* packet.h, sig-check.c (signature_check2, do_check, do_check_messages):

Provide a signing-key-is-revoked flag. Change all callers. * status.h, status.c (get_status_string): New REVKEYSIG status tag for a good signature from a revoked key. * mainproc.c (do_check_sig, check_sig_and_print): Use it here. * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual signatures on import rather than using keyid or class matching. This does not change actual behavior with a key, but does mean that all sigs are imported whether they will be used or not. * parse-packet.c (parse_signature): Don't give "signature packet without xxxx" warnings for experimental pk algorithms. An experimental algorithm may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).
2025-07-02 22:46:30 +02:00 · 2003-08-13 03:31:36 +00:00 · 2003-08-13 03:31:36 +00:00 · a2cf3caa98
commit a2cf3caa98
parent 7500f070ba
8 changed files with 88 additions and 60 deletions
--- a/g10/packet.h
+++ b/g10/packet.h
@ -461,7 +461,7 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
 /*-- sig-check.c --*/
 int signature_check( PKT_signature *sig, MD_HANDLE digest );
 int signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
-		      int *r_expired, PKT_public_key *ret_pk );
+		      int *r_expired, int *r_revoked, PKT_public_key *ret_pk );

 /*-- seckey-cert.c --*/
 int is_secret_key_protected( PKT_secret_key *sk );