aboutsummaryrefslogtreecommitdiffstats
path: root/g10/sig-check.c
diff options
context:
space:
mode:
Diffstat (limited to 'g10/sig-check.c')
-rw-r--r--g10/sig-check.c134
1 files changed, 71 insertions, 63 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 60e988e60..a4ef142df 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -738,38 +738,38 @@ check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t node,
/* Returns whether SIGNER generated the signature SIG over the packet
- PACKET, which is a key, subkey or uid, and comes from the key block
- KB. (KB is PACKET's corresponding keyblock; we don't assume that
- SIG has been added to the keyblock.)
-
- If SIGNER is set, then checks whether SIGNER generated the
- signature. Otherwise, uses SIG->KEYID to find the alleged signer.
- This parameter can be used to effectively override the alleged
- signer that is stored in SIG.
-
- KB may be NULL if SIGNER is set.
-
- Unlike check_key_signature, this function ignores any cached
- results! That is, it does not consider SIG->FLAGS.CHECKED and
- SIG->FLAGS.VALID nor does it set them.
-
- This doesn't check the signature's semantic mean. Concretely, it
- doesn't check whether a non-self signed revocation signature was
- created by a designated revoker. In fact, it doesn't return an
- error for a binding generated by a completely different key!
-
- Returns 0 if the signature is valid. Returns GPG_ERR_SIG_CLASS if
- this signature can't be over PACKET. Returns GPG_ERR_NOT_FOUND if
- the key that generated the signature (according to SIG) could not
- be found. Returns GPG_ERR_BAD_SIGNATURE if the signature is bad.
- Other errors codes may be returned if something else goes wrong.
-
- IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
- self-signature (by the key's primary key) or 0 if not.
-
- If RET_PK is not NULL, returns a copy of the public key that
- generated the signature (i.e., the signer) on success. This must
- be released by the caller using release_public_key_parts (). */
+ * PACKET, which is a key, subkey or uid, and comes from the key block
+ * KB. (KB is PACKET's corresponding keyblock; we don't assume that
+ * SIG has been added to the keyblock.)
+ *
+ * If SIGNER is set, then checks whether SIGNER generated the
+ * signature. Otherwise, uses SIG->KEYID to find the alleged signer.
+ * This parameter can be used to effectively override the alleged
+ * signer that is stored in SIG.
+ *
+ * KB may be NULL if SIGNER is set.
+ *
+ * Unlike check_key_signature, this function ignores any cached
+ * results! That is, it does not consider SIG->FLAGS.CHECKED and
+ * SIG->FLAGS.VALID nor does it set them.
+ *
+ * This doesn't check the signature's semantic mean. Concretely, it
+ * doesn't check whether a non-self signed revocation signature was
+ * created by a designated revoker. In fact, it doesn't return an
+ * error for a binding generated by a completely different key!
+ *
+ * Returns 0 if the signature is valid. Returns GPG_ERR_SIG_CLASS if
+ * this signature can't be over PACKET. Returns GPG_ERR_NOT_FOUND if
+ * the key that generated the signature (according to SIG) could not
+ * be found. Returns GPG_ERR_BAD_SIGNATURE if the signature is bad.
+ * Other errors codes may be returned if something else goes wrong.
+ *
+ * IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
+ * self-signature (by the key's primary key) or 0 if not.
+ *
+ * If RET_PK is not NULL, returns a copy of the public key that
+ * generated the signature (i.e., the signer) on success. This must
+ * be released by the caller using release_public_key_parts (). */
gpg_error_t
check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
PKT_signature *sig, KBNODE kb, PACKET *packet,
@@ -796,8 +796,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
/* Primary key revocation. */
|| sig->sig_class == 0x20)
{
+ /* Key revocations can only be over primary keys. */
if (packet->pkttype != PKT_PUBLIC_KEY)
- /* Key revocations can only be over primary keys. */
return gpg_error (GPG_ERR_SIG_CLASS);
}
else if (/* Subkey binding. */
@@ -840,19 +840,19 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
/* Get the signer. If possible, avoid a look up. */
if (sig->keyid[0] == pripk->keyid[0]
&& sig->keyid[1] == pripk->keyid[1])
- /* Issued by the primary key. */
{
+ /* Issued by the primary key. */
signer = pripk;
if (is_selfsig)
*is_selfsig = 1;
}
else
{
+ /* See if one of the subkeys was the signer (although this
+ is extremely unlikely). */
kbnode_t ctx = NULL;
kbnode_t n;
- /* See if one of the subkeys was the signer (although this
- is extremely unlikely). */
while ((n = walk_kbnode (kb, &ctx, 0)))
{
PKT_public_key *subk;
@@ -863,16 +863,16 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
subk = n->pkt->pkt.public_key;
if (sig->keyid[0] == subk->keyid[0]
&& sig->keyid[1] == subk->keyid[1])
- /* Issued by a subkey. */
{
+ /* Issued by a subkey. */
signer = subk;
break;
}
}
if (! signer)
- /* Signer by some other key. */
{
+ /* Signer by some other key. */
if (is_selfsig)
*is_selfsig = 0;
if (ret_pk)
@@ -893,14 +893,14 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
xfree (signer);
signer = NULL;
signer_alloced = 0;
- goto out;
+ goto leave;
}
}
}
}
/* We checked above that we supported this algo, so an error here is
- a bug. */
+ * a bug. */
if (gcry_md_open (&md, sig->digest_algo, 0))
BUG ();
@@ -916,7 +916,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
rc = check_signature_end_simple (signer, sig, md);
}
else if (/* Primary key binding (made by a subkey). */
- sig->sig_class == 0x19)
+ sig->sig_class == 0x19)
{
log_assert (packet->pkttype == PKT_PUBLIC_KEY);
hash_public_key (md, packet->pkt.public_key);
@@ -947,27 +947,31 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
rc = check_signature_end_simple (signer, sig, md);
}
else
- /* We should never get here. (The first if above should have
- already caught this error.) */
- BUG ();
+ {
+ /* We should never get here. (The first if above should have
+ * already caught this error.) */
+ BUG ();
+ }
gcry_md_close (md);
- out:
+ leave:
if (! rc && ret_pk && (signer_alloced == -1 || ret_pk != signer))
copy_public_key (ret_pk, signer);
+
if (signer_alloced == 1)
- /* We looked up SIGNER; it is not a pointer into KB. */
{
+ /* We looked up SIGNER; it is not a pointer into KB. */
release_public_key_parts (signer);
+ /* Free if we also allocated the memory. */
if (signer_alloced == 2)
- /* We also allocated the memory. */
xfree (signer);
}
return rc;
}
+
/* Check that a signature over a key (e.g., a key revocation, key
* binding, user id certification, etc.) is valid. If the function
* detects a self-signature, it uses the public key from the specified
@@ -1027,9 +1031,9 @@ check_key_signature2 (ctrl_t ctrl,
algo = sig->digest_algo;
/* Check whether we have cached the result of a previous signature
- check. Note that we may no longer have the pubkey or hash
- needed to verify a sig, but can still use the cached value. A
- cache refresh detects and clears these cases. */
+ * check. Note that we may no longer have the pubkey or hash
+ * needed to verify a sig, but can still use the cached value. A
+ * cache refresh detects and clears these cases. */
if ( !opt.no_sig_cache )
{
cache_stats.total++;
@@ -1045,7 +1049,7 @@ check_key_signature2 (ctrl_t ctrl,
*is_selfsig = 1;
}
/* BUG: This is wrong for non-self-sigs... needs to be the
- actual pk. */
+ * actual pk. */
rc = check_signature_metadata_validity (pk, sig, r_expired, NULL);
if (rc)
return rc;
@@ -1094,13 +1098,15 @@ check_key_signature2 (ctrl_t ctrl,
rc = check_signature_metadata_validity (pk, sig,
r_expired, NULL);
if (! rc)
- /* 0x28 must be a self-sig, but 0x18 needn't be. */
- rc = check_signature_over_key_or_uid (ctrl,
- sig->sig_class == 0x18
- ? NULL : pk,
- sig, root, snode->pkt,
- is_selfsig, ret_pk);
- }
+ {
+ /* 0x28 must be a self-sig, but 0x18 needn't be. */
+ rc = check_signature_over_key_or_uid (ctrl,
+ sig->sig_class == 0x18
+ ? NULL : pk,
+ sig, root, snode->pkt,
+ is_selfsig, ret_pk);
+ }
+ }
else
{
if (opt.verbose)
@@ -1137,11 +1143,13 @@ check_key_signature2 (ctrl_t ctrl,
{
rc = check_signature_metadata_validity (pk, sig, r_expired, NULL);
if (! rc)
- /* If this is a self-sig, ignore check_pk. */
- rc = check_signature_over_key_or_uid
- (ctrl,
- keyid_cmp (pk_keyid (pk), sig->keyid) == 0 ? pk : check_pk,
- sig, root, unode->pkt, NULL, ret_pk);
+ {
+ /* If this is a self-sig, ignore check_pk. */
+ rc = check_signature_over_key_or_uid
+ (ctrl,
+ keyid_cmp (pk_keyid (pk), sig->keyid) == 0 ? pk : check_pk,
+ sig, root, unode->pkt, NULL, ret_pk);
+ }
}
else
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 19:46:07 +0000