diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 9 | ||||
| -rw-r--r-- | g10/g10.c | 4 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/sig-check.c | 24 | ||||
| -rw-r--r-- | g10/trustdb.c | 43 |
5 files changed, 66 insertions, 16 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index ca68a142a..416016ef7 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +Fri Jul 2 11:45:54 CEST 1999 Werner Koch <[email protected]> + + + * g10.c (g10_exit): Dump random stats. + + * sig-check.c (check_key_signature,check_key_signature2): Enhanced + version and wrapper for old function. + (do_signature_check,signature_check): Ditto. + Thu Jul 1 12:47:31 CEST 1999 Werner Koch <[email protected]> @@ -1326,8 +1326,10 @@ main( int argc, char **argv ) void g10_exit( int rc ) { - if( opt.debug & DBG_MEMSTAT_VALUE ) + if( opt.debug & DBG_MEMSTAT_VALUE ) { m_print_stats("on exit"); + random_dump_stats(); + } if( opt.debug ) secmem_dump_stats(); secmem_term(); diff --git a/g10/main.h b/g10/main.h index f2c059b33..fec9ae04d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -80,6 +80,8 @@ int clearsign_file( const char *fname, STRLIST locusr, const char *outfile ); /*-- sig-check.c --*/ int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ); +int check_key_signature2( KBNODE root, KBNODE node, + int *is_selfsig, u32 *r_expire ); /*-- delkey.c --*/ int delete_key( const char *username, int secure ); diff --git a/g10/sig-check.c b/g10/sig-check.c index e57ae8019..4731588c6 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -39,6 +39,8 @@ struct cmp_help_context_s { }; +static int do_signature_check( PKT_signature *sig, MD_HANDLE digest, + u32 *r_expire ); static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ); @@ -51,16 +53,26 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig, int signature_check( PKT_signature *sig, MD_HANDLE digest ) { + u32 dummy; + return do_signature_check( sig, digest, &dummy ); +} + +static int +do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire ) +{ PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc=0; if( is_RSA(sig->pubkey_algo) ) write_status(STATUS_RSA_OR_IDEA); + *r_expire = 0; if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; - else + else { + *r_expire = pk->expiredate; rc = do_check( pk, sig, digest ); + } free_public_key( pk ); @@ -398,6 +410,13 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig ) int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) { + u32 dummy; + return check_key_signature2(root, node, is_selfsig, &dummy ); +} + +int +check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) +{ MD_HANDLE md; PKT_public_key *pk; PKT_signature *sig; @@ -406,6 +425,7 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) if( is_selfsig ) *is_selfsig = 0; + *r_expire = 0; assert( node->pkt->pkttype == PKT_SIGNATURE ); assert( root->pkt->pkttype == PKT_PUBLIC_KEY ); @@ -479,7 +499,7 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) rc = do_check( pk, sig, md ); } else - rc = signature_check( sig, md ); + rc = do_signature_check( sig, md, r_expire ); md_close(md); } else { diff --git a/g10/trustdb.c b/g10/trustdb.c index fa1e43a56..b386d7049 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1142,9 +1142,15 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid ) PKT_signature *selfsig = NULL; /* the latest valid self signature */ int rc; - if( DBG_TRUST ) - log_debug("check_uidsigs: %08lX.%lu\n", + if( DBG_TRUST ) { + PKT_user_id *uid; + log_debug("check_uidsigs: %08lX.%lu \"", (ulong)mainkid[1], lid ); + assert(keynode->pkt->pkttype == PKT_USER_ID ); + uid = keynode->pkt->pkt.user_id; + print_string( log_stream(), uid->name, uid->len, '\"' ); + fputs("\"\n", log_stream()); + } /* first we check only the selfsignatures */ for( node=keynode->next; node; node = node->next ) { @@ -1222,7 +1228,8 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid ) static unsigned int check_sig_record( KBNODE keyblock, KBNODE signode, - ulong siglid, int sigidx, u32 *keyid, ulong lid ) + ulong siglid, int sigidx, u32 *keyid, ulong lid, + u32 *r_expire ) { PKT_signature *sig = signode->pkt->pkt.signature; unsigned int sigflag = 0; @@ -1232,7 +1239,7 @@ check_sig_record( KBNODE keyblock, KBNODE signode, if( DBG_TRUST ) log_debug("check_sig_record: %08lX.%lu %lu[%d]\n", (ulong)keyid[1], lid, siglid, sigidx ); - + *r_expire = 0; if( (sig->sig_class&~3) == 0x10 ) /* regular certification */ ; else if( sig->sig_class == 0x30 ) /* cert revocation */ @@ -1243,7 +1250,7 @@ check_sig_record( KBNODE keyblock, KBNODE signode, read_record( siglid, &tmp, 0 ); if( tmp.rectype == RECTYPE_DIR ) { /* the public key is in the trustdb: check sig */ - rc = check_key_signature( keyblock, signode, NULL ); + rc = check_key_signature2( keyblock, signode, NULL, r_expire ); if( !rc ) { /* valid signature */ if( opt.verbose ) log_info("sig %08lX.%lu/%lu[%d]/%08lX: %s\n", @@ -1307,13 +1314,15 @@ check_sig_record( KBNODE keyblock, KBNODE signode, * happen latter. */ static ulong -make_sig_records( KBNODE keyblock, KBNODE uidnode, ulong lid, u32 *mainkid ) +make_sig_records( KBNODE keyblock, KBNODE uidnode, + ulong lid, u32 *mainkid, u32 *min_expire ) { TRUSTREC *srecs, **s_end, *s=NULL, *s2; KBNODE node; PKT_signature *sig; ulong sigrecno, siglid; int i, sigidx = 0; + u32 expire; srecs = NULL; s_end = &srecs; for( node=uidnode->next; node; node = node->next ) { @@ -1356,7 +1365,8 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode, ulong lid, u32 *mainkid ) s->r.sig.sig[sigidx].lid = siglid; s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node, siglid, sigidx, - mainkid, lid ); + mainkid, lid, &expire ); + sigidx++; if( sigidx == SIGS_PER_RECORD ) { s->recnum = tdbio_new_recnum(); @@ -1364,6 +1374,9 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode, ulong lid, u32 *mainkid ) s_end = &s->next; sigidx = 0; } + /* keep track of signers pk expire time */ + if( expire && (!*min_expire || *min_expire > expire ) ) + *min_expire = expire; } if( sigidx ) { s->recnum = tdbio_new_recnum(); @@ -1385,7 +1398,7 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode, ulong lid, u32 *mainkid ) static ulong -make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid ) +make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) { TRUSTREC *urecs, **uend, *u, *u2; KBNODE node; @@ -1414,7 +1427,8 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid ) && (u->r.uid.uidflags & UIDF_VALID) ) /*make_pref_record( &urec, keyid, selfsig )*/; /* create the list of signatures */ - u->r.uid.siglist = make_sig_records( keyblock, node, lid, keyid ); + u->r.uid.siglist = make_sig_records( keyblock, node, + lid, keyid, min_expire ); } uidrecno = urecs? urecs->recnum : 0; @@ -1443,9 +1457,10 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified ) TRUSTREC drec, krec, urec, prec, helprec; int rc = 0; u32 keyid[2]; /* keyid of primary key */ - int mod_up = 0; - int mod_down = 0; +/* int mod_up = 0; + int mod_down = 0; */ ulong recno, r2; + u32 expire; if( opt.dry_run ) return 0; @@ -1494,7 +1509,9 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified ) /* insert new stuff */ drec.r.dir.dirflags &= ~DIRF_REVOKED; drec.r.dir.keylist = make_key_records( keyblock, drec.recnum, keyid ); - drec.r.dir.uidlist = make_uid_records( keyblock, drec.recnum, keyid ); + expire = 0; + drec.r.dir.uidlist = make_uid_records( keyblock, drec.recnum, keyid, + &expire ); #if 0 if( orig_uidflags != urec.r.uid.uidflags ) { write_record( &urec ); @@ -1515,7 +1532,7 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified ) *modified = 1; drec.r.dir.dirflags |= DIRF_CHECKED; drec.r.dir.valcheck = 0; - drec.r.dir.checkat = make_timestamp(); + drec.r.dir.checkat = expire; write_record( &drec ); /*tdbio_write_modify_stamp( mod_up, mod_down );*/ rc = tdbio_end_transaction(); |