From a2cf3caa988f5cc6cf46d681dfc7f4f0e3da97eb Mon Sep 17 00:00:00 2001 From: David Shaw Date: Wed, 13 Aug 2003 03:31:36 +0000 Subject: * packet.h, sig-check.c (signature_check2, do_check, do_check_messages): Provide a signing-key-is-revoked flag. Change all callers. * status.h, status.c (get_status_string): New REVKEYSIG status tag for a good signature from a revoked key. * mainproc.c (do_check_sig, check_sig_and_print): Use it here. * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual signatures on import rather than using keyid or class matching. This does not change actual behavior with a key, but does mean that all sigs are imported whether they will be used or not. * parse-packet.c (parse_signature): Don't give "signature packet without xxxx" warnings for experimental pk algorithms. An experimental algorithm may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff). --- g10/parse-packet.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'g10/parse-packet.c') diff --git a/g10/parse-packet.c b/g10/parse-packet.c index b1d1e17df..1ba8f3239 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1281,17 +1281,19 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, } p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL ); - if( !p ) - log_error("signature packet without timestamp\n"); - else - sig->timestamp = buffer_to_u32(p); + if(p) + sig->timestamp = buffer_to_u32(p); + else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)) + log_error("signature packet without timestamp\n"); + p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL ); - if( !p ) - log_error("signature packet without keyid\n"); - else { + if(p) + { sig->keyid[0] = buffer_to_u32(p); sig->keyid[1] = buffer_to_u32(p+4); - } + } + else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)) + log_error("signature packet without keyid\n"); p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL); if(p) -- cgit