* keygen.c (do_add_key_flags): Don't set the certify flag for subkeys.

(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal subkeys.
(generate_keypair): Provide key flags for the default DSA/Elgamal keys.

* sig-check.c (signature_check, signature_check2, check_key_signature,
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.

* trustdb.h, trustdb.c (read_trust_options): New.  Returns items from the
trustdb version record.

* keylist.c (public_key_list): Use it here for the new "tru" record.

* gpgv.c (read_trust_options): Stub.

1 files changed, 13 insertions, 14 deletions

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 53363f8f9..c2add6174 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -50,9 +50,7 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
 int
 signature_check( PKT_signature *sig, MD_HANDLE digest )
 {
-    u32 dummy;
-    int dum2;
-    return signature_check2( sig, digest, &dummy, &dum2, NULL );
+    return signature_check2( sig, digest, NULL, NULL, NULL );
 }
 
 int
@@ -62,8 +60,6 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
     PKT_public_key *pk = m_alloc_clear( sizeof *pk );
     int rc=0;
 
-    *r_expiredate = 0;
-
     /* Sanity check that the md has a context for the hash that the
        sig is expecting.  This can happen if a onepass sig header does
        not match the actual sig, and also if the clearsign "Hash:"
@@ -79,7 +75,8 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
         rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
 				 invalid subkey */
     else {
-	*r_expiredate = pk->expiredate;
+        if(r_expiredate)
+	  *r_expiredate = pk->expiredate;
 	rc = do_check( pk, sig, digest, r_expired, ret_pk );
     }
 
@@ -208,7 +205,8 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
 {
     u32 cur_time;
 
-    *r_expired = 0;
+    if(r_expired)
+      *r_expired = 0;
     if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
 	log_info(_("key %08lX: this is a PGP generated "
 		   "ElGamal key which is NOT secure for signatures!\n"),
@@ -251,7 +249,8 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, int *r_expired )
 	sprintf(buf,"%lu",(ulong)pk->expiredate);
 	write_status_text(STATUS_KEYEXPIRED,buf);
 	write_status(STATUS_SIGEXPIRED);
-	*r_expired = 1;
+	if(r_expired)
+	  *r_expired = 1;
     }
 
     return 0;
@@ -476,10 +475,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
 int
 check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
 {
-    u32 dummy;
-    int dum2;
-    return check_key_signature2(root, node, NULL, NULL,
-				is_selfsig, &dummy, &dum2 );
+  return check_key_signature2(root, node, NULL, NULL, is_selfsig, NULL, NULL );
 }
 
 /* If check_pk is set, then use it to check the signature in node
@@ -499,8 +495,10 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 
     if( is_selfsig )
 	*is_selfsig = 0;
-    *r_expiredate = 0;
-    *r_expired = 0;
+    if( r_expiredate )
+        *r_expiredate = 0;
+    if( r_expired )
+        *r_expired = 0;
     assert( node->pkt->pkttype == PKT_SIGNATURE );
     assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
 
@@ -518,6 +516,7 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
 		if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
 		    *is_selfsig = 1;
 	    }
+	    /* TODO: should set r_expiredate here as well */
 	    if((rc=do_check_messages(pk,sig,r_expired)))
 	      return rc;
             return sig->flags.valid? 0 : G10ERR_BAD_SIGN;