* getkey.c (merge_selfsigs_main), main.h, sig-check.c
authorDavid Shaw <dshaw@jabberwocky.com>
Sun, 29 Dec 2002 15:58:44 +0000 (15:58 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Sun, 29 Dec 2002 15:58:44 +0000 (15:58 +0000)
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.

g10/ChangeLog
g10/getkey.c
g10/main.h
g10/sig-check.c

index 798e4ce..34020c9 100644 (file)
@@ -1,3 +1,11 @@
+2002-12-29  David Shaw  <dshaw@jabberwocky.com>
+
+       * getkey.c (merge_selfsigs_main), main.h, sig-check.c
+       (check_key_signature2): Pass the ultimately trusted pk directly to
+       check_key_signature2 to avoid going through the key selection
+       mechanism.  This prevents a deadly embrace when two keys without
+       selfsigs each sign the other.
+
 2002-12-27  David Shaw  <dshaw@jabberwocky.com>
 
        * keyserver.c (keyserver_refresh): Don't print the "refreshing..."
index abc8b27..0e41f2d 100644 (file)
@@ -1571,6 +1571,8 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
            else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
              {
                PKT_signature *sig = k->pkt->pkt.signature;
+               u32 dummy;
+               int dum2;
 
                if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
                  {
@@ -1584,9 +1586,10 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                        trusted key is still valid - if it has been
                        revoked or the user should also renmove the
                        ultimate trust flag.  */
-                   if(get_pubkey_fast(ultimate_pk,sig->keyid)==0 &&
-                      check_key_signature(keyblock,k,NULL)==0 &&
-                      get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
+                   if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
+                      && check_key_signature2(keyblock,k,ultimate_pk,
+                                              NULL,&dummy,&dum2)==0
+                      && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
                      {
                        free_public_key(ultimate_pk);
                        pk->is_valid=1;
index 03d43e1..4186534 100644 (file)
@@ -113,7 +113,7 @@ int sign_symencrypt_file (const char *fname, STRLIST locusr);
 /*-- sig-check.c --*/
 int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig);
 int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
-int check_key_signature2( KBNODE root, KBNODE node,
+int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
                          int *is_selfsig, u32 *r_expiredate, int *r_expired );
 
 /*-- delkey.c --*/
index c068e44..6468cf9 100644 (file)
@@ -475,12 +475,14 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
 {
     u32 dummy;
     int dum2;
-    return check_key_signature2(root, node, is_selfsig, &dummy, &dum2 );
+    return check_key_signature2(root, node, NULL, is_selfsig, &dummy, &dum2 );
 }
 
+/* If check_pk is set, then use it to check the signature in node
+   rather than getting it from root or the keydb. */
 int
-check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
-                                      u32 *r_expiredate, int *r_expired )
+check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
+                     int *is_selfsig, u32 *r_expiredate, int *r_expired )
 {
     MD_HANDLE md;
     PKT_public_key *pk;
@@ -595,14 +597,17 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
            md = md_open( algo, 0 );
            hash_public_key( md, pk );
            hash_uid_node( unode, md, sig );
-           if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
+           if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
+             {
                if( is_selfsig )
-                   *is_selfsig = 1;
+                 *is_selfsig = 1;
                rc = do_check( pk, sig, md, r_expired );
-           }
-           else {
-               rc = signature_check2( sig, md, r_expiredate, r_expired );
-           }
+             }
+           else if (check_pk)
+             rc=do_check(check_pk,sig,md,r_expired);
+           else
+             rc = signature_check2( sig, md, r_expiredate, r_expired );
+
             cache_sig_result ( sig, rc );
            md_close(md);
        }