* misc.c (pull_in_libs): Dead code. Removed.

* sig-check.c (check_revocation_keys): Comments. * getkey.c (merge_selfsigs_main): Don't bother to check designated revoker sigs if the key is already revoked. * packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on PKs. It is set when there is a revocation signature from a valid revocation key, but the revocation key is not present to verify the signature. * pkclist.c (check_signatures_trust): Use it here to give a warning when showing key trust. * compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library and we can at least guarantee that it won't fail because of the lack of stdio.h. * tdbio.c: Fixed format string bugs related to the use of DB_NAME. Reported by Florian Weimer.
2025-07-02 22:46:30 +02:00 · 2003-12-30 00:46:42 +00:00 · 2003-12-30 00:46:42 +00:00 · d537d547ce
commit d537d547ce
parent f13f772a29
8 changed files with 67 additions and 45 deletions
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1517,9 +1517,9 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
    /* pass 1.5: look for key revocation signatures that were not made
       by the key (i.e. did a revocation key issue a revocation for
       us?).  Only bother to do this if there is a revocation key in
-       the first place. */
+       the first place and we're not revoked already. */

-    if(pk->revkey)
+    if(!*r_revoked && pk->revkey)
      for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next )
 	{
 	  if ( k->pkt->pkttype == PKT_SIGNATURE )
@ -1529,15 +1529,25 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
 	      if(IS_KEY_REV(sig) &&
 		 (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
 		{ 
-		  /* Failure here means the sig did not verify, is was
+		  int rc=check_revocation_keys(pk,sig);
+		  if(rc==0)
+		    {
+		      *r_revoked=1;
+		      /* don't continue checking since we can't be any
+			 more revoked than this */
+		      break;
+		    }
+		  else if(rc==G10ERR_NO_PUBKEY)
+		    pk->maybe_revoked=1;
+
+		  /* A failure here means the sig did not verify, was
 		     not issued by a revocation key, or a revocation
-		     key loop was broken. */
+		     key loop was broken.  If a revocation key isn't
+		     findable, however, the key might be revoked and
+		     we don't know it. */

-		  if(check_revocation_keys(pk,sig)==0)
-		    *r_revoked=1;
-
-		  /* In the future handle subkey and cert revocations?
-                     PGP doesn't, but it's in 2440. */
+		  /* TODO: In the future handle subkey and cert
+                     revocations?  PGP doesn't, but it's in 2440. */
 		}
 	    }
 	}