Flush keyserver search output.

Add trustdb chnages from 1.4. Check algo usage for batch key generation.
2025-07-03 22:56:33 +02:00 · 2008-12-09 10:46:29 +00:00 · 2008-12-09 10:46:29 +00:00 · 9874c62a10
commit 9874c62a10
parent 382d2f8efb
4 changed files with 119 additions and 57 deletions
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -2287,7 +2287,8 @@ get_parameter_algo( struct para_data_s *para, enum para_name key )
 }

 /* 
- * parse the usage parameter and set the keyflags.  Return true on error.
+ * Parse the usage parameter and set the keyflags.  Returns -1 on
+ * error, 0 for no usage given or 1 for usage available.
 */
 static int
 parse_parameter_usage (const char *fname,
@ -2435,54 +2436,75 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
      algo=get_parameter_algo(para,pKEYTYPE);
      if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
 	{
-	  log_error("%s:%d: invalid algorithm\n", fname, r->lnr );
+	  log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
 	  return -1;
 	}
    }
  else
    {
-      log_error("%s: no Key-Type specified\n",fname);
+      log_error ("%s: no Key-Type specified\n",fname);
      return -1;
    }

-  err=parse_parameter_usage (fname, para, pKEYUSAGE);
-  if(err==0)
+  err = parse_parameter_usage (fname, para, pKEYUSAGE);
+  if (!err)
    {
      /* Default to algo capabilities if key-usage is not provided */
-      r=xmalloc_clear(sizeof(*r));
-      r->key=pKEYUSAGE;
-      r->u.usage=openpgp_pk_algo_usage(algo);
-      r->next=para;
-      para=r;
+      r = xmalloc_clear(sizeof(*r));
+      r->key = pKEYUSAGE;
+      r->u.usage = openpgp_pk_algo_usage(algo);
+      r->next = para;
+      para = r;
    }
-  else if(err==-1)
+  else if (err == -1)
    return -1;
+  else
+    {
+      r = get_parameter (para, pKEYUSAGE);
+      if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
+        {
+          log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
+                     fname, r->lnr, algo);
+          return -1;
+        }
+    }

  r = get_parameter( para, pSUBKEYTYPE );
  if(r)
    {
-      algo=get_parameter_algo( para, pSUBKEYTYPE);
+      algo = get_parameter_algo (para, pSUBKEYTYPE);
      if (openpgp_pk_test_algo (algo))
 	{
-	  log_error("%s:%d: invalid algorithm\n", fname, r->lnr );
+	  log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
 	  return -1;
 	}

-      err=parse_parameter_usage (fname, para, pSUBKEYUSAGE);
-      if(err==0)
+      err = parse_parameter_usage (fname, para, pSUBKEYUSAGE);
+      if (!err)
 	{
 	  /* Default to algo capabilities if subkey-usage is not
 	     provided */
-	  r=xmalloc_clear(sizeof(*r));
-	  r->key=pSUBKEYUSAGE;
-	  r->u.usage=openpgp_pk_algo_usage(algo);
-	  r->next=para;
-	  para=r;
+	  r = xmalloc_clear (sizeof(*r));
+	  r->key = pSUBKEYUSAGE;
+	  r->u.usage = openpgp_pk_algo_usage (algo);
+	  r->next = para;
+	  para = r;
 	}
-      else if(err==-1)
+      else if (err == -1)
 	return -1;
+      else
+        {
+          r = get_parameter (para, pSUBKEYUSAGE);
+          if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
+            {
+              log_error ("%s:%d: specified Subkey-Usage not allowed"
+                         " for algo %d\n", fname, r->lnr, algo);
+              return -1;
+            }
+        }
    }

+
  if( get_parameter_value( para, pUSERID ) )
    have_user_id=1;
  else