diff options
| author | David Shaw <[email protected]> | 2002-04-18 18:23:22 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-04-18 18:23:22 +0000 |
| commit | c07113d26596aec15f92d29a512761d10881928b (patch) | |
| tree | b3edbd56966792a109d709687b140690532b7242 | |
| parent | * trustdb.c (validate_keys): Never schedule a nextcheck into the (diff) | |
| download | gnupg-c07113d26596aec15f92d29a512761d10881928b.tar.gz gnupg-c07113d26596aec15f92d29a512761d10881928b.zip | |
* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
signatures that can expire. In short, the only thing that can override an
unexpired nonrevocable signature is another unexpired nonrevocable
signature.
* getkey.c (finish_lookup): Always use primary signing key for signatures
when --pgp6 is on since pgp6 and 7 do not understand signatures made by
signing subkeys.
| -rw-r--r-- | g10/ChangeLog | 11 | ||||
| -rw-r--r-- | g10/getkey.c | 11 | ||||
| -rw-r--r-- | g10/trustdb.c | 58 |
3 files changed, 59 insertions, 21 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 00ae585c9..4a8dd899e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,14 @@ +2002-04-18 David Shaw <[email protected]> + + * trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable + signatures that can expire. In short, the only thing that can + override an unexpired nonrevocable signature is another unexpired + nonrevocable signature. + + * getkey.c (finish_lookup): Always use primary signing key for + signatures when --pgp6 is on since pgp6 and 7 do not understand + signatures made by signing subkeys. + 2002-04-18 Werner Koch <[email protected]> * trustdb.c (validate_keys): Never schedule a nextcheck into the diff --git a/g10/getkey.c b/g10/getkey.c index f8c72a8fd..13cd81102 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1826,7 +1826,10 @@ finish_lookup (GETKEY_CTX ctx) PKT_user_id *foundu = NULL; #define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC) unsigned int req_usage = ( ctx->req_usage & USAGE_MASK ); - int req_cert = (ctx->req_usage & PUBKEY_USAGE_CERT); + /* Request the primary if we're certifying another key, and also + if --pgp6 is on (since pgp 6 (and 7) do not understand + signatures made by a signing subkey. */ + int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) | opt.pgp6; u32 latest_date; KBNODE latest_key; u32 curtime = make_timestamp (); @@ -1877,7 +1880,7 @@ finish_lookup (GETKEY_CTX ctx) latest_date = 0; latest_key = NULL; /* do not look at subkeys if a certification key is requested */ - if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_cert) { + if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim) { KBNODE nextk; /* either start a loop or check just this one subkey */ for (k=foundk?foundk:keyblock; k; k = nextk ) { @@ -1930,9 +1933,9 @@ finish_lookup (GETKEY_CTX ctx) /* Okay now try the primary key unless we want an exact * key ID match on a subkey */ - if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_cert) { + if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) { PKT_public_key *pk; - if (DBG_CACHE && !foundk && !req_cert ) + if (DBG_CACHE && !foundk && !req_prim ) log_debug( "\tno suitable subkeys found - trying primary\n"); pk = keyblock->pkt->pkt.public_key; if ( !pk->is_valid ) { diff --git a/g10/trustdb.c b/g10/trustdb.c index 61d6d14ae..4e2e2d0a4 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1057,26 +1057,50 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode, continue; n->flag |= (1<<10); /* mark this node as processed */ - /* If the current signode is a nonrevocable signature, and - we're checking a revocation, then skip. Note that this - will let more recent signatures replace the nonrevocable - signature. Is that the proper behavior? */ - - if(IS_UID_REV(n->pkt->pkt.signature) && - IS_UID_SIG(signode->pkt->pkt.signature) && - !signode->pkt->pkt.signature->flags.revocable) + /* If signode is nonrevocable and unexpired and n isn't, + then take signode (skip). It doesn't matter which is + older: if signode was older then we don't want to take n + as signode is nonrevocable. If n was older then we're + automatically fine. */ + + if(((IS_UID_SIG(signode->pkt->pkt.signature) && + !signode->pkt->pkt.signature->flags.revocable && + (signode->pkt->pkt.signature->expiredate==0 || + signode->pkt->pkt.signature->expiredate>curtime))) && + (!(IS_UID_SIG(n->pkt->pkt.signature) && + !n->pkt->pkt.signature->flags.revocable && + (n->pkt->pkt.signature->expiredate==0 || + n->pkt->pkt.signature->expiredate>curtime)))) continue; - /* A nonrevocable signature n should always replace a - revocation in signode. If n is newer, then there is no - question. If n is older, then it should still replace - signode as the revocation in signode is invalid because n - is nonrevocable. */ + /* If n is nonrevocable and unexpired and signode isn't, + then take n. Again, it doesn't matter which is older: if + n was older then we don't want to take signode as n is + nonrevocable. If signode was older then we're + automatically fine. */ + + if((!(IS_UID_SIG(signode->pkt->pkt.signature) && + !signode->pkt->pkt.signature->flags.revocable && + (signode->pkt->pkt.signature->expiredate==0 || + signode->pkt->pkt.signature->expiredate>curtime))) && + ((IS_UID_SIG(n->pkt->pkt.signature) && + !n->pkt->pkt.signature->flags.revocable && + (n->pkt->pkt.signature->expiredate==0 || + n->pkt->pkt.signature->expiredate>curtime)))) + { + signode = n; + sigdate = sig->timestamp; + continue; + } + + /* At this point, if it's newer, it goes in as the only + remaining possibilities are signode and n are both either + revocable or expired or both nonrevocable and unexpired. + If the timestamps are equal take the later ordered + packet, presuming that the key packets are hopefully in + their original order. */ - if ((sig->timestamp >= sigdate) || - (IS_UID_REV(signode->pkt->pkt.signature) && - IS_UID_SIG(n->pkt->pkt.signature) && - !n->pkt->pkt.signature->flags.revocable)) + if (sig->timestamp >= sigdate) { signode = n; sigdate = sig->timestamp; |