* misc.c (pct_expando), options.skel: Use %t to indicate type of a photo

ID (in this version, it's always "jpeg").  Also tweak string expansion
loop to minimize reallocs.

* mainproc.c (do_check_sig): Variable type fix.

* keyedit.c (menu_set_primary_uid): Differentiate between true user IDs
and attribute user IDs when making one of them primary. That is, if we are
making a user ID primary, we alter user IDs. If we are making an attribute
packet primary, we alter attribute packets.  This matches the language in
the latest attribute packet draft.

* keyedit.c (sign_uids): No need for the empty string hack.

* getkey.c (fixup_uidnode): Only accept preferences from the hashed
segment of the self-sig.

6 files changed, 65 insertions, 25 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 17fcecdfd..d45c5e38a 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,23 @@
+2002-04-10  David Shaw  <[email protected]>
+
+	* misc.c (pct_expando), options.skel: Use %t to indicate type of a
+	photo ID (in this version, it's always "jpeg").  Also tweak string
+	expansion loop to minimize reallocs.
+
+	* mainproc.c (do_check_sig): Variable type fix.
+
+	* keyedit.c (menu_set_primary_uid): Differentiate between true
+	user IDs and attribute user IDs when making one of them primary.
+	That is, if we are making a user ID primary, we alter user IDs.
+	If we are making an attribute packet primary, we alter attribute
+	packets.  This matches the language in the latest attribute packet
+	draft.
+
+	* keyedit.c (sign_uids): No need for the empty string hack.
+
+	* getkey.c (fixup_uidnode): Only accept preferences from the
+	hashed segment of the self-sig.
+
 2002-04-10  Werner Koch  <[email protected]>
 
 	* tdbio.c (migrate_from_v2): Fixed the offset to read the old
diff --git a/g10/getkey.c b/g10/getkey.c
index 901ea9b00..e91e0edb8 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1109,17 +1109,14 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
      * For now we only look at the hashed one. 
      */
 
-    /* now build the preferences list.  We try to get the preferences
-     * from the hashed list but if there are no such preferences, we
-     * try to get them from the unhashed list.  There is no risk with
-     * that, because our implementation comes only with strong
-     * algorithms and it would be fruitless for an attacker to insert
-     * an weak algorithm.  */
-    p = parse_sig_subpkt2 ( sig, SIGSUBPKT_PREF_SYM, &n );
+    /* Now build the preferences list.  These must come from the
+       hashed section so nobody can modify the ciphers a key is
+       willing to accept. */
+    p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_SYM, &n );
     sym = p; nsym = p?n:0;
-    p = parse_sig_subpkt2 ( sig, SIGSUBPKT_PREF_HASH, &n );
+    p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_HASH, &n );
     hash = p; nhash = p?n:0;
-    p = parse_sig_subpkt2 ( sig, SIGSUBPKT_PREF_COMPR, &n );
+    p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n );
     zip = p; nzip = p?n:0;
     if (uid->prefs) 
         m_free (uid->prefs);
diff --git a/g10/keyedit.c b/g10/keyedit.c
index c7650e278..c29a385e7 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -371,9 +371,6 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 
 		    /* Fixme: see whether there is a revocation in which
 		     * case we should allow to sign it again. */
-                    /* Note: I kept the %s and the empty string in the
-                       else branch so that not too many translations
-                       get broken. */
                     if (!node->pkt->pkt.signature->flags.exportable && local)
                       tty_printf(_(
                          "\"%s\" was already locally signed by key %08lX\n"),
@@ -381,9 +378,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
                                    (ulong)sk_keyid[1] );
                     else
                       tty_printf(_(
-                         "\"%s\" was already %ssigned by key %08lX\n"),
+                         "\"%s\" was already signed by key %08lX\n"),
                                  uidnode->pkt->pkt.user_id->name,
-                                 "",(ulong)sk_keyid[1] );
+				 (ulong)sk_keyid[1] );
                     sprintf (buf, "%08lX%08lX",
                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
                     write_status_text (STATUS_ALREADY_SIGNED, buf);
@@ -2013,6 +2010,7 @@ menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
     KBNODE node;
     u32 keyid[2];
     int selected;
+    int attribute = 0;
     int modified = 0;
 
     if ( count_selected_uids (pub_keyblock) != 1 ) {
@@ -2027,6 +2025,12 @@ menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
     main_pk = NULL;
     uid = NULL;
     selected = 0;
+
+    /* Is our selected uid an attribute packet? */
+    for ( node=pub_keyblock; node; node = node->next )
+      if (node->pkt->pkttype == PKT_USER_ID && node->flag & NODFLG_SELUID)
+	attribute = (node->pkt->pkt.user_id->attrib_data!=NULL);
+
     for ( node=pub_keyblock; node; node = node->next ) {
 	if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
             break; /* ready */
@@ -2043,10 +2047,17 @@ menu_set_primary_uid ( KBNODE pub_keyblock, KBNODE sec_keyblock )
 	    PKT_signature *sig = node->pkt->pkt.signature;
 	    if ( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
 		&& (uid && (sig->sig_class&~3) == 0x10)
-                && sig->version >= 4 ) {
-		/* this is a selfsignature which is to be replaced 
-                 * we can just ignore v3 signatures because they are
-                 * not able to carry the primary ID flag */
+                && sig->version >= 4
+		&& attribute == (uid->attrib_data!=NULL)) {
+	        /* This is a selfsignature which is to be replaced.
+		   We can just ignore v3 signatures because they are
+		   not able to carry the primary ID flag.  We also
+		   ignore self-sigs on user IDs that are not of the
+		   same type that we are making primary.  That is, if
+		   we are making a user ID primary, we alter user IDs.
+		   If we are making an attribute packet primary, we
+		   alter attribute packets. */
+
                 /* FIXME: We must make sure that we only have one
                    self-signature per user ID here (not counting
                    revocations) */
diff --git a/g10/mainproc.c b/g10/mainproc.c
index c75b36d82..defd3a47d 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -623,7 +623,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
 {
     PKT_signature *sig;
     MD_HANDLE md = NULL, md2 = NULL;
-    int algo, rc, dummy, dum2;
+    int algo, rc, dum2;
+    u32 dummy;
 
     if(!is_expkey)
       is_expkey=&dum2;
diff --git a/g10/misc.c b/g10/misc.c
index 2f8d28af7..99c6bb7b9 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -439,8 +439,8 @@ idea_cipher_warn(int show)
     }
 }
 
-/* The largest string we have an expando for, times two. */
-#define LARGEST_EXPANDO ((MAX_FINGERPRINT_LEN*2)*2)
+/* The largest string we have an expando for. */
+#define LARGEST_EXPANDO (MAX_FINGERPRINT_LEN*2)
 
 /* Expand %-strings.  Returns a string which must be m_freed.  Returns
    NULL if the string cannot be expanded (too large). */
@@ -454,7 +454,7 @@ pct_expando(const char *string,PKT_public_key *pk)
 
   keyid_from_pk(pk,keyid);
 
-  maxlen=LARGEST_EXPANDO;
+  maxlen=LARGEST_EXPANDO*2;
   ret=m_alloc(maxlen+1);  /* one more to leave room for the trailing \0 */
 
   ret[0]='\0';
@@ -464,7 +464,7 @@ pct_expando(const char *string,PKT_public_key *pk)
       /* 8192 is way bigger than we'll need here */
       if(maxlen-idx<LARGEST_EXPANDO && maxlen<8192)
 	{
-	  maxlen+=LARGEST_EXPANDO;
+	  maxlen+=LARGEST_EXPANDO*2;
 	  ret=m_realloc(ret,maxlen+1);
 	}
 
@@ -508,7 +508,17 @@ pct_expando(const char *string,PKT_public_key *pk)
 		  }
 	      }
 	      break;
-		
+
+	      /* photo type. For now, it's always jpeg so this is
+                 easy! */
+	    case 't':
+	      if(idx+4>maxlen)
+		goto fail;
+
+	      strcpy(&ret[idx],"jpeg");
+	      idx+=4;
+	      break;
+
 	    case '%':
 	      if(idx+1>maxlen)
 		goto fail;
diff --git a/g10/options.skel b/g10/options.skel
index 0458ac7b0..14fd533cb 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -160,6 +160,7 @@ lock-once
 # %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
 # %k is expanded to the key ID of the key.
 # %K is expanded to the long OpenPGP key ID of the key.
+# %t is expanded to the type of image (e.g. "jpeg").
 # %f is expanded to the fingerprint of the key.
 # %% is %, of course.
 #
@@ -179,7 +180,7 @@ lock-once
 # photo-viewer "cat > ~/photoid-for-key-%k.jpg"
 #
 # Use your MIME handler to view photos:
-# photo-viewer "metamail -q -d -b -c image/jpeg -s 'KeyID 0x%k' -f GnuPG"
+# photo-viewer "metamail -q -d -b -c image/%t -s 'KeyID 0x%k' -f GnuPG"
 
 
 # Passphrase agent