bug fixes

9 files changed, 108 insertions, 30 deletions

diff --git a/NEWS b/NEWS
index e7dcef3bb..14fc3e6e2 100644
--- a/NEWS
+++ b/NEWS
@@ -24,11 +24,15 @@
     * Merged Stefan's patches for RISC OS in.  See comments in
       scripts/build-riscos. 
 
-    * It is now possible to sign and convenional encrypt a message (-cs).
+    * It is now possible to sign and conventional encrypt a message (-cs).
 
     * The MDC feature flag is supported and can be set by using
       the "updpref" edit command.
- 
+
+    * The status messages GOODSIG and BADSIG are now returning the primary
+      UID, encoded using %XX escaping (but with spaces left as spaces,
+      so that it should not break too much)
+
 
 Noteworthy changes in version 1.0.6 (2001-05-29)
 ------------------------------------------------
@@ -96,8 +100,8 @@ Noteworthy changes in version 1.0.5 (2001-04-29)
     * The verification status of self-signatures are now cached. To
       increase the speed of key list operations for existing keys you
       can do the following in your GnuPG homedir (~/.gnupg):
-         $ cp pubring.gpg pubring.gpg.save && $ gpg --export-all >x && \
-          rm pubring.gpg && gpg --import x
+         cp pubring.gpg pubring.gpg.save && gpg --export-all >x && \
+         rm pubring.gpg && gpg --import x
       Only v4 keys (i.e not the old RSA keys) benefit from this caching.
 
     * New translations: Estonian, Turkish.
diff --git a/TODO b/TODO
index ee3998651..fb0e332e6 100644
--- a/TODO
+++ b/TODO
@@ -1,6 +1,4 @@
 
-  * need a BAD_PASSPHRASE status for -c
-
   * add listing of notation data
 
   * Check the changes to the gpg random gatherer on all W32 platforms.
@@ -12,8 +10,6 @@
 
   * set default charset from nl_langinfo.
 
-  * check all mpi_read() for error returns.
-
   * Check that no secret temporary results are stored in the result parameter
     of the mpi functions.  We have already done this for mpi-mul.c 
 
@@ -82,11 +78,6 @@
   * Add option to put the list of recipients (from the encryption
     layer) into the signatures notation data.
 
-  * v3 RSA keys do work but the user IDs are shown as [?] which
-    cheking the signatures.  Reported by Dave Dykstra.  Print
-    "[uncertain]" + user ID
-
-
 Scheduled for 1.1
 -----------------
   * export by user-IDs does only export the first matching name which leads
diff --git a/doc/DETAILS b/doc/DETAILS
index 7386bed9e..cc326d80b 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -83,13 +83,16 @@ more arguments in future versions.
 
 
     GOODSIG	<long keyid>  <username>
-	The signature with the keyid is good.
-        For each signature only one of the three codes GOODSIG, BADSIG
-        or ERRSIG will be emitted and they may be used as a marker for
-        a new signature.
+	The signature with the keyid is good.  For each signature only
+        one of the three codes GOODSIG, BADSIG or ERRSIG will be
+        emitted and they may be used as a marker for a new signature.
+        The username is the primary one encoded in UTF-8 and %XX
+        escaped.
 
     BADSIG	<long keyid>  <username>
 	The signature with the keyid has not been verified okay.
+        The username is the primary one encoded in UTF-8 and %XX
+        escaped.
 
     ERRSIG  <long keyid>  <pubkey_algo> <hash_algo> \
 	    <sig_class> <timestamp> <rc>
diff --git a/doc/gpg.sgml b/doc/gpg.sgml
index ae1165765..1a1d71aa7 100644
--- a/doc/gpg.sgml
+++ b/doc/gpg.sgml
@@ -788,7 +788,10 @@ Assume "yes" on most questions.
 <term>--always-trust</term>
 <listitem><para>
 Skip key validation and assume that used keys are always fully trusted.
-You won't use this unless you have installed some external validation scheme.
+You won't use this unless you have installed some external validation
+scheme.  This option also suppresses the "[uncertain]" tag printed
+with signature checks when there is no evidence that the user ID
+is bound to the key.
 </para></listitem></varlistentry>
 
 
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 23fc5e3eb..aca8f7bb3 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,13 @@
+2001-08-31  Werner Koch  <[email protected]>
+
+	* parse-packet.c (parse_key,parse_pubkeyenc)
+	(parse_signature): Return error on reading bad MPIs.
+	
+	* mainproc.c (check_sig_and_print): Always print the user ID even
+	if it is not bound by a signature.  Use the primary UID in the
+	status messages and encode them in UTF-8
+	* status.c (write_status_text_and_buffer): New.
+
 2001-08-30  Werner Koch  <[email protected]>
 
 	* packet.h (sigsubpkttype_t): Add SIGSUBPKT_FEATURES.
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 02a423804..9023168b2 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1275,14 +1275,13 @@ check_sig_and_print( CTX c, KBNODE node )
     }
     if( !rc || rc == G10ERR_BAD_SIGN ) {
 	KBNODE un, keyblock;
-	char *us;
 	int count=0;
+        char keyid_str[50];
 
 	keyblock = get_pubkeyblock( sig->keyid );
 
-	us = get_long_user_id_string( sig->keyid );
-	write_status_text( rc? STATUS_BADSIG : STATUS_GOODSIG, us );
-	m_free(us);
+        sprintf (keyid_str, "%08lX%08lX [uncertain] ",
+                 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
 
         /* find and print the primary user ID */
 	for( un=keyblock; un; un = un->next ) {
@@ -1293,6 +1292,13 @@ check_sig_and_print( CTX c, KBNODE node )
             if ( !un->pkt->pkt.user_id->is_primary )
                 continue;
             
+            keyid_str[17] = 0; /* cut off the "[uncertain]" part */
+            write_status_text_and_buffer (rc? STATUS_BADSIG:STATUS_GOODSIG,
+                                          keyid_str, 
+                                          un->pkt->pkt.user_id->name,
+                                          un->pkt->pkt.user_id->len, 
+                                          -1 );
+
             log_info(rc? _("BAD signature from \"")
                        : _("Good signature from \""));
 	    print_utf8_string( log_stream(), un->pkt->pkt.user_id->name,
@@ -1301,9 +1307,30 @@ check_sig_and_print( CTX c, KBNODE node )
             count++;
 	}
 	if( !count ) {	/* just in case that we have no userid */
+            for( un=keyblock; un; un = un->next ) {
+                if( un->pkt->pkttype == PKT_USER_ID )
+                    break;
+            }
+
+            if (opt.always_trust || !un)
+                keyid_str[17] = 0; /* cut off the "[uncertain]" part */
+
+            write_status_text_and_buffer (rc? STATUS_BADSIG:STATUS_GOODSIG,
+                                          keyid_str, 
+                                          un? un->pkt->pkt.user_id->name:"[?]",
+                                          un? un->pkt->pkt.user_id->len:3, 
+                                          -1 );
+
 	    log_info(rc? _("BAD signature from \"")
 		       : _("Good signature from \""));
-	    fputs("[?]\"\n", log_stream() );
+            if (!opt.always_trust && un) {
+                fputs(_("[uncertain]"), log_stream() );
+                putc(' ', log_stream() );
+            }
+            print_utf8_string( log_stream(),
+                               un? un->pkt->pkt.user_id->name:"[?]",
+                               un? un->pkt->pkt.user_id->len:3 );
+	    fputs("\"\n", log_stream() );
 	}
 
         /* If we have a good signature and already printed 
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 50e293097..96bebd243 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -703,6 +703,8 @@ parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
 		mpi_print(stdout, k->data[i], mpi_print_mode );
 		putchar('\n');
 	    }
+            if (!k->data[i])
+                rc = G10ERR_INVALID_PACKET;
 	}
     }
 
@@ -1237,6 +1239,8 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
 		mpi_print(stdout, sig->data[i], mpi_print_mode );
 		putchar('\n');
 	    }
+            if (!sig->data[i])
+                rc = G10ERR_INVALID_PACKET;
 	}
     }
 
@@ -1404,7 +1408,11 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 		mpi_print(stdout, sk->skey[i], mpi_print_mode  );
 		putchar('\n');
 	    }
+            if (!sk->skey[i])
+                rc = G10ERR_INVALID_PACKET;
 	}
+        if (rc) /* one of the MPIs were bad */
+            goto leave;
 	sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
 	if( sk->protect.algo ) {
 	    sk->is_protected = 1;
@@ -1551,7 +1559,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 	else { /* v3 method: the mpi length is not encrypted */
 	    for(i=npkey; i < nskey; i++ ) {
 		n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
-		if( sk->is_protected )
+		if( sk->is_protected && sk->skey[i] )
 		    mpi_set_protect_flag(sk->skey[i]);
 		if( list_mode ) {
 		    printf(  "\tskey[%d]: ", i);
@@ -1562,7 +1570,11 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 			putchar('\n');
 		    }
 		}
+                if (!sk->skey[i])
+                    rc = G10ERR_INVALID_PACKET;
 	    }
+            if (rc)
+                goto leave;
 
 	    sk->csum = read_16(inp); pktlen -= 2;
 	    if( list_mode ) {
@@ -1587,7 +1599,11 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 		mpi_print(stdout, pk->pkey[i], mpi_print_mode  );
 		putchar('\n');
 	    }
+            if (!pk->pkey[i])
+                rc = G10ERR_INVALID_PACKET;
 	}
+        if (rc)
+            goto leave;
     }
 
   leave:
diff --git a/g10/status.c b/g10/status.c
index 5bbdb19b8..9ada277da 100644
--- a/g10/status.c
+++ b/g10/status.c
@@ -212,28 +212,43 @@ write_status_text ( int no, const char *text)
 
 
 /*
- * Write a status line with a buffer using %XX escapes.  
- * If WRAP is > 0 wrap the line after this length. 
+ * Write a status line with a buffer using %XX escapes.  If WRAP is >
+ * 0 wrap the line after this length.  If STRING is not NULL it will
+ * be prepended to the buffer, no escaping is done for string.
+ * A wrap of -1 forces spaces not to be encoded as %20.
  */
 void
-write_status_buffer ( int no, const char *buffer, size_t len, int wrap )
+write_status_text_and_buffer ( int no, const char *string,
+                               const char *buffer, size_t len, int wrap )
 {
     const char *s, *text;
-    int esc;
+    int esc, first;
+    int lower_limit = ' ';
     size_t n, count, dowrap;
 
     if( !statusfp )
 	return;  /* not enabled */
+    
+    if (wrap == -1) {
+        lower_limit--;
+        wrap = 0;
+    }
 
     text = get_status_string (no);
-    count = dowrap = 1;
+    count = dowrap = first = 1;
     do {
         if (dowrap) {
             fprintf (statusfp, "[GNUPG:] %s ", text );
             count = dowrap = 0;
+            if (first && string) {
+                fputs (string, statusfp);
+                count += strlen (string);
+            }
+            first = 0;
         }
         for (esc=0, s=buffer, n=len; n && !esc; s++, n-- ) {
-            if ( *s == '%' || *(const byte*)s <= ' ' ) 
+            if ( *s == '%' || *(const byte*)s <= lower_limit 
+                           || *(const byte*)s == 127 ) 
                 esc = 1;
             if ( wrap && ++count > wrap ) {
                 dowrap=1;
@@ -259,6 +274,13 @@ write_status_buffer ( int no, const char *buffer, size_t len, int wrap )
     fflush (statusfp);
 }
 
+void
+write_status_buffer ( int no, const char *buffer, size_t len, int wrap )
+{
+    write_status_text_and_buffer (no, NULL, buffer, len, wrap);
+}
+
+
 
 #ifdef USE_SHM_COPROCESSING
 
diff --git a/g10/status.h b/g10/status.h
index 51a39f0a7..271959fa6 100644
--- a/g10/status.h
+++ b/g10/status.h
@@ -98,6 +98,8 @@ void write_status ( int no );
 void write_status_text ( int no, const char *text );
 void write_status_buffer ( int no,
                            const char *buffer, size_t len, int wrap );
+void write_status_text_and_buffer ( int no, const char *text,
+                                    const char *buffer, size_t len, int wrap );
 
 #ifdef USE_SHM_COPROCESSING
   void init_shm_coprocessing ( ulong requested_shm_size, int lock_mem );