mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
* packet.h, main.h, sig-check.c (signature_check2, check_key_signature2,
do_check): If ret_pk is set, fill in the pk used to verify the signature. Change all callers in getkey.c, mainproc.c, and sig-check.c. * keylist.c (list_keyblock_colon): Use the ret_pk from above to put the fingerprint of the signing key in "sig" records during a --with-colons --check-sigs. This requires --no-sig-cache as well since we don't cache fingerprints.
This commit is contained in:
parent
fa2faef48f
commit
06442ab0da
@ -1,3 +1,15 @@
|
||||
2003-07-19 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* packet.h, main.h, sig-check.c (signature_check2,
|
||||
check_key_signature2, do_check): If ret_pk is set, fill in the pk
|
||||
used to verify the signature. Change all callers in getkey.c,
|
||||
mainproc.c, and sig-check.c.
|
||||
|
||||
* keylist.c (list_keyblock_colon): Use the ret_pk from above to
|
||||
put the fingerprint of the signing key in "sig" records during a
|
||||
--with-colons --check-sigs. This requires --no-sig-cache as well
|
||||
since we don't cache fingerprints.
|
||||
|
||||
2003-07-10 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* parse-packet.c (parse_signature): No need to reserve 8 bytes for
|
||||
|
@ -1604,7 +1604,7 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
||||
ultimate trust flag. */
|
||||
if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
|
||||
&& check_key_signature2(keyblock,k,ultimate_pk,
|
||||
NULL,&dummy,&dum2)==0
|
||||
NULL,NULL,&dummy,&dum2)==0
|
||||
&& get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
|
||||
{
|
||||
free_public_key(ultimate_pk);
|
||||
|
@ -1032,8 +1032,10 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||
}
|
||||
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
|
||||
PKT_signature *sig = node->pkt->pkt.signature;
|
||||
int sigrc;
|
||||
int sigrc,fprokay=0;
|
||||
char *sigstr;
|
||||
size_t fplen;
|
||||
byte fparray[MAX_FINGERPRINT_LEN];
|
||||
|
||||
if( !any ) { /* no user id, (maybe a revocation follows)*/
|
||||
if( sig->sig_class == 0x20 )
|
||||
@ -1067,8 +1069,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||
continue;
|
||||
}
|
||||
if( opt.check_sigs ) {
|
||||
PKT_public_key *signer_pk=NULL;
|
||||
u32 dummy;
|
||||
int dum2;
|
||||
|
||||
fflush(stdout);
|
||||
rc = check_key_signature( keyblock, node, NULL );
|
||||
if(opt.no_sig_cache)
|
||||
signer_pk=m_alloc_clear(sizeof(PKT_public_key));
|
||||
|
||||
rc = check_key_signature2( keyblock, node, NULL, signer_pk,
|
||||
NULL, &dummy, &dum2);
|
||||
switch( rc ) {
|
||||
case 0: sigrc = '!'; break;
|
||||
case G10ERR_BAD_SIGN: sigrc = '-'; break;
|
||||
@ -1076,6 +1086,16 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||
case G10ERR_UNU_PUBKEY: sigrc = '?'; break;
|
||||
default: sigrc = '%'; break;
|
||||
}
|
||||
|
||||
if(opt.no_sig_cache)
|
||||
{
|
||||
if(rc==0)
|
||||
{
|
||||
fingerprint_from_pk (signer_pk, fparray, &fplen);
|
||||
fprokay=1;
|
||||
}
|
||||
free_public_key(signer_pk);
|
||||
}
|
||||
}
|
||||
else {
|
||||
rc = 0;
|
||||
@ -1109,7 +1129,22 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
||||
print_string( stdout, p, n, ':' );
|
||||
m_free(p);
|
||||
}
|
||||
printf(":%02x%c:\n", sig->sig_class,sig->flags.exportable?'x':'l');
|
||||
printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
|
||||
|
||||
if(opt.no_sig_cache && opt.check_sigs && fprokay)
|
||||
{
|
||||
size_t i;
|
||||
|
||||
printf(":");
|
||||
|
||||
for (i=0; i < fplen ; i++ )
|
||||
printf ("%02X", fparray[i] );
|
||||
|
||||
printf(":");
|
||||
}
|
||||
|
||||
printf("\n");
|
||||
|
||||
/* fixme: check or list other sigs here */
|
||||
}
|
||||
}
|
||||
|
@ -129,7 +129,8 @@ int sign_symencrypt_file (const char *fname, STRLIST locusr);
|
||||
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
|
||||
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
|
||||
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||
int *is_selfsig, u32 *r_expiredate, int *r_expired );
|
||||
PKT_public_key *ret_pk, int *is_selfsig,
|
||||
u32 *r_expiredate, int *r_expired );
|
||||
|
||||
/*-- delkey.c --*/
|
||||
int delete_keys( STRLIST names, int secret, int allow_both );
|
||||
|
@ -722,9 +722,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
|
||||
}
|
||||
else
|
||||
return G10ERR_SIG_CLASS;
|
||||
rc = signature_check2( sig, md, &dummy, is_expkey );
|
||||
rc = signature_check2( sig, md, &dummy, is_expkey, NULL );
|
||||
if( rc == G10ERR_BAD_SIGN && md2 )
|
||||
rc = signature_check2( sig, md2, &dummy, is_expkey );
|
||||
rc = signature_check2( sig, md2, &dummy, is_expkey, NULL );
|
||||
md_close(md);
|
||||
md_close(md2);
|
||||
|
||||
|
@ -460,8 +460,8 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
|
||||
|
||||
/*-- sig-check.c --*/
|
||||
int signature_check( PKT_signature *sig, MD_HANDLE digest );
|
||||
int signature_check2( PKT_signature *sig, MD_HANDLE digest,
|
||||
u32 *r_expiredate, int *r_expired );
|
||||
int signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
|
||||
int *r_expired, PKT_public_key *ret_pk );
|
||||
|
||||
/*-- seckey-cert.c --*/
|
||||
int is_secret_key_protected( PKT_secret_key *sk );
|
||||
|
@ -39,8 +39,8 @@ struct cmp_help_context_s {
|
||||
MD_HANDLE md;
|
||||
};
|
||||
|
||||
static int do_check( PKT_public_key *pk, PKT_signature *sig,
|
||||
MD_HANDLE digest, int *r_expired );
|
||||
static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
||||
int *r_expired, PKT_public_key *ret_pk);
|
||||
|
||||
/****************
|
||||
* Check the signature which is contained in SIG.
|
||||
@ -52,12 +52,12 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
|
||||
{
|
||||
u32 dummy;
|
||||
int dum2;
|
||||
return signature_check2( sig, digest, &dummy, &dum2 );
|
||||
return signature_check2( sig, digest, &dummy, &dum2, NULL );
|
||||
}
|
||||
|
||||
int
|
||||
signature_check2( PKT_signature *sig, MD_HANDLE digest,
|
||||
u32 *r_expiredate, int *r_expired )
|
||||
signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
|
||||
int *r_expired, PKT_public_key *ret_pk )
|
||||
{
|
||||
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
||||
int rc=0;
|
||||
@ -80,7 +80,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
|
||||
invalid subkey */
|
||||
else {
|
||||
*r_expiredate = pk->expiredate;
|
||||
rc = do_check( pk, sig, digest, r_expired );
|
||||
rc = do_check( pk, sig, digest, r_expired, ret_pk );
|
||||
}
|
||||
|
||||
free_public_key( pk );
|
||||
@ -260,7 +260,7 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
|
||||
|
||||
static int
|
||||
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
||||
int *r_expired )
|
||||
int *r_expired, PKT_public_key *ret_pk )
|
||||
{
|
||||
MPI result = NULL;
|
||||
int rc=0;
|
||||
@ -347,6 +347,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
||||
rc = G10ERR_BAD_SIGN;
|
||||
}
|
||||
|
||||
if(!rc && ret_pk)
|
||||
copy_public_key(ret_pk,pk);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -475,14 +478,18 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
|
||||
{
|
||||
u32 dummy;
|
||||
int dum2;
|
||||
return check_key_signature2(root, node, NULL, is_selfsig, &dummy, &dum2 );
|
||||
return check_key_signature2(root, node, NULL, NULL,
|
||||
is_selfsig, &dummy, &dum2 );
|
||||
}
|
||||
|
||||
/* If check_pk is set, then use it to check the signature in node
|
||||
rather than getting it from root or the keydb. */
|
||||
rather than getting it from root or the keydb. If ret_pk is set,
|
||||
fill in the public key that was used to verify the signature.
|
||||
ret_pk is only meaningful when the verification was successful. */
|
||||
int
|
||||
check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||
int *is_selfsig, u32 *r_expiredate, int *r_expired )
|
||||
PKT_public_key *ret_pk, int *is_selfsig,
|
||||
u32 *r_expiredate, int *r_expired )
|
||||
{
|
||||
MD_HANDLE md;
|
||||
PKT_public_key *pk;
|
||||
@ -531,7 +538,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||
{
|
||||
md = md_open( algo, 0 );
|
||||
hash_public_key( md, pk );
|
||||
rc = do_check( pk, sig, md, r_expired );
|
||||
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||
cache_sig_result ( sig, rc );
|
||||
md_close(md);
|
||||
}
|
||||
@ -543,7 +550,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||
md = md_open( algo, 0 );
|
||||
hash_public_key( md, pk );
|
||||
hash_public_key( md, snode->pkt->pkt.public_key );
|
||||
rc = do_check( pk, sig, md, r_expired );
|
||||
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||
cache_sig_result ( sig, rc );
|
||||
md_close(md);
|
||||
}
|
||||
@ -569,7 +576,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||
md = md_open( algo, 0 );
|
||||
hash_public_key( md, pk );
|
||||
hash_public_key( md, snode->pkt->pkt.public_key );
|
||||
rc = do_check( pk, sig, md, r_expired );
|
||||
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||
cache_sig_result ( sig, rc );
|
||||
md_close(md);
|
||||
}
|
||||
@ -584,7 +591,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||
else if( sig->sig_class == 0x1f ) { /* direct key signature */
|
||||
md = md_open( algo, 0 );
|
||||
hash_public_key( md, pk );
|
||||
rc = do_check( pk, sig, md, r_expired );
|
||||
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||
cache_sig_result ( sig, rc );
|
||||
md_close(md);
|
||||
}
|
||||
@ -602,12 +609,12 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
|
||||
{
|
||||
if( is_selfsig )
|
||||
*is_selfsig = 1;
|
||||
rc = do_check( pk, sig, md, r_expired );
|
||||
rc = do_check( pk, sig, md, r_expired, ret_pk );
|
||||
}
|
||||
else if (check_pk)
|
||||
rc=do_check(check_pk,sig,md,r_expired);
|
||||
rc=do_check(check_pk,sig,md,r_expired, ret_pk);
|
||||
else
|
||||
rc = signature_check2( sig, md, r_expiredate, r_expired );
|
||||
rc = signature_check2( sig, md, r_expiredate, r_expired, ret_pk);
|
||||
|
||||
cache_sig_result ( sig, rc );
|
||||
md_close(md);
|
||||
|
Loading…
x
Reference in New Issue
Block a user