security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-28 22:49:59 +01:00
Code Activity

* sig-check.c (check_key_signature2): Comments.

Browse Source 
* keyring.c (keyring_rebuild_cache): Clear sig cache for any signatures
that we can no longer process (say, if the user removed support for a
necessary pubkey or digest algorithm).
This commit is contained in:
David Shaw 2004-01-19 22:46:55 +00:00
parent 1d12c12142
commit 9915f6ed78
3 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2004-01-19 David Shaw <dshaw@jabberwocky.com>
* sig-check.c (check_key_signature2): Comments.
* keyring.c (keyring_rebuild_cache): Clear sig cache for any
signatures that we can no longer process (say, if the user removed
support for a necessary pubkey or digest algorithm).
2004-01-16 David Shaw <dshaw@jabberwocky.com> 2004-01-16 David Shaw <dshaw@jabberwocky.com>
* misc.c (print_cipher_algo_note): May as well call Rijndael AES * misc.c (print_cipher_algo_note): May as well call Rijndael AES

24
g10/keyring.c
View File

@ -1,5 +1,5 @@
/* keyring.c - keyring file handling /* keyring.c - keyring file handling
* Copyright (C) 2001 Free Software Foundation, Inc. * Copyright (C) 2001, 2004 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -1375,16 +1375,24 @@ keyring_rebuild_cache (void *token)
/* check all signature to set the signature's cache flags */ /* check all signature to set the signature's cache flags */
for (node=keyblock; node; node=node->next) for (node=keyblock; node; node=node->next)
{ {
/* Note that this doesn't cache the result of a revocation
issued by a designated revoker. This is because the pk
in question does not carry the revkeys as we haven't
merged the key and selfsigs. It is questionable whether
this matters very much since there are very very few
designated revoker revocation packets out there. */
if (node->pkt->pkttype == PKT_SIGNATURE) if (node->pkt->pkttype == PKT_SIGNATURE)
{ {
/* Note that this doesn't cache the result of a PKT_signature *sig=node->pkt->pkt.signature;
revocation issued by a designated revoker. This is
because the pk in question does not carry the revkeys if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
as we haven't merged the key and selfsigs. It is && (check_digest_algo(sig->digest_algo)
questionable whether this matters very much since || check_pubkey_algo(sig->pubkey_algo)))
there are very very few designated revoker revocation sig->flags.checked=sig->flags.valid=0;
packets out there. */ else
check_key_signature (keyblock, node, NULL); check_key_signature (keyblock, node, NULL);
sigcount++; sigcount++;
} }
} }

5
g10/sig-check.c
View File

@ -428,7 +428,10 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
sig = node->pkt->pkt.signature; sig = node->pkt->pkt.signature;
algo = sig->digest_algo; algo = sig->digest_algo;
/* check whether we have cached the result of a previous signature check.*/ /* Check whether we have cached the result of a previous signature
check. Note that we may no longer have the pubkey or hash
needed to verify a sig, but can still use the cached value. A
cache refresh detects and clears these cases. */
if ( !opt.no_sig_cache ) { if ( !opt.no_sig_cache ) {
if (sig->flags.checked) { /*cached status available*/ if (sig->flags.checked) { /*cached status available*/
if( is_selfsig ) { if( is_selfsig ) {