PGP MESSAGE-----
+
+rF1iDG1zZy51bnNpZ25lZEQMY0x0aW1lc2hhcmluZywgbjoKCUFuIGFjY2VzcyBt
+ZXRob2Qgd2hlcmVieSBvbmUgY29tcHV0ZXIgYWJ1c2VzIG1hbnkgcGVvcGxlLgqQ
+DQMAAhEtcnzHaGl3NAGtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJpZ2h0
+LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5kCnRp
+cmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxlIGFy
+ZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQgdGly
+ZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGlyZWQg
+b2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCog/AwUARAxS
+Wi1yfMdoaXc0EQJHggCgmUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQP
+yW5Pvxz/XHjl
+=UNM4
+-----END PGP MESSAGE-----'
+
+# A signed message suffixed with an unsigned literal packet.
+# (fols = faked-literal-data, one-pass, literal-data, signature)
+# This should throw an error because running gpg to extract the
+# signed data will return both literal data packets
+tests="$tests bad_olsf_asc"
+bad_olsf_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45axdYgxtc2cudW5zaWduZWREDGNMdGltZXNoYXJpbmcsIG46CglB
+biBhY2Nlc3MgbWV0aG9kIHdoZXJlYnkgb25lIGNvbXB1dGVyIGFidXNlcyBtYW55
+IHBlb3BsZS4K
+=3gnG
+-----END PGP MESSAGE-----'
+
+
+# Two standard signed messages in a row
+tests="$tests msg_olsols_asc_multisig"
+msg_olsols_asc_multisig='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45ZANAwACES1yfMdoaXc0Aa0BB2IDbXNnRAxSWkkgdGhpbmsgdGhh
+dCBhbGwgcmlnaHQtdGhpbmtpbmcgcGVvcGxlIGluIHRoaXMgY291bnRyeSBhcmUg
+c2ljayBhbmQKdGlyZWQgb2YgYmVpbmcgdG9sZCB0aGF0IG9yZGluYXJ5IGRlY2Vu
+dCBwZW9wbGUgYXJlIGZlZCB1cCBpbiB0aGlzCmNvdW50cnkgd2l0aCBiZWluZyBz
+aWNrIGFuZCB0aXJlZC4gIEknbSBjZXJ0YWlubHkgbm90LiAgQnV0IEknbQpzaWNr
+IGFuZCB0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgSSBhbS4KLSBNb250eSBQeXRo
+b24KiD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCg
+iI5MyzgJpGTZtA/Jbk+/HP9ceOU=
+=8nLN
+-----END PGP MESSAGE-----'
+
+# A standard message with two signatures (actually the same signature
+# duplicated).
+tests="$tests msg_oolss_asc"
+msg_oolss_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Yg/AwUARAxSWi1yfMdoaXc0EQJHggCg
+mUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQPyW5Pvxz/XHjl
+=KVw5
+-----END PGP MESSAGE-----'
+
+# A standard message with two one-pass packet but only one signature
+# packet
+tests="$tests bad_ools_asc"
+bad_ools_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
+=1/ix
+-----END PGP MESSAGE-----'
+
+# Standard cleartext signature
+tests="$tests msg_cls_asc"
+msg_cls_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+I think that all right-thinking people in this country are sick and
+tired of being told that ordinary decent people are fed up in this
+country with being sick and tired. I'm certainly not. But I'm
+sick and tired of being told that I am.
+- - Monty Python
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVp1LXJ8x2hpdzQRAplUAKCMfpG3GPw/TLN52tosgXP5lNECkwCfQhAa
+emmev7IuQjWYrGF9Lxj+zj8=
+=qJsY
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Cleartext signature with two signatures
+tests="$tests msg_clss_asc"
+msg_clss_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+What is the difference between a Turing machine and the modern computer?
+It's the same as that between Hillary's ascent of Everest and the
+establishment of a Hilton on its peak.
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVz6LXJ8x2hpdzQRAtkGAKCeMhNbHnh339fpjNj9owsYcC4zBwCfYO5l
+2u+KEfXX0FKyk8SMzLjZ536IPwMFAUQNXPr+GAsdqeOwshEC2QYAoPOWAiQm0EF/
+FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
+=1Xvv
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Two clear text signatures in a row
+tests="$tests msg_clsclss_asc"
+msg_clsclss_asc="${msg_cls_asc}
+${msg_clss_asc}"
+
+
+# Fixme: We need more tests with manipulated cleartext signatures.
+
+
+#
+# Now run the tests.
+#
+for i in $tests ; do
+ info "checking: $i"
+ eval "(IFS=; echo \"\$$i\")" >x
+ case "$i" in
+ msg_*_asc)
+ $GPG --verify x || error "verify of $i failed"
+ ;;
+ msg_*_asc_multisig)
+ $GPG --verify --allow-multisig-verification x \
+ || error "verify of $i failed"
+ $GPG --verify x && error "verify of $i succeeded but should not"
+ ;;
+ bad_*_asc)
+ $GPG --verify x && error "verify of $i succeeded but should not"
+ ;;
+ *)
+ error "No handler for test case $i"
+ ;;
+ esac
+ linefeed
+done
+
+
+resume_error
Modified: tags/V1-4-2/configure.ac
===================================================================
--- tags/V1-4-2/configure.ac 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/configure.ac 2006-03-08 09:11:34 UTC (rev 4047)
@@ -26,7 +26,7 @@
# Remember to change the version number immediately *after* a release
# and remove the "-cvs" or "rc" suffix immediately *before* a release.
-AC_INIT(gnupg, 1.4.2.1, bug-gnupg at gnu.org)
+AC_INIT(gnupg, 1.4.2.2, bug-gnupg at gnu.org)
# Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not
# sufficient.
Modified: tags/V1-4-2/g10/ChangeLog
===================================================================
--- tags/V1-4-2/g10/ChangeLog 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/g10/ChangeLog 2006-03-08 09:11:34 UTC (rev 4047)
@@ -1,3 +1,14 @@
+2006-03-08 Werner Koch <wk at g10code.com>
+
+ * mainproc.c (proc_signature_packets): Return any_sig_seen to
+ caller.
+ (check_sig_and_print): Made the composition test more tight. This
+ is due to another bug report by Tavis Ormandy.
+ (add_onepass_sig): Simplified.
+ (do_check_sig): Use log_error for standalone revocations.
+ * g10.c: New option --allow-multisig-verification.
+ * options.h (struct): Add allow_multisig_verification.
+
2005-07-26 Werner Koch <wk at g10code.com>
* passphrase.c (agent_get_passphrase): Make sure to release the
Modified: tags/V1-4-2/g10/g10.c
===================================================================
--- tags/V1-4-2/g10/g10.c 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/g10/g10.c 2006-03-08 09:11:34 UTC (rev 4047)
@@ -354,6 +354,8 @@
opcscDriver,
oDisableCCID,
+ oAllowMultisigVerification,
+
oNoop
};
@@ -679,6 +681,7 @@
{ oKeyidFormat, "keyid-format", 2, "@" },
{ oExitOnStatusWriteError, "exit-on-status-write-error", 0, "@" },
{ oLimitCardInsertTries, "limit-card-insert-tries", 1, "@"},
+ { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
{ oReaderPort, "reader-port", 2, "@"},
{ octapiDriver, "ctapi-driver", 2, "@"},
@@ -2554,6 +2557,9 @@
opt.limit_card_insert_tries = pargs.r.ret_int;
break;
+ case oAllowMultisigVerification:
+ opt.allow_multisig_verification = 1;
+ break;
case oNoop: break;
Modified: tags/V1-4-2/g10/mainproc.c
===================================================================
--- tags/V1-4-2/g10/mainproc.c 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/g10/mainproc.c 2006-03-08 09:11:34 UTC (rev 4047)
@@ -112,27 +112,14 @@
static int
add_onepass_sig( CTX c, PACKET *pkt )
{
- KBNODE node;
+ KBNODE node;
- if( c->list ) { /* add another packet */
- /* We can only append another onepass packet if the list
- * does contain only onepass packets */
- for( node=c->list; node && node->pkt->pkttype == PKT_ONEPASS_SIG;
- node = node->next )
- ;
- if( node ) {
- /* this is not the case, so we flush the current thing and
- * allow this packet to start a new verification thing */
- release_list( c );
- c->list = new_kbnode( pkt );
- }
- else
- add_kbnode( c->list, new_kbnode( pkt ));
- }
- else /* insert the first one */
- c->list = node = new_kbnode( pkt );
+ if ( c->list ) /* add another packet */
+ add_kbnode( c->list, new_kbnode( pkt ));
+ else /* insert the first one */
+ c->list = node = new_kbnode( pkt );
- return 1;
+ return 1;
}
@@ -802,8 +789,8 @@
return check_key_signature( c->list, node, is_selfsig );
}
else if( sig->sig_class == 0x20 ) {
- log_info(_("standalone revocation - "
- "use \"gpg --import\" to apply\n"));
+ log_error (_("standalone revocation - "
+ "use \"gpg --import\" to apply\n"));
return G10ERR_NOT_PROCESSED;
}
else {
@@ -1151,6 +1138,13 @@
log_error (_("no signature found\n"));
rc = G10ERR_NO_DATA;
}
+
+ /* Propagate the signature seen flag upward. Do this only on
+ success so that we won't issue the nodata status several
+ times. */
+ if (!rc && c->anchor && c->any_sig_seen)
+ c->anchor->any_sig_seen = 1;
+
m_free( c );
return rc;
}
@@ -1313,70 +1307,120 @@
static int
check_sig_and_print( CTX c, KBNODE node )
{
- PKT_signature *sig = node->pkt->pkt.signature;
- const char *astr;
- int rc, is_expkey=0, is_revkey=0;
+ PKT_signature *sig = node->pkt->pkt.signature;
+ const char *astr;
+ int rc, is_expkey=0, is_revkey=0;
- if( opt.skip_verify ) {
- log_info(_("signature verification suppressed\n"));
- return 0;
+ if (opt.skip_verify)
+ {
+ log_info(_("signature verification suppressed\n"));
+ return 0;
}
- /* It is not in all cases possible to check multiple signatures:
- * PGP 2 (which is also allowed by OpenPGP), does use the packet
- * sequence: sig+data, OpenPGP does use onepas+data=sig and GnuPG
- * sometimes uses (because I did'nt read the specs right) data+sig.
- * Because it is possible to create multiple signatures with
- * different packet sequence (e.g. data+sig and sig+data) it might
- * not be possible to get it right: let's say we have:
- * data+sig, sig+data,sig+data and we have not yet encountered the last
- * data, we could also see this a one data with 2 signatures and then
- * data+sig.
- * To protect against this we check that all signatures follow
- * without any intermediate packets. Note, that we won't get this
- * error when we use onepass packets or cleartext signatures because
- * we reset the list every time
- *
- * FIXME: Now that we have these marker packets, we should create a
- * real grammar and check against this.
- */
- {
- KBNODE n;
- int n_sig=0;
+ /* Check that the message composition is valid.
- for (n=c->list; n; n=n->next ) {
- if ( n->pkt->pkttype == PKT_SIGNATURE )
- n_sig++;
- }
- if (n_sig > 1) { /* more than one signature - check sequence */
- int tmp, onepass;
+ Per RFC-2440bis (-15) allowed:
- for (tmp=onepass=0,n=c->list; n; n=n->next ) {
- if (n->pkt->pkttype == PKT_ONEPASS_SIG)
- onepass++;
- else if (n->pkt->pkttype == PKT_GPG_CONTROL
- && n->pkt->pkt.gpg_control->control
- == CTRLPKT_CLEARSIGN_START ) {
- onepass++; /* handle the same way as a onepass */
- }
- else if ( (tmp && n->pkt->pkttype != PKT_SIGNATURE) ) {
- log_error(_("can't handle these multiple signatures\n"));
- return 0;
- }
- else if ( n->pkt->pkttype == PKT_SIGNATURE )
- tmp = 1;
- else if (!tmp && !onepass
- && n->pkt->pkttype == PKT_GPG_CONTROL
- && n->pkt->pkt.gpg_control->control
- == CTRLPKT_PLAINTEXT_MARK ) {
- /* plaintext before signatures but no one-pass packets*/
- log_error(_("can't handle these multiple signatures\n"));
- return 0;
- }
- }
- }
- }
+ S{1,n} -- detached signature.
+ S{1,n} P -- old style PGP2 signature
+ O{1,n} P S{1,n} -- standard OpenPGP signature.
+ C P S{1,n} -- cleartext signature.
+
+ O = One-Pass Signature packet.
+ S = Signature packet.
+ P = OpenPGP Message packet (Encrypted | Compressed | Literal)
+ (Note that the current rfc2440bis draft also allows
+ for a signed message but that does not work as it
+ introduces ambiguities.)
+ We keep track of these packages using the marker packet
+ CTRLPKT_PLAINTEXT_MARK.
+ C = Marker packet for cleartext signatures.
+
+ We reject all other messages.
+
+ Actually we are calling this too often, i.e. for verification of
+ each message but better have some duplicate work than to silently
+ introduce a bug here.
+ */
+ {
+ KBNODE n;
+ int n_onepass, n_sig;
+
+/* log_debug ("checking signature packet composition\n"); */
+/* dump_kbnode (c->list); */
+
+ n = c->list;
+ assert (n);
+ if ( n->pkt->pkttype == PKT_SIGNATURE )
+ {
+ /* This is either "S{1,n}" case (detached signature) or
+ "S{1,n} P" (old style PGP2 signature). */
+ for (n = n->next; n; n = n->next)
+ if (n->pkt->pkttype != PKT_SIGNATURE)
+ break;
+ if (!n)
+ ; /* Okay, this is a detached signature. */
+ else if (n->pkt->pkttype == PKT_GPG_CONTROL
+ && (n->pkt->pkt.gpg_control->control
+ == CTRLPKT_PLAINTEXT_MARK) )
+ {
+ if (n->next)
+ goto ambiguous; /* We only allow one P packet. */
+ }
+ else
+ goto ambiguous;
+ }
+ else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
+ {
+ /* This is the "O{1,n} P S{1,n}" case (standard signature). */
+ for (n_onepass=1, n = n->next;
+ n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
+ n_onepass++;
+ if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
+ && (n->pkt->pkt.gpg_control->control
+ == CTRLPKT_PLAINTEXT_MARK)))
+ goto ambiguous;
+ for (n_sig=0, n = n->next;
+ n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
+ n_sig++;
+ if (!n_sig)
+ goto ambiguous;
+ if (n && !opt.allow_multisig_verification)
+ goto ambiguous;
+ if (n_onepass != n_sig)
+ {
+ log_info ("number of one-pass packets does not match "
+ "number of signature packets\n");
+ goto ambiguous;
+ }
+ }
+ else if (n->pkt->pkttype == PKT_GPG_CONTROL
+ && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
+ {
+ /* This is the "C P S{1,n}" case (clear text signature). */
+ n = n->next;
+ if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
+ && (n->pkt->pkt.gpg_control->control
+ == CTRLPKT_PLAINTEXT_MARK)))
+ goto ambiguous;
+ for (n_sig=0, n = n->next;
+ n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
+ n_sig++;
+ if (n || !n_sig)
+ goto ambiguous;
+ }
+ else
+ {
+ ambiguous:
+ log_error(_("can't handle this ambiguous signature data\n"));
+ return 0;
+ }
+
+ }
+
+ /* (Indendation below not yet changed to GNU style.) */
+
astr = pubkey_algo_to_string( sig->pubkey_algo );
if(keystrlen()>8)
{
Modified: tags/V1-4-2/g10/options.h
===================================================================
--- tags/V1-4-2/g10/options.h 2006-03-08 02:40:42 UTC (rev 4046)
+++ tags/V1-4-2/g10/options.h 2006-03-08 09:11:34 UTC (rev 4047)
@@ -207,6 +207,9 @@
int disable_ccid; /* Disable the use of the internal CCID driver. */
#endif /*ENABLE_CARD_SUPPORT*/
+ /* True if multiple concatenated signatures may be verified. */
+ int allow_multisig_verification;
+
} opt;
/* CTRL is used to keep some global variables we currently can't
More information about the Gnupg-commits
mailing list