updated opencdk to report if any key signer was found.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-05-13 11:18:42 +0000
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2004-05-13 11:18:42 +0000
commit: 662e7c176ee8a6f3c5f98a62b3a202a85ef0aa87 (patch)
tree: 585744fede9dd7536ff170a8562b88701d16f04a /libextra
parent: 8f61799a21d8ab845723fd2d5e89941b59a7a5fe (diff)
download: gnutls-662e7c176ee8a6f3c5f98a62b3a202a85ef0aa87.tar.gz
5 files changed, 40 insertions, 14 deletions
diff --git a/libextra/opencdk/Makefile.am b/libextra/opencdk/Makefile.am
index a5bf469b69..7366c719ed 100644
--- a/libextra/opencdk/Makefile.am
+++ b/libextra/opencdk/Makefile.am
@@ -1,5 +1,5 @@
 INCLUDES = -I../../ -DVERSION=\"gnutls/opencdk\"
-EXTRA_DIST =  md.h packet.h opencdk.h context.h \
+EXTRA_DIST =  md.h packet.h opencdk.h context.h README \
         main.h cipher.h stream.h types.h filters.h
 noinst_LTLIBRARIES = libopencdk.la
 libopencdk_la_SOURCES = new-packet.c \
diff --git a/libextra/opencdk/README b/libextra/opencdk/README
new file mode 100644
index 0000000000..16c1379c38
--- /dev/null
+++ b/libextra/opencdk/README
@@ -0,0 +1,3 @@
+This is just a mirror of the files in the opencdk's src/
+directory.
+
diff --git a/libextra/opencdk/opencdk.h b/libextra/opencdk/opencdk.h
index c86bc01def..ea0f30e4ac 100644
--- a/libextra/opencdk/opencdk.h
+++ b/libextra/opencdk/opencdk.h
@@ -23,7 +23,7 @@
 
 #include <stdarg.h>
 
-#define OPENCDK_VERSION "0.5.4"
+#define OPENCDK_VERSION "0.5.5"
 
 #ifdef __cplusplus
 extern "C" {
@@ -113,6 +113,7 @@ typedef enum {
     CDK_Inv_Packet_Ver = 23,
     CDK_Too_Short = 24,
     CDK_Unusable_Key = 25,
+    CDK_Self_Sig = 26
 } cdk_error_t;
 
 
@@ -266,7 +267,8 @@ enum cdk_key_flag_t {
     CDK_KEY_VALID   = 0,
     CDK_KEY_INVALID = 1, /* missing or wrong self signature */
     CDK_KEY_EXPIRED = 2,
-    CDK_KEY_REVOKED = 4
+    CDK_KEY_REVOKED = 4,
+    CDK_KEY_NO_SIGNERS = 8
 };
 
 enum cdk_trust_flag_t {
diff --git a/libextra/opencdk/sig-check.c b/libextra/opencdk/sig-check.c
index fff4223b05..064f5b40cb 100644
--- a/libextra/opencdk/sig-check.c
+++ b/libextra/opencdk/sig-check.c
@@ -285,21 +285,30 @@ _cdk_pk_check_sig( cdk_keydb_hd_t hd, cdk_kbnode_t knode, cdk_kbnode_t snode )
         }
         cdk_kbnode_hash( knode, md, 0, 0, 0 );
         cdk_kbnode_hash( node, md, sig->version==4, 0, 0 );
-        if( pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1] )
-            rc = _cdk_sig_check( pk, sig, md, &is_expired );
-        else if( hd ) {
+        if( hd ) {
             rc = cdk_keydb_get_pk( hd, sig->keyid, &sig_pk );
             if( !rc )
                 rc = _cdk_sig_check( sig_pk, sig, md, &is_expired );
             _cdk_free_pubkey( sig_pk );
 	}
+
+        if (!hd || rc==CDK_Error_No_Key) {
+               /* Only check the self signature if the given key
+                * is not in the keydb.
+                */
+               if( pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1] ) {
+                  rc = _cdk_sig_check( pk, sig, md, &is_expired );
+                  if (rc == 0)
+                     rc = CDK_Self_Sig;
+               }
+        }
+
     }
  fail:
     cdk_md_close( md );
     return rc;
 }
 
-
 /**
  * cdk_pk_check_sigs:
  * @knode: the key node
@@ -318,6 +327,7 @@ cdk_pk_check_sigs( cdk_kbnode_t knode, cdk_keydb_hd_t hd, int * r_status )
     u32 keyid = 0;
     int key_status = 0;
     int rc = 0;
+    int checked_one = 0;
 
     if( !knode || !r_status )
         return CDK_Inv_Value;
@@ -344,15 +354,28 @@ cdk_pk_check_sigs( cdk_kbnode_t knode, cdk_keydb_hd_t hd, int * r_status )
             sig->flags.missing_key = 1;
             continue;
         }
-        else if( rc && rc != CDK_Error_No_Key ) {
-            *r_status = CDK_KEY_INVALID;
-            break; /* invalid self signature or key signature */
+        else if( rc) {
+            if (rc != CDK_Self_Sig && rc != CDK_Error_No_Key) {
+               /* invalid self signature or key signature */
+
+               *r_status = CDK_KEY_INVALID;
+               rc = 0; /* it's ok even if the verification failed. */
+               goto finish; 
+            }
         }
+        if (rc != CDK_Self_Sig) checked_one = 1;
+        else rc = 0; /* a self sig is not a fatal error. */
+
         _cdk_log_debug( "signature %s: signer %08lX keyid %08lX\n",
                         rc==CDK_Bad_Sig? "BAD" : "good", sig->keyid[1],
                         keyid );
     }
-    if( !rc || rc == CDK_Error_No_Key )
+
+    if( !rc || rc == CDK_Error_No_Key)
         *r_status = CDK_KEY_VALID;
+
+    if(checked_one==0) *r_status |= CDK_KEY_NO_SIGNERS;
+
+finish:
     return rc;
 }
diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c
index 865c6f0bff..35cf8cf8db 100644
--- a/libextra/openpgp/verify.c
+++ b/libextra/openpgp/verify.c
@@ -125,9 +125,7 @@ int gnutls_openpgp_key_verify_ring( gnutls_openpgp_key key,
 
     if (status & CDK_KEY_INVALID) *verify |= GNUTLS_CERT_INVALID;
     if (status & CDK_KEY_REVOKED) *verify |= GNUTLS_CERT_REVOKED;
-
-    /* FIXME: CHECK HERE IF THE WAS ANY SIGNER
-     */
+    if (status & CDK_KEY_NO_SIGNERS) *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
 
     return 0;
 }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-05-13 11:18:42 +0000
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2004-05-13 11:18:42 +0000
commit	662e7c176ee8a6f3c5f98a62b3a202a85ef0aa87 (patch)
tree	585744fede9dd7536ff170a8562b88701d16f04a /libextra
parent	8f61799a21d8ab845723fd2d5e89941b59a7a5fe (diff)
download	gnutls-662e7c176ee8a6f3c5f98a62b3a202a85ef0aa87.tar.gz