* packet.h, sig-check.c (signature_check2, do_check, do_check_messages):

Provide a signing-key-is-revoked flag. Change all callers. * status.h, status.c (get_status_string): New REVKEYSIG status tag for a good signature from a revoked key. * mainproc.c (do_check_sig, check_sig_and_print): Use it here. * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual signatures on import rather than using keyid or class matching. This does not change actual behavior with a key, but does mean that all sigs are imported whether they will be used or not.
2025-06-15 18:41:03 +02:00 · 2003-07-28 00:49:20 +00:00 · 2003-07-28 00:49:20 +00:00 · fe2451d0e3
commit fe2451d0e3
parent f6d753ca16
7 changed files with 73 additions and 52 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,20 @@
 2003-07-27  David Shaw  <dshaw@jabberwocky.com>
 	* packet.h, sig-check.c (signature_check2, do_check,
 	do_check_messages): Provide a signing-key-is-revoked flag.  Change
 	all callers.
 	* status.h, status.c (get_status_string): New REVKEYSIG status
 	tag for a good signature from a revoked key.
 	* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
 	* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare
 	actual signatures on import rather than using keyid or class
 	matching.  This does not change actual behavior with a key, but
 	does mean that all sigs are imported whether they will be used or
 	not.
 2003-07-21  David Shaw  <dshaw@jabberwocky.com>
 	* trustdb.h, trustdb.c (read_trust_options): New.  Returns items
--- a/g10/import.c
+++ b/g10/import.c
@ -1,5 +1,6 @@
 /* import.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
 *               Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -948,12 +949,12 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
 	if( onode->pkt->pkttype == PKT_USER_ID )
 	    break;
 	else if( onode->pkt->pkttype == PKT_SIGNATURE
-		 && onode->pkt->pkt.signature->sig_class == 0x20
+		 && !cmp_signatures(node->pkt->pkt.signature,
-		 && keyid[0] == onode->pkt->pkt.signature->keyid[0]
+				    onode->pkt->pkt.signature))
-		 && keyid[1] == onode->pkt->pkt.signature->keyid[1] ) {
+	  {
 	    rc = 0;
 	    goto leave; /* yes, we already know about it */
-	}
+	  }
    }
@ -1469,13 +1470,12 @@ merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock,
 		    break;
 		else if( onode->pkt->pkttype == PKT_SIGNATURE
 			 && onode->pkt->pkt.signature->sig_class == 0x20
-			 && node->pkt->pkt.signature->keyid[0]
+			 && !cmp_signatures(onode->pkt->pkt.signature,
-			    == onode->pkt->pkt.signature->keyid[0]
+					    node->pkt->pkt.signature))
-			 && node->pkt->pkt.signature->keyid[1]
+		  {
 			    == onode->pkt->pkt.signature->keyid[1] ) {
 		    found = 1;
 		    break;
-		}
+		  }
 	    }
 	    if( !found ) {
 	        char *p=get_user_id_printable (keyid);
@ -1683,20 +1683,12 @@ merge_sigs( KBNODE dst, KBNODE src, int *n_sigs,
 	    || n->pkt->pkt.signature->sig_class == 0x28 )
 	    continue; /* skip signatures which are only valid on subkeys */
 	found = 0;
-	for(n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next){
+	for(n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next)
-	    if( n2->pkt->pkttype == PKT_SIGNATURE
+	  if(!cmp_signatures(n->pkt->pkt.signature,n2->pkt->pkt.signature))
-		&& n->pkt->pkt.signature->keyid[0]
+	    {
-		   == n2->pkt->pkt.signature->keyid[0]
+	      found++;
-		&& n->pkt->pkt.signature->keyid[1]
+	      break;
 		   == n2->pkt->pkt.signature->keyid[1]
 		&& n->pkt->pkt.signature->timestamp
 		   <= n2->pkt->pkt.signature->timestamp
 		&& n->pkt->pkt.signature->sig_class
 		   == n2->pkt->pkt.signature->sig_class ) {
 		found++;
 		break;
 	    }
 	}
 	if( !found ) {
 	    /* This signature is new or newer, append N to DST.
 	     * We add a clone to the original keyblock, because this
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -660,14 +660,12 @@ proc_compressed( CTX c, PACKET *pkt )
 * Returns: 0 = valid signature or an error code
 */
 static int
-do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
+do_check_sig( CTX c, KBNODE node, int *is_selfsig,
 	      int *is_expkey, int *is_revkey )
 {
    PKT_signature *sig;
    MD_HANDLE md = NULL, md2 = NULL;
-    int algo, rc, dum2;
+    int algo, rc;
    if(!is_expkey)
      is_expkey=&dum2;
    assert( node->pkt->pkttype == PKT_SIGNATURE );
    if( is_selfsig )
@ -721,9 +719,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
    }
    else
 	return G10ERR_SIG_CLASS;
-    rc = signature_check2( sig, md, NULL, is_expkey );
+    rc = signature_check2( sig, md, NULL, is_expkey, is_revkey );
    if( rc == G10ERR_BAD_SIGN && md2 )
-	rc = signature_check2( sig, md2, NULL, is_expkey );
+	rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey );
    md_close(md);
    md_close(md2);
@ -992,7 +990,7 @@ list_node( CTX c, KBNODE node )
 	    fputs("sig", stdout);
 	if( opt.check_sigs ) {
 	    fflush(stdout);
-	    switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL )) ) {
+	    switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL )) ) {
 	      case 0:		       sigrc = '!'; break;
 	      case G10ERR_BAD_SIGN:    sigrc = '-'; break;
 	      case G10ERR_NO_PUBKEY: 
@ -1241,7 +1239,7 @@ check_sig_and_print( CTX c, KBNODE node )
 {
    PKT_signature *sig = node->pkt->pkt.signature;
    const char *astr, *tstr;
-    int rc, is_expkey=0;
+    int rc, is_expkey=0, is_revkey=0;
    if( opt.skip_verify ) {
 	log_info(_("signature verification suppressed\n"));
@ -1308,10 +1306,10 @@ check_sig_and_print( CTX c, KBNODE node )
    log_info(_("Signature made %.*s using %s key ID %08lX\n"),
 	    (int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
-    rc = do_check_sig(c, node, NULL, &is_expkey );
+    rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
    if( rc == G10ERR_NO_PUBKEY && opt.keyserver_scheme && opt.keyserver_options.auto_key_retrieve) {
 	if( keyserver_import_keyid ( sig->keyid )==0 )
-	    rc = do_check_sig(c, node, NULL, &is_expkey );
+	    rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey );
    }
    /* If the key still isn't found, try to inform the user where it
@ -1345,6 +1343,8 @@ check_sig_and_print( CTX c, KBNODE node )
 	  statno=STATUS_EXPSIG;
 	else if(is_expkey)
 	  statno=STATUS_EXPKEYSIG;
 	else if(is_revkey)
 	  statno=STATUS_REVKEYSIG;
 	else
 	  statno=STATUS_GOODSIG;
--- a/g10/packet.h
+++ b/g10/packet.h
@ -451,7 +451,7 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
 /*-- sig-check.c --*/
 int signature_check( PKT_signature *sig, MD_HANDLE digest );
 int signature_check2( PKT_signature *sig, MD_HANDLE digest,
-		      u32 *r_expiredate, int *r_expired );
+		      u32 *r_expiredate, int *r_expired, int *r_revoked );
 /*-- seckey-cert.c --*/
 int is_secret_key_protected( PKT_secret_key *sk );
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -1,5 +1,6 @@
 /* sig-check.c -  Check a signature
- * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
 *               Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -40,7 +41,7 @@ struct cmp_help_context_s {
 };
 static int do_check( PKT_public_key *pk, PKT_signature *sig,
-					 MD_HANDLE digest, int *r_expired );
+		     MD_HANDLE digest, int *r_expired, int *r_revoked );
 /****************
 * Check the signature which is contained in SIG.
@ -50,12 +51,12 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig,
 int
 signature_check( PKT_signature *sig, MD_HANDLE digest )
 {
-    return signature_check2( sig, digest, NULL, NULL );
+    return signature_check2( sig, digest, NULL, NULL, NULL );
 }
 int
 signature_check2( PKT_signature *sig, MD_HANDLE digest,
-		  u32 *r_expiredate, int *r_expired )
+		  u32 *r_expiredate, int *r_expired, int *r_revoked )
 {
    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    int rc=0;
@ -77,7 +78,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest,
    else {
        if(r_expiredate)
 	  *r_expiredate = pk->expiredate;
-	rc = do_check( pk, sig, digest, r_expired );
+	rc = do_check( pk, sig, digest, r_expired, r_revoked );
    }
    free_public_key( pk );
@ -201,12 +202,15 @@ cmp_help( void *opaque, MPI result )
 }
 static int
-do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
+do_check_messages( PKT_public_key *pk, PKT_signature *sig,
 		   int *r_expired, int *r_revoked )
 {
    u32 cur_time;
    if(r_expired)
      *r_expired = 0;
    if(r_revoked)
      *r_revoked = 0;
    if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
 	log_info(_("key %08lX: this is a PGP generated "
 		   "ElGamal key which is NOT secure for signatures!\n"),
@ -253,19 +257,22 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
 	  *r_expired = 1;
    }
    if(pk->is_revoked && r_revoked)
      *r_revoked=1;
    return 0;
 }
 static int
 do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
-						    int *r_expired )
+	  int *r_expired, int *r_revoked )
 {
    MPI result = NULL;
    int rc=0;
    struct cmp_help_context_s ctx;
-    if( (rc=do_check_messages(pk,sig,r_expired)) )
+    if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
        return rc;
    if( (rc=check_digest_algo(sig->digest_algo)) )
 	return rc;
@ -477,6 +484,8 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
 /* If check_pk is set, then use it to check the signature in node
   rather than getting it from root or the keydb. */
 /* TODO: add r_revoked here as well.  It has the same problems as
   r_expiredate and r_expired and the cache. */
 int
 check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 		      int *is_selfsig, u32 *r_expiredate, int *r_expired )
@ -510,8 +519,9 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 		if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
 		    *is_selfsig = 1;
 	    }
-	    /* TODO: should set r_expiredate here as well */
+	    /* BUG: This is wrong for non-self-sigs.. needs to be the
-	    if((rc=do_check_messages(pk,sig,r_expired)))
+	       actual pk */
 	    if((rc=do_check_messages(pk,sig,r_expired,NULL)))
 	      return rc;
            return sig->flags.valid? 0 : G10ERR_BAD_SIGN;
        }
@ -531,7 +541,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	  {
 	    md = md_open( algo, 0 );
 	    hash_public_key( md, pk );
-	    rc = do_check( pk, sig, md, r_expired );
+	    rc = do_check( pk, sig, md, r_expired, NULL );
 	    cache_sig_result ( sig, rc );
 	    md_close(md);
 	  }
@ -543,7 +553,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	    md = md_open( algo, 0 );
 	    hash_public_key( md, pk );
 	    hash_public_key( md, snode->pkt->pkt.public_key );
-	    rc = do_check( pk, sig, md, r_expired );
+	    rc = do_check( pk, sig, md, r_expired, NULL );
            cache_sig_result ( sig, rc );
 	    md_close(md);
 	}
@ -569,7 +579,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	    md = md_open( algo, 0 );
 	    hash_public_key( md, pk );
 	    hash_public_key( md, snode->pkt->pkt.public_key );
-	    rc = do_check( pk, sig, md, r_expired );
+	    rc = do_check( pk, sig, md, r_expired, NULL );
            cache_sig_result ( sig, rc );
 	    md_close(md);
 	}
@ -584,7 +594,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
    else if( sig->sig_class == 0x1f ) { /* direct key signature */
 	md = md_open( algo, 0 );
 	hash_public_key( md, pk );
-	rc = do_check( pk, sig, md, r_expired );
+	rc = do_check( pk, sig, md, r_expired, NULL );
        cache_sig_result ( sig, rc );
 	md_close(md);
    }
@ -602,12 +612,12 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 	      {
 		if( is_selfsig )
 		  *is_selfsig = 1;
-		rc = do_check( pk, sig, md, r_expired );
+		rc = do_check( pk, sig, md, r_expired, NULL );
 	      }
 	    else if (check_pk)
-	      rc=do_check(check_pk,sig,md,r_expired);
+	      rc=do_check(check_pk,sig,md,r_expired,NULL);
 	    else
-	      rc = signature_check2( sig, md, r_expiredate, r_expired );
+	      rc = signature_check2( sig, md, r_expiredate, r_expired, NULL );
            cache_sig_result ( sig, rc );
 	    md_close(md);
--- a/g10/status.c
+++ b/g10/status.c
@ -148,6 +148,7 @@ get_status_string ( int no )
      case STATUS_SIGEXPIRED     : s = "SIGEXPIRED deprecated-use-keyexpired-instead"; break;
      case STATUS_EXPSIG         : s = "EXPSIG"; break;
      case STATUS_EXPKEYSIG      : s = "EXPKEYSIG"; break;
      case STATUS_REVKEYSIG      : s = "REVKEYSIG"; break;
      case STATUS_ATTRIBUTE      : s = "ATTRIBUTE"; break;
      default: s = "?"; break;
    }
--- a/g10/status.h
+++ b/g10/status.h
@ -99,6 +99,7 @@
 #define STATUS_ATTRIBUTE        67
 #define STATUS_IMPORT_OK 	68
 #define STATUS_IMPORT_CHECK     69
 #define STATUS_REVKEYSIG        70
 /*-- status.c --*/
 void set_status_fd ( int fd );