11 files changed, 47 insertions, 28 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index b4a74ab72..3ddb311e3 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+Sun May  3 17:50:26 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* packet.h (PKT_OLD_COMMENT): New name for type 16.
+	* parse-packet.c (parse_comment): Now uses type 61
+
 Fri May  1 12:44:39 1998  Werner Koch,mobil,,,	(wk@tobold)
 
 	* packet.h (count): Chnaged s2k count from byte to u32.
diff --git a/g10/build-packet.c b/g10/build-packet.c
index 384957515..eff3314a5 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -68,6 +68,8 @@ build_packet( IOBUF out, PACKET *pkt )
 
     if( DBG_PACKET )
 	log_debug("build_packet() type=%d\n", pkt->pkttype );
+    if( pkt->pkttype == PKT_OLD_COMMENT )
+	pkt->pkttype = PKT_COMMENT;
     assert( pkt->pkt.generic );
     if( pkt->pkttype > 15 ) /* new format */
 	ctb = 0xc0 | (pkt->pkttype & 0x3f);
@@ -109,7 +111,7 @@ build_packet( IOBUF out, PACKET *pkt )
 	break;
       case PKT_RING_TRUST:
       default:
-	log_bug("invalid packet type in build_packet()");
+	log_bug("invalid packet type in build_packet()\n");
 	break;
     }
 
diff --git a/g10/keydb.h b/g10/keydb.h
index 96dc652df..d2b64ea19 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -97,7 +97,7 @@ int  build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list,
 /*-- passphrase.h --*/
 void set_passphrase_fd( int fd );
 int  get_passphrase_fd(void);
-DEK *get_passphrase_hash( u32 *keyid, char *text, STRING2KEY *s2k );
+DEK *get_passphrase_hash( u32 *keyid, int cipher_algo, STRING2KEY *s2k );
 int make_dek_from_passphrase( DEK *dek, int mode, STRING2KEY *s2k );
 
 /*-- getkey.c --*/
diff --git a/g10/keygen.c b/g10/keygen.c
index 1d3f9004e..bcef7528a 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -532,7 +532,7 @@ generate_keypair()
     for(;;) {
 	dek->algo = CIPHER_ALGO_BLOWFISH;
 	s2k->mode = 1;
-	s2k->hash_algo = DIGESTA_ALGO_RMD160;
+	s2k->hash_algo = DIGEST_ALGO_RMD160;
 	rc = make_dek_from_passphrase( dek , 2, s2k );
 	if( rc == -1 ) {
 	    m_free(dek); dek = NULL;
diff --git a/g10/ks-proto.c b/g10/ks-proto.c
index 91ced86f6..38f21762b 100644
--- a/g10/ks-proto.c
+++ b/g10/ks-proto.c
@@ -25,15 +25,16 @@
 #include "util.h"
 #include "ks-proto.h"
 
+#if 0
 /****************
  * Read a protocol line
  */
 static int
 read_line( FILE *fp )
 {
-
+    return -1;
 }
-
+#endif
 
 
 
diff --git a/g10/packet.h b/g10/packet.h
index fb8ac20d8..4f3efec9b 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -49,7 +49,8 @@ typedef enum {
 	PKT_RING_TRUST	  =12, /* keyring trust packet */
 	PKT_USER_ID	  =13, /* user id packet */
 	PKT_PUBKEY_SUBCERT=14, /* subkey certificate (OpenPGP) */
-	PKT_COMMENT	  =16  /* new comment packet (OpenPGP) */
+	PKT_OLD_COMMENT   =16, /* comment packet from an OpenPGP draft */
+	PKT_COMMENT	  =61  /* new comment packet (private) */
 } pkttype_t;
 
 typedef struct packet_struct PACKET;
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index f7913d3f9..0f54d3a86 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -303,6 +303,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
       case PKT_USER_ID:
 	rc = parse_user_id(inp, pkttype, pktlen, pkt );
 	break;
+      case PKT_OLD_COMMENT:
       case PKT_COMMENT:
 	rc = parse_comment(inp, pkttype, pktlen, pkt);
 	break;
@@ -838,10 +839,10 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
 
     version = iobuf_get_noeof(inp); pktlen--;
     if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
-	/* early versions of G10 use old comments packets; luckily all those
-	 * comments are started by a hash */
+	/* early versions of G10 use old PGP comments packets;
+	 * luckily all those comments are started by a hash */
 	if( list_mode ) {
-	    printf(":old comment packet: \"" );
+	    printf(":rfc1991 comment packet: \"" );
 	    for( ; pktlen; pktlen-- ) {
 		int c;
 		c = iobuf_get_noeof(inp);
@@ -1267,7 +1268,8 @@ parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
 
     if( list_mode ) {
 	int n = packet->pkt.comment->len;
-	printf(":comment packet: \"");
+	printf(":%scomment packet: \"", pkttype == PKT_OLD_COMMENT?
+					 "OpenPGP draft " : "" );
 	for(p=packet->pkt.comment->data; n; p++, n-- ) {
 	    if( *p >= ' ' && *p <= 'z' )
 		putchar(*p);
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 5ae3966ac..9711f5aff 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -33,7 +33,7 @@
 
 static int pwfd = -1;
 
-static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k );
+static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create );
 
 void
 set_passphrase_fd( int fd )
@@ -54,7 +54,7 @@ get_passphrase_fd()
  * Returns: m_alloced md5 passphrase hash; caller must free
  */
 DEK *
-get_passphrase_hash( u32 *keyid, char *text, byte *salt )
+get_passphrase_hash( u32 *keyid, int cipher_algo, STRING2KEY *s2k )
 {
     char *pw;
     DEK *dek;
@@ -97,9 +97,8 @@ get_passphrase_hash( u32 *keyid, char *text, byte *salt )
 	tty_kill_prompt();
     }
     dek = m_alloc_secure( sizeof *dek );
-    dek->algo = CIPHER_ALGO_BLOWFISH; /* fixme: allow others ciphers */
-    if( hash_passphrase( dek, pw, salt ) )
-	log_bug("get_passphrase_hash\n");
+    dek->algo = cipher_algo;
+    hash_passphrase( dek, pw, s2k, 0 );
     m_free(pw); /* is allocated in secure memory, so it will be burned */
     return dek;
 }
@@ -146,20 +145,19 @@ static void
 hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
 {
     MD_HANDLE md;
-    int rc = 0;
 
     assert( s2k->hash_algo );
     dek->keylen = 0;
     md = md_open( s2k->hash_algo, 1);
     if( s2k->mode == 1 || s2k->mode == 4 ) {
 	if( create )
-	    randomize_buffer(&s2k->salt, 8, 1);
+	    randomize_buffer(s2k->salt, 8, 1);
 	md_write( md, s2k->salt, 8 );
     }
     md_write( md, pw, strlen(pw) );
     md_final( md );
-    dek->keylen = cipher_get_keylen( dek->algo );
-    assert(dek->keylen > 0 && dek->keylen < DIM(dek->key) );
+    dek->keylen = cipher_get_keylen( dek->algo ) / 8;
+    assert(dek->keylen > 0 && dek->keylen <= DIM(dek->key) );
     memcpy( dek->key, md_read(md,0), dek->keylen );
     md_close(md);
 }
diff --git a/g10/ringedit.c b/g10/ringedit.c
index a7797a358..def4a4306 100644
--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@@ -673,11 +673,13 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
 	  default:
 	    /* skip pakets at the beginning of a keyring, until we find
 	     * a start packet; issue a warning if it is not a comment */
-	    if( !root && pkt->pkttype != PKT_COMMENT )
+	    if( !root && pkt->pkttype != PKT_COMMENT
+		      && pkt->pkttype != PKT_OLD_COMMENT )
 		log_info("keyring_enum: skipped packet of type %d\n",
 			    pkt->pkttype );
 	    if( !root || (skipsigs && ( pkt->pkttype == PKT_SIGNATURE
-				      ||pkt->pkttype == PKT_COMMENT )) ) {
+				      ||pkt->pkttype == PKT_COMMENT
+				      ||pkt->pkttype == PKT_OLD_COMMENT )) ) {
 		init_packet(pkt);
 		break;
 	    }
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 340551cb2..23ba0314b 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -54,12 +54,8 @@ do_check( PKT_secret_cert *cert )
 	  case CIPHER_ALGO_BLOWFISH:
 	  case CIPHER_ALGO_CAST:
 	    keyid_from_skc( cert, keyid );
-	    if( cert->protect.s2k.mode == 1 || cert->protect.s2k.mode == 4 )
-		dek = get_passphrase_hash( keyid, NULL,
-						 cert->protect.s2k.salt );
-	    else
-		dek = get_passphrase_hash( keyid, NULL, NULL );
-
+	    dek = get_passphrase_hash( keyid, cert->protect.algo,
+					      &cert->protect.s2k );
 	    cipher_hd = cipher_open( cert->protect.algo,
 				     CIPHER_MODE_AUTO_CFB, 1);
 	    cipher_setkey( cipher_hd, dek->key, dek->keylen );
@@ -216,11 +212,22 @@ check_secret_key( PKT_secret_cert *cert )
 
     for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
 	if( i )
-	    log_error("Invalid passphrase; please try again ...\n");
+	    log_error("Invalid passphrase; please try again ...\n\n");
 	switch( cert->pubkey_algo ) {
 	  case PUBKEY_ALGO_ELGAMAL:
 	  case PUBKEY_ALGO_DSA:
 	    rc = do_check( cert );
+	    if( rc == G10ERR_BAD_PASS && cert->is_protected
+		&& cert->protect.algo == CIPHER_ALGO_BLOWFISH ) {
+		/* Workaround for a bug in 0.2.16 which still used
+		 * a 160 bit key for BLOWFISH. */
+		log_info("trying workaround for 0.2.16 passphrase bug ...\n");
+		cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
+		rc = do_check( cert );
+		if( rc )
+		    rc = G10ERR_BAD_PASS;
+		cert->protect.algo = CIPHER_ALGO_BLOWFISH;
+	    }
 	    break;
 	  default: rc = G10ERR_PUBKEY_ALGO;
 	}
diff --git a/g10/sign.c b/g10/sign.c
index 5c68bbb6d..ddcded7f1 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -406,6 +406,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
     else {
 	const char *s = digest_algo_to_string(opt.def_digest_algo);
 	assert(s);
+	iobuf_writestr(out, "Hash: " );
 	iobuf_writestr(out, s );
 	iobuf_writestr(out, "\n\n" );
     }