diff options
| author | David Shaw <[email protected]> | 2003-08-13 03:31:36 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2003-08-13 03:31:36 +0000 |
| commit | a2cf3caa988f5cc6cf46d681dfc7f4f0e3da97eb (patch) | |
| tree | 754374c4ea806c18af64ae93709048d7f229264b /g10/import.c | |
| parent | About to release the first 1.9 version. (diff) | |
| download | gnupg-a2cf3caa988f5cc6cf46d681dfc7f4f0e3da97eb.tar.gz gnupg-a2cf3caa988f5cc6cf46d681dfc7f4f0e3da97eb.zip | |
* packet.h, sig-check.c (signature_check2, do_check, do_check_messages):
Provide a signing-key-is-revoked flag. Change all callers.
* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.
* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching. This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.
* parse-packet.c (parse_signature): Don't give "signature packet without
xxxx" warnings for experimental pk algorithms. An experimental algorithm
may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).
Diffstat (limited to '')
| -rw-r--r-- | g10/import.c | 38 |
1 files changed, 15 insertions, 23 deletions
diff --git a/g10/import.c b/g10/import.c index 48ef86834..ac4ab7291 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1,5 +1,6 @@ /* import.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 + * Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1030,12 +1031,12 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats ) if( onode->pkt->pkttype == PKT_USER_ID ) break; else if( onode->pkt->pkttype == PKT_SIGNATURE - && onode->pkt->pkt.signature->sig_class == 0x20 - && keyid[0] == onode->pkt->pkt.signature->keyid[0] - && keyid[1] == onode->pkt->pkt.signature->keyid[1] ) { + && !cmp_signatures(node->pkt->pkt.signature, + onode->pkt->pkt.signature)) + { rc = 0; goto leave; /* yes, we already know about it */ - } + } } @@ -1554,13 +1555,12 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock, break; else if( onode->pkt->pkttype == PKT_SIGNATURE && onode->pkt->pkt.signature->sig_class == 0x20 - && node->pkt->pkt.signature->keyid[0] - == onode->pkt->pkt.signature->keyid[0] - && node->pkt->pkt.signature->keyid[1] - == onode->pkt->pkt.signature->keyid[1] ) { + && !cmp_signatures(onode->pkt->pkt.signature, + node->pkt->pkt.signature)) + { found = 1; break; - } + } } if( !found ) { char *p=get_user_id_printable (keyid); @@ -1768,20 +1768,12 @@ merge_sigs( KBNODE dst, KBNODE src, int *n_sigs, || n->pkt->pkt.signature->sig_class == 0x28 ) continue; /* skip signatures which are only valid on subkeys */ found = 0; - for(n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next){ - if( n2->pkt->pkttype == PKT_SIGNATURE - && n->pkt->pkt.signature->keyid[0] - == n2->pkt->pkt.signature->keyid[0] - && n->pkt->pkt.signature->keyid[1] - == n2->pkt->pkt.signature->keyid[1] - && n->pkt->pkt.signature->timestamp - <= n2->pkt->pkt.signature->timestamp - && n->pkt->pkt.signature->sig_class - == n2->pkt->pkt.signature->sig_class ) { - found++; - break; + for(n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next) + if(!cmp_signatures(n->pkt->pkt.signature,n2->pkt->pkt.signature)) + { + found++; + break; } - } if( !found ) { /* This signature is new or newer, append N to DST. * We add a clone to the original keyblock, because this |