diff options
author | Werner Koch <wk@gnupg.org> | 2008-04-16 10:23:23 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2008-04-16 10:23:23 +0200 |
commit | 18351bf8da102d7e874658ec099bf2f4beb2369f (patch) | |
tree | 4bc48357434c4ea3697b264ebaa240bbd7c431c8 /g10 | |
parent | Add executable flag to test scripts. (diff) | |
download | gnupg2-18351bf8da102d7e874658ec099bf2f4beb2369f.tar.xz gnupg2-18351bf8da102d7e874658ec099bf2f4beb2369f.zip |
If there are multiple 0x19 backsigs, take the most recent one. (from 1.4).
add log-file and debug-level to the --gpgconf-list.
Diffstat (limited to 'g10')
-rw-r--r-- | g10/ChangeLog | 5 | ||||
-rw-r--r-- | g10/getkey.c | 100 | ||||
-rw-r--r-- | g10/gpg.c | 3 |
3 files changed, 81 insertions, 27 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 6e59a1414..0edfb7a28 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2008-04-15 David Shaw <dshaw@jabberwocky.com> + + * getkey.c (merge_selfsigs_subkey): If there are multiple 0x19 + backsigs, take the most recent one. + 2008-04-08 Werner Koch <wk@g10code.com> * options.h (opt): Add AKL_NODEFAULT and AKL_LOCAL. diff --git a/g10/getkey.c b/g10/getkey.c index 2e4ee92b7..7c7867696 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2081,6 +2081,26 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) } } +/* Convert a buffer to a signature. Useful for 0x19 embedded sigs. + Caller must free the signature when they are done. */ +static PKT_signature * +buf_to_sig(const byte *buf,size_t len) +{ + PKT_signature *sig=xmalloc_clear(sizeof(PKT_signature)); + IOBUF iobuf=iobuf_temp_with_content(buf,len); + int save_mode=set_packet_list_mode(0); + + if(parse_signature(iobuf,PKT_SIGNATURE,len,sig)!=0) + { + xfree(sig); + sig=NULL; + } + + set_packet_list_mode(save_mode); + iobuf_close(iobuf); + + return sig; +} static void merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) @@ -2187,48 +2207,74 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) subpk->is_valid = 1; - /* Find the first 0x19 embedded signature on our self-sig. */ + /* Find the most recent 0x19 embedded signature on our self-sig. */ if(subpk->backsig==0) { int seq=0; size_t n; + PKT_signature *backsig=NULL; + + sigdate=0; /* We do this while() since there may be other embedded signatures in the future. We only want 0x19 here. */ + while((p=enum_sig_subpkt(sig->hashed, SIGSUBPKT_SIGNATURE,&n,&seq,NULL))) if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19))) - break; + { + PKT_signature *tempsig=buf_to_sig(p,n); + if(tempsig) + { + if(tempsig->timestamp>sigdate) + { + if(backsig) + free_seckey_enc(backsig); - if(p==NULL) - { - seq=0; - /* It is safe to have this in the unhashed area since the - 0x19 is located on the selfsig for convenience, not - security. */ - while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE, - &n,&seq,NULL))) - if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19))) - break; - } + backsig=tempsig; + sigdate=backsig->timestamp; + } + else + free_seckey_enc(tempsig); + } + } - if(p) - { - PKT_signature *backsig=xmalloc_clear(sizeof(PKT_signature)); - IOBUF backsig_buf=iobuf_temp_with_content(p,n); - int save_mode=set_packet_list_mode(0); + seq=0; - if(parse_signature(backsig_buf,PKT_SIGNATURE,n,backsig)==0) - { - if(check_backsig(mainpk,subpk,backsig)==0) - subpk->backsig=2; - else - subpk->backsig=1; - } + /* It is safe to have this in the unhashed area since the 0x19 + is located on the selfsig for convenience, not security. */ - set_packet_list_mode(save_mode); + while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE, + &n,&seq,NULL))) + if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19))) + { + PKT_signature *tempsig=buf_to_sig(p,n); + if(tempsig) + { + if(tempsig->timestamp>sigdate) + { + if(backsig) + free_seckey_enc(backsig); + + backsig=tempsig; + sigdate=backsig->timestamp; + } + else + free_seckey_enc(tempsig); + } + } + + if(backsig) + { + /* At ths point, backsig contains the most recent 0x19 sig. + Let's see if it is good. */ + + /* 2==valid, 1==invalid, 0==didn't check */ + if(check_backsig(mainpk,subpk,backsig)==0) + subpk->backsig=2; + else + subpk->backsig=1; - iobuf_close(backsig_buf); free_seckey_enc(backsig); } } @@ -1552,6 +1552,9 @@ gpgconf_list (const char *configfile) printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE); printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE); printf ("allow-pka-lookup:%lu:\n", GC_OPT_FLAG_NONE); + printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE); + printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT); + xfree (configfile_esc); } |