diff options
| -rw-r--r-- | g10/sig-check.c | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index 292adb96f..262afed37 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -40,6 +40,9 @@ static int check_signature_end (PKT_public_key *pk, PKT_signature *sig, int *r_expired, int *r_revoked, PKT_public_key *ret_pk); +static int check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, + gcry_md_hd_t digest); + /* Check a signature. This is shorthand for check_signature2 with the unnamed arguments passed as NULL. */ int @@ -376,14 +379,32 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest, int *r_expired, int *r_revoked, PKT_public_key *ret_pk) { - gcry_mpi_t result = NULL; int rc = 0; - const struct weakhash *weak; if ((rc = check_signature_metadata_validity (pk, sig, r_expired, r_revoked))) return rc; + if ((rc = check_signature_end_simple (pk, sig, digest))) + return rc; + + if(!rc && ret_pk) + copy_public_key(ret_pk,pk); + + return rc; +} + +/* This function is similar to check_signature_end, but it only checks + whether the signature was generated by PK. It does not check + expiration, revocation, etc. */ +static int +check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, + gcry_md_hd_t digest) +{ + gcry_mpi_t result = NULL; + int rc = 0; + const struct weakhash *weak; + if (!opt.flags.allow_weak_digest_algos) for (weak = opt.weak_digests; weak; weak = weak->next) if (sig->digest_algo == weak->algo) @@ -453,9 +474,6 @@ check_signature_end (PKT_public_key *pk, PKT_signature *sig, rc = GPG_ERR_BAD_SIGNATURE; } - if(!rc && ret_pk) - copy_public_key(ret_pk,pk); - return rc; } |