aboutsummaryrefslogtreecommitdiffstats
path: root/g10/sig-check.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--g10/sig-check.c44
1 files changed, 27 insertions, 17 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c
index c2add6174..c3b6f041a 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -1,5 +1,6 @@
/* sig-check.c - Check a signature
- * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
+ * Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -40,7 +41,7 @@ struct cmp_help_context_s {
};
static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
- int *r_expired, PKT_public_key *ret_pk);
+ int *r_expired, int *r_revoked, PKT_public_key *ret_pk);
/****************
* Check the signature which is contained in SIG.
@@ -50,12 +51,12 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
int
signature_check( PKT_signature *sig, MD_HANDLE digest )
{
- return signature_check2( sig, digest, NULL, NULL, NULL );
+ return signature_check2( sig, digest, NULL, NULL, NULL, NULL );
}
int
signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
- int *r_expired, PKT_public_key *ret_pk )
+ int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
@@ -77,7 +78,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
else {
if(r_expiredate)
*r_expiredate = pk->expiredate;
- rc = do_check( pk, sig, digest, r_expired, ret_pk );
+ rc = do_check( pk, sig, digest, r_expired, r_revoked, ret_pk );
}
free_public_key( pk );
@@ -201,12 +202,15 @@ cmp_help( void *opaque, MPI result )
}
static int
-do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
+do_check_messages( PKT_public_key *pk, PKT_signature *sig,
+ int *r_expired, int *r_revoked )
{
u32 cur_time;
if(r_expired)
*r_expired = 0;
+ if(r_revoked)
+ *r_revoked = 0;
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info(_("key %08lX: this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n"),
@@ -253,19 +257,22 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
*r_expired = 1;
}
+ if(pk->is_revoked && r_revoked)
+ *r_revoked=1;
+
return 0;
}
static int
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
- int *r_expired, PKT_public_key *ret_pk )
+ int *r_expired, int *r_revoked, PKT_public_key *ret_pk )
{
MPI result = NULL;
int rc=0;
struct cmp_help_context_s ctx;
- if( (rc=do_check_messages(pk,sig,r_expired)) )
+ if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc;
if( (rc=check_digest_algo(sig->digest_algo)) )
return rc;
@@ -482,6 +489,8 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
rather than getting it from root or the keydb. If ret_pk is set,
fill in the public key that was used to verify the signature.
ret_pk is only meaningful when the verification was successful. */
+/* TODO: add r_revoked here as well. It has the same problems as
+ r_expiredate and r_expired and the cache. */
int
check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
PKT_public_key *ret_pk, int *is_selfsig,
@@ -516,8 +525,9 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1;
}
- /* TODO: should set r_expiredate here as well */
- if((rc=do_check_messages(pk,sig,r_expired)))
+ /* BUG: This is wrong for non-self-sigs.. needs to be the
+ actual pk */
+ if((rc=do_check_messages(pk,sig,r_expired,NULL)))
return rc;
return sig->flags.valid? 0 : G10ERR_BAD_SIGN;
}
@@ -537,7 +547,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{
md = md_open( algo, 0 );
hash_public_key( md, pk );
- rc = do_check( pk, sig, md, r_expired, ret_pk );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@@ -549,7 +559,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
md = md_open( algo, 0 );
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
- rc = do_check( pk, sig, md, r_expired, ret_pk );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@@ -575,7 +585,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
md = md_open( algo, 0 );
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
- rc = do_check( pk, sig, md, r_expired, ret_pk );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@@ -590,7 +600,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
else if( sig->sig_class == 0x1f ) { /* direct key signature */
md = md_open( algo, 0 );
hash_public_key( md, pk );
- rc = do_check( pk, sig, md, r_expired, ret_pk );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
cache_sig_result ( sig, rc );
md_close(md);
}
@@ -608,12 +618,12 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
{
if( is_selfsig )
*is_selfsig = 1;
- rc = do_check( pk, sig, md, r_expired, ret_pk );
+ rc = do_check( pk, sig, md, r_expired, NULL, ret_pk );
}
else if (check_pk)
- rc=do_check(check_pk,sig,md,r_expired, ret_pk);
+ rc=do_check(check_pk,sig,md,r_expired,NULL,ret_pk);
else
- rc = signature_check2( sig, md, r_expiredate, r_expired, ret_pk);
+ rc=signature_check2(sig,md,r_expiredate,r_expired,NULL,ret_pk);
cache_sig_result ( sig, rc );
md_close(md);
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-01 11:46:57 +0000