See ChangeLog: Mon Feb 14 14:30:20 CET 2000 Werner Koch

cipher/ChangeLog

@@ -1,3 +1,8 @@
+Mon Feb 14 14:30:20 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	(update_random_seed_file): Silently ignore update request when pool
+	is not filled.
+
 Fri Feb 11 17:44:40 CET 2000  Werner Koch  <wk@gnupg.de>
 
 	* random.c (read_seed_file): New.

cipher/random.c

@@ -361,7 +361,7 @@ update_random_seed_file()
     ulong *sp, *dp;
     int fd, i;
 
-    if( !seed_file_name || !is_initialized )
+    if( !seed_file_name || !is_initialized || !pool_filled )
 	return;
     if( !allow_seed_file_update ) {
 	log_info(_("note: random_seed file not updated\n"));

g10/ChangeLog

@@ -1,3 +1,13 @@
+Mon Feb 14 14:30:20 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* sig-check.c (check_key_signature2): Add new arg r_expired.
+	(do_signature_check): New arg to pass it down to ...
+	(do_check): New arg r-expire which is set when the signature
+	has expired.
+	* trustdb.c (check_sig_record): Set SIGF_EXPIRED flag and set
+	the expiretime to zero so that thi signature will not be checked
+	anymore.
+
 Fri Feb 11 17:44:40 CET 2000  Werner Koch  <wk@gnupg.de>
 
 	* g10.c (g10_exit): Update the random seed_file.

g10/main.h

@@ -81,7 +81,7 @@ int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
 /*-- sig-check.c --*/
 int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
 int check_key_signature2( KBNODE root, KBNODE node,
-			  int *is_selfsig, u32 *r_expire );
+			  int *is_selfsig, u32 *r_expiredate, int *r_expired );
 
 /*-- delkey.c --*/
 int delete_key( const char *username, int secure );

g10/sig-check.c

@@ -41,9 +41,9 @@ struct cmp_help_context_s {
 
 
 static int do_signature_check( PKT_signature *sig, MD_HANDLE digest,
-						      u32 *r_expire );
+					 u32 *r_expiredate, int *r_expired );
 static int do_check( PKT_public_key *pk, PKT_signature *sig,
-						MD_HANDLE digest );
+					 MD_HANDLE digest, int *r_expired );
 
 
 /****************
@@ -55,11 +55,13 @@ int
 signature_check( PKT_signature *sig, MD_HANDLE digest )
 {
     u32 dummy;
-    return do_signature_check( sig, digest, &dummy );
+    int dum2;
+    return do_signature_check( sig, digest, &dummy, &dum2 );
 }
 
 static int
-do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
+do_signature_check( PKT_signature *sig, MD_HANDLE digest,
+					u32 *r_expiredate, int *r_expired )
 {
     PKT_public_key *pk = m_alloc_clear( sizeof *pk );
     int rc=0;
@@ -67,12 +69,12 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
     if( is_RSA(sig->pubkey_algo) )
 	write_status(STATUS_RSA_OR_IDEA);
 
-    *r_expire = 0;
+    *r_expiredate = 0;
     if( get_pubkey( pk, sig->keyid ) )
 	rc = G10ERR_NO_PUBKEY;
     else {
-	*r_expire = pk->expiredate;
-	rc = do_check( pk, sig, digest );
+	*r_expiredate = pk->expiredate;
+	rc = do_check( pk, sig, digest, r_expired );
     }
 
     free_public_key( pk );
@@ -285,13 +287,15 @@ cmp_help( void *opaque, MPI result )
 
 
 static int
-do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
+do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
+						    int *r_expired )
 {
     MPI result = NULL;
     int rc=0;
     struct cmp_help_context_s ctx;
     u32 cur_time;
 
+    *r_expired = 0;
     if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
 	log_info(_("this is a PGP generated "
 		  "ElGamal key which is NOT secure for signatures!\n"));
@@ -323,6 +327,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
 	log_info(_("NOTE: signature key expired %s\n"),
 					asctimestamp( pk->expiredate ) );
 	write_status(STATUS_SIGEXPIRED);
+	*r_expired = 1;
     }
 
 
@@ -428,11 +433,13 @@ int
 check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
 {
     u32 dummy;
-    return check_key_signature2(root, node, is_selfsig, &dummy );
+    int dum2;
+    return check_key_signature2(root, node, is_selfsig, &dummy, &dum2 );
 }
 
 int
-check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
+check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
+				       u32 *r_expiredate, int *r_expired )
 {
     MD_HANDLE md;
     PKT_public_key *pk;
@@ -442,7 +449,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
 
     if( is_selfsig )
 	*is_selfsig = 0;
-    *r_expire = 0;
+    *r_expiredate = 0;
+    *r_expired = 0;
     assert( node->pkt->pkttype == PKT_SIGNATURE );
     assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
 
@@ -462,7 +470,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
     if( sig->sig_class == 0x20 ) {
 	md = md_open( algo, 0 );
 	hash_public_key( md, pk );
-	rc = do_check( pk, sig, md );
+	rc = do_check( pk, sig, md, r_expired );
 	md_close(md);
     }
     else if( sig->sig_class == 0x28 ) { /* subkey revocation */
@@ -472,7 +480,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
 	    md = md_open( algo, 0 );
 	    hash_public_key( md, pk );
 	    hash_public_key( md, snode->pkt->pkt.public_key );
-	    rc = do_check( pk, sig, md );
+	    rc = do_check( pk, sig, md, r_expired );
 	    md_close(md);
 	}
 	else {
@@ -494,7 +502,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
 	    md = md_open( algo, 0 );
 	    hash_public_key( md, pk );
 	    hash_public_key( md, snode->pkt->pkt.public_key );
-	    rc = do_check( pk, sig, md );
+	    rc = do_check( pk, sig, md, r_expired );
 	    md_close(md);
 	}
 	else {
@@ -515,10 +523,10 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
 	    if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
 		if( is_selfsig )
 		    *is_selfsig = 1;
-		rc = do_check( pk, sig, md );
+		rc = do_check( pk, sig, md, r_expired );
 	    }
 	    else
-		rc = do_signature_check( sig, md, r_expire );
+		rc = do_signature_check( sig, md, r_expiredate, r_expired );
 	    md_close(md);
 	}
 	else {

g10/trustdb.c

@@ -110,7 +110,6 @@ static int alloced_tns;
 static int max_alloced_tns;
 
 
-
 static LOCAL_ID_TABLE new_lid_table(void);
 static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
 static int qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag );
@@ -1127,17 +1126,17 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid,
 static unsigned int
 check_sig_record( KBNODE keyblock, KBNODE signode,
 		  ulong siglid, int sigidx, u32 *keyid, ulong lid,
-				  u32 *r_expire, int *mod_down, int *mod_up )
+		  u32 *r_expiretime, int *mod_down, int *mod_up )
 {
     PKT_signature *sig = signode->pkt->pkt.signature;
     unsigned int sigflag = 0;
     TRUSTREC tmp;
-    int revocation=0, rc;
+    int revocation=0, expired=0, rc;
 
     if( DBG_TRUST )
 	log_debug("check_sig_record: %08lX.%lu %lu[%d]\n",
 			    (ulong)keyid[1], lid, siglid, sigidx );
-    *r_expire = 0;
+    *r_expiretime = 0;
     if( (sig->sig_class&~3) == 0x10 ) /* regular certification */
 	;
     else if( sig->sig_class == 0x30 ) /* cert revocation */
@@ -1148,7 +1147,8 @@ check_sig_record( KBNODE keyblock, KBNODE signode,
     read_record( siglid, &tmp, 0 );
     if( tmp.rectype == RECTYPE_DIR ) {
 	/* the public key is in the trustdb: check sig */
-	rc = check_key_signature2( keyblock, signode, NULL, r_expire );
+	rc = check_key_signature2( keyblock, signode, NULL,
+					     r_expiretime, &expired );
 	if( !rc ) { /* valid signature */
 	    if( opt.verbose )
 		log_info("sig %08lX.%lu/%lu[%d]/%08lX: %s\n",
@@ -1157,6 +1157,13 @@ check_sig_record( KBNODE keyblock, KBNODE signode,
 			revocation? _("Valid certificate revocation")
 				  : _("Good certificate") );
 	    sigflag |= SIGF_CHECKED | SIGF_VALID;
+	    if( expired ) {
+		sigflag |= SIGF_EXPIRED;
+		/* We have to reset the expiretime, so that this signature
+		 * does not get checked over and over due to the reached
+		 * expiretime */
+		*r_expiretime = 0;
+	    }
 	    if( revocation ) {
 		sigflag |= SIGF_REVOKED;
 		*mod_down = 1;
@@ -1221,7 +1228,7 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
     PKT_signature *sig;
     ulong sigrecno, siglid;
     int i, sigidx = 0;
-    u32 expire;
+    u32 expiretime;
 
     srecs = NULL; s_end = &srecs;
     for( node=uidnode->next; node; node = node->next ) {
@@ -1264,7 +1271,7 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
 	s->r.sig.sig[sigidx].lid = siglid;
 	s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node,
 						     siglid, sigidx,
-						     mainkid, lid, &expire,
+						     mainkid, lid, &expiretime,
 						     mod_down, mod_up );
 
 	sigidx++;
@@ -1275,8 +1282,8 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
 	    sigidx = 0;
 	}
 	/* keep track of signers pk expire time */
-	if( expire && (!*min_expire || *min_expire > expire ) )
-	    *min_expire = expire;
+	if( expiretime && (!*min_expire || *min_expire > expiretime ) )
+	    *min_expire = expiretime;
     }
     if( sigidx ) {
        s->recnum = tdbio_new_recnum();
@@ -1475,7 +1482,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
     int mod_up = 0;
     int mod_down = 0;
     ulong recno, r2;
-    u32 expire;
+    u32 expiretime;
 
     primary_pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )->pkt->pkt.public_key;
     if( !primary_pk->local_id )
@@ -1517,9 +1524,9 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
     drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i );
     if( i ) /* primary key has been revoked */
 	drec->r.dir.dirflags |= DIRF_REVOKED;
-    expire = 0;
+    expiretime = 0;
     drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid,
-					    &expire, &mod_down, &mod_up );
+					    &expiretime, &mod_down, &mod_up );
     if( rc )
 	rc = tdbio_cancel_transaction();
     else {
@@ -1527,7 +1534,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
 	    *modified = 1;
 	drec->r.dir.dirflags |= DIRF_CHECKED;
 	drec->r.dir.valcheck = 0;
-	drec->r.dir.checkat = expire;
+	drec->r.dir.checkat = expiretime;
 	write_record( drec );
 	tdbio_write_modify_stamp( mod_up, mod_down );
 	rc = tdbio_end_transaction();
@@ -1851,10 +1858,12 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
 	return NULL;
     }
 
-    if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() )
+    if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() ) {
 	check_trust_record( &dirrec, 0 );
-    else if( (dirrec.r.dir.dirflags & DIRF_NEWKEYS) )
+    }
+    else if( (dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) {
 	check_trust_record( &dirrec, 1 );
+    }
 
     keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK;