diff --git a/g10/ChangeLog b/g10/ChangeLog index c27f95bc5..639a7dc03 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2002-10-11 David Shaw + + * keyedit.c (menu_addrevoker): Properly back out if the signature + fails. Also, do not allow appointing the same revoker twice, and + report ALREADY_SIGNED if the user tries it. + 2002-10-07 David Shaw * import.c (import_keys_internal): Missed one s/inp/inp2/. diff --git a/g10/keyedit.c b/g10/keyedit.c index 5743944d2..71d2858b7 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2326,6 +2326,11 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive ) continue; } + revkey.class=0x80; + if(sensitive) + revkey.class|=0x40; + revkey.algid=revoker_pk->pubkey_algo; + if(cmp_public_keys(revoker_pk,pk)==0) { /* This actually causes no harm (after all, a key that @@ -2333,9 +2338,41 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive ) regular key), but it's easy enough to check. */ log_error(_("you cannot appoint a key as its own " "designated revoker\n")); + continue; } + keyid_from_pk(pk,NULL); + + /* Does this revkey already exist? */ + if(!pk->revkey && pk->numrevkeys) + BUG(); + else + { + int i; + + for(i=0;inumrevkeys;i++) + { + if(memcmp(&pk->revkey[i],&revkey, + sizeof(struct revocation_key))==0) + { + char buf[50]; + + log_error(_("this key has already been designated " + "as a revoker\n")); + + sprintf(buf,"%08lX%08lX", + (ulong)pk->keyid[0],(ulong)pk->keyid[1]); + write_status_text(STATUS_ALREADY_SIGNED,buf); + + break; + } + } + + if(inumrevkeys) + continue; + } + keyid_from_pk(revoker_pk,keyid); tty_printf("\npub %4u%c/%08lX %s ", @@ -2360,11 +2397,8 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive ) "key as a designated revoker? (y/N): ")) continue; - revkey.class=0x80; - if(sensitive) - revkey.class|=0x40; - revkey.algid=revoker_pk->pubkey_algo; free_public_key(revoker_pk); + revoker_pk=NULL; break; }