* keyedit.c (menu_addrevoker): Properly back out if the signature fails.

Also, do not allow appointing the same revoker twice, and report
ALREADY_SIGNED if the user tries it.

1 files changed, 38 insertions, 4 deletions

diff --git a/g10/keyedit.c b/g10/keyedit.c
index 5743944d2..71d2858b7 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -2326,6 +2326,11 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
 	  continue;
 	}
 
+      revkey.class=0x80;
+      if(sensitive)
+	revkey.class|=0x40;
+      revkey.algid=revoker_pk->pubkey_algo;
+
       if(cmp_public_keys(revoker_pk,pk)==0)
 	{
 	  /* This actually causes no harm (after all, a key that
@@ -2333,9 +2338,41 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
 	     regular key), but it's easy enough to check. */
 	  log_error(_("you cannot appoint a key as its own "
 		      "designated revoker\n"));
+
 	  continue;
 	}
 
+      keyid_from_pk(pk,NULL);
+
+      /* Does this revkey already exist? */
+      if(!pk->revkey && pk->numrevkeys)
+	BUG();
+      else
+	{
+	  int i;
+
+	  for(i=0;i<pk->numrevkeys;i++)
+	    {
+	      if(memcmp(&pk->revkey[i],&revkey,
+			sizeof(struct revocation_key))==0)
+		{
+		  char buf[50];
+
+		  log_error(_("this key has already been designated "
+			      "as a revoker\n"));
+
+		  sprintf(buf,"%08lX%08lX",
+			  (ulong)pk->keyid[0],(ulong)pk->keyid[1]);
+		  write_status_text(STATUS_ALREADY_SIGNED,buf);
+
+		  break;
+		}
+	    }
+
+	  if(i<pk->numrevkeys)
+	    continue;
+	}
+
       keyid_from_pk(revoker_pk,keyid);
 
       tty_printf("\npub  %4u%c/%08lX %s   ",
@@ -2360,11 +2397,8 @@ menu_addrevoker( KBNODE pub_keyblock, KBNODE sec_keyblock, int sensitive )
 				"key as a designated revoker? (y/N): "))
 	continue;
 
-      revkey.class=0x80;
-      if(sensitive)
-	revkey.class|=0x40;
-      revkey.algid=revoker_pk->pubkey_algo;
       free_public_key(revoker_pk);
+      revoker_pk=NULL;
       break;
     }