diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-05-13 11:18:42 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-05-13 11:18:42 +0000 |
commit | 662e7c176ee8a6f3c5f98a62b3a202a85ef0aa87 (patch) | |
tree | 585744fede9dd7536ff170a8562b88701d16f04a /libextra | |
parent | 8f61799a21d8ab845723fd2d5e89941b59a7a5fe (diff) | |
download | gnutls-662e7c176ee8a6f3c5f98a62b3a202a85ef0aa87.tar.gz |
updated opencdk to report if any key signer was found.
Diffstat (limited to 'libextra')
-rw-r--r-- | libextra/opencdk/Makefile.am | 2 | ||||
-rw-r--r-- | libextra/opencdk/README | 3 | ||||
-rw-r--r-- | libextra/opencdk/opencdk.h | 6 | ||||
-rw-r--r-- | libextra/opencdk/sig-check.c | 39 | ||||
-rw-r--r-- | libextra/openpgp/verify.c | 4 |
5 files changed, 40 insertions, 14 deletions
diff --git a/libextra/opencdk/Makefile.am b/libextra/opencdk/Makefile.am index a5bf469b69..7366c719ed 100644 --- a/libextra/opencdk/Makefile.am +++ b/libextra/opencdk/Makefile.am @@ -1,5 +1,5 @@ INCLUDES = -I../../ -DVERSION=\"gnutls/opencdk\" -EXTRA_DIST = md.h packet.h opencdk.h context.h \ +EXTRA_DIST = md.h packet.h opencdk.h context.h README \ main.h cipher.h stream.h types.h filters.h noinst_LTLIBRARIES = libopencdk.la libopencdk_la_SOURCES = new-packet.c \ diff --git a/libextra/opencdk/README b/libextra/opencdk/README new file mode 100644 index 0000000000..16c1379c38 --- /dev/null +++ b/libextra/opencdk/README @@ -0,0 +1,3 @@ +This is just a mirror of the files in the opencdk's src/ +directory. + diff --git a/libextra/opencdk/opencdk.h b/libextra/opencdk/opencdk.h index c86bc01def..ea0f30e4ac 100644 --- a/libextra/opencdk/opencdk.h +++ b/libextra/opencdk/opencdk.h @@ -23,7 +23,7 @@ #include <stdarg.h> -#define OPENCDK_VERSION "0.5.4" +#define OPENCDK_VERSION "0.5.5" #ifdef __cplusplus extern "C" { @@ -113,6 +113,7 @@ typedef enum { CDK_Inv_Packet_Ver = 23, CDK_Too_Short = 24, CDK_Unusable_Key = 25, + CDK_Self_Sig = 26 } cdk_error_t; @@ -266,7 +267,8 @@ enum cdk_key_flag_t { CDK_KEY_VALID = 0, CDK_KEY_INVALID = 1, /* missing or wrong self signature */ CDK_KEY_EXPIRED = 2, - CDK_KEY_REVOKED = 4 + CDK_KEY_REVOKED = 4, + CDK_KEY_NO_SIGNERS = 8 }; enum cdk_trust_flag_t { diff --git a/libextra/opencdk/sig-check.c b/libextra/opencdk/sig-check.c index fff4223b05..064f5b40cb 100644 --- a/libextra/opencdk/sig-check.c +++ b/libextra/opencdk/sig-check.c @@ -285,21 +285,30 @@ _cdk_pk_check_sig( cdk_keydb_hd_t hd, cdk_kbnode_t knode, cdk_kbnode_t snode ) } cdk_kbnode_hash( knode, md, 0, 0, 0 ); cdk_kbnode_hash( node, md, sig->version==4, 0, 0 ); - if( pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1] ) - rc = _cdk_sig_check( pk, sig, md, &is_expired ); - else if( hd ) { + if( hd ) { rc = cdk_keydb_get_pk( hd, sig->keyid, &sig_pk ); if( !rc ) rc = _cdk_sig_check( sig_pk, sig, md, &is_expired ); _cdk_free_pubkey( sig_pk ); } + + if (!hd || rc==CDK_Error_No_Key) { + /* Only check the self signature if the given key + * is not in the keydb. + */ + if( pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1] ) { + rc = _cdk_sig_check( pk, sig, md, &is_expired ); + if (rc == 0) + rc = CDK_Self_Sig; + } + } + } fail: cdk_md_close( md ); return rc; } - /** * cdk_pk_check_sigs: * @knode: the key node @@ -318,6 +327,7 @@ cdk_pk_check_sigs( cdk_kbnode_t knode, cdk_keydb_hd_t hd, int * r_status ) u32 keyid = 0; int key_status = 0; int rc = 0; + int checked_one = 0; if( !knode || !r_status ) return CDK_Inv_Value; @@ -344,15 +354,28 @@ cdk_pk_check_sigs( cdk_kbnode_t knode, cdk_keydb_hd_t hd, int * r_status ) sig->flags.missing_key = 1; continue; } - else if( rc && rc != CDK_Error_No_Key ) { - *r_status = CDK_KEY_INVALID; - break; /* invalid self signature or key signature */ + else if( rc) { + if (rc != CDK_Self_Sig && rc != CDK_Error_No_Key) { + /* invalid self signature or key signature */ + + *r_status = CDK_KEY_INVALID; + rc = 0; /* it's ok even if the verification failed. */ + goto finish; + } } + if (rc != CDK_Self_Sig) checked_one = 1; + else rc = 0; /* a self sig is not a fatal error. */ + _cdk_log_debug( "signature %s: signer %08lX keyid %08lX\n", rc==CDK_Bad_Sig? "BAD" : "good", sig->keyid[1], keyid ); } - if( !rc || rc == CDK_Error_No_Key ) + + if( !rc || rc == CDK_Error_No_Key) *r_status = CDK_KEY_VALID; + + if(checked_one==0) *r_status |= CDK_KEY_NO_SIGNERS; + +finish: return rc; } diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c index 865c6f0bff..35cf8cf8db 100644 --- a/libextra/openpgp/verify.c +++ b/libextra/openpgp/verify.c @@ -125,9 +125,7 @@ int gnutls_openpgp_key_verify_ring( gnutls_openpgp_key key, if (status & CDK_KEY_INVALID) *verify |= GNUTLS_CERT_INVALID; if (status & CDK_KEY_REVOKED) *verify |= GNUTLS_CERT_REVOKED; - - /* FIXME: CHECK HERE IF THE WAS ANY SIGNER - */ + if (status & CDK_KEY_NO_SIGNERS) *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND; return 0; } |