We've been assuming that a signature directly on a public key means the
key is revoked. This isn't the case; it's used for key preferences for
example. Change the structure element names to reflect this
(revocations->sigs) and check for revoked status by looking for a
signature type of 0x20.
sigs = keysigs(sigs, uids->sigs);
}
if (revoked != NULL) {
sigs = keysigs(sigs, uids->sigs);
}
if (revoked != NULL) {
- *revoked = (publickey->revocations != NULL);
+ *revoked = publickey->revoked;
}
free_publickey(publickey);
}
}
free_publickey(publickey);
}
*/
if (oldkey != NULL) {
merge_keys(oldkey, curkey);
*/
if (oldkey != NULL) {
merge_keys(oldkey, curkey);
- if (curkey->revocations == NULL &&
+ if (curkey->sigs == NULL &&
curkey->uids == NULL &&
curkey->subkeys == NULL) {
if (prev == NULL) {
curkey->uids == NULL &&
curkey->subkeys == NULL) {
if (prev == NULL) {
sigs = keysigs(sigs, uids->sigs);
}
if (revoked != NULL) {
sigs = keysigs(sigs, uids->sigs);
}
if (revoked != NULL) {
- *revoked = (publickey->revocations != NULL);
+ *revoked = publickey->revoked;
}
free_publickey(publickey);
}
}
free_publickey(publickey);
}
*/
if (oldkey != NULL) {
merge_keys(oldkey, curkey);
*/
if (oldkey != NULL) {
merge_keys(oldkey, curkey);
- if (curkey->revocations == NULL &&
+ if (curkey->sigs == NULL &&
curkey->uids == NULL &&
curkey->subkeys == NULL) {
if (prev == NULL) {
curkey->uids == NULL &&
curkey->subkeys == NULL) {
if (prev == NULL) {
printf("%s%s%s\n",
(html) ? txt2html(buf) : buf,
(html) ? "</a>" : "",
printf("%s%s%s\n",
(html) ? txt2html(buf) : buf,
(html) ? "</a>" : "",
- (keys->revocations == NULL) ? "" :
- " *** REVOKED ***");
+ (keys->revoked) ? " *** REVOKED ***" : "");
if (fingerprint) {
display_fingerprint(keys);
}
if (fingerprint) {
display_fingerprint(keys);
}
curuid = curuid->next;
} else {
printf("%s\n",
curuid = curuid->next;
} else {
printf("%s\n",
- (keys->revocations == NULL) ? "" :
- "*** REVOKED ***");
+ (keys->revoked) ? "*** REVOKED ***": "");
if (fingerprint) {
display_fingerprint(keys);
}
if (fingerprint) {
display_fingerprint(keys);
}
type,
length,
created_time,
type,
length,
created_time,
- (keys->revocations == NULL) ? "" : "r");
+ (keys->revoked) ? "r" : "");
for (curuid = keys->uids; curuid != NULL;
curuid = curuid->next) {
for (curuid = keys->uids; curuid != NULL;
curuid = curuid->next) {
/**
* struct openpgp_publickey - An OpenPGP public key complete with sigs.
* @publickey: The OpenPGP packet for the public key.
/**
* struct openpgp_publickey - An OpenPGP public key complete with sigs.
* @publickey: The OpenPGP packet for the public key.
- * @revocation: The OpenPGP packet for the revocation [optional]
+ * @revoked: True if the key is revoked.
+ * @sigs: Any signatures directly on the publickey packet.
* @uids: The list of UIDs with signatures for this key.
* @subkeys: The list of subkeys with signatures for this key.
* @next: The next public key.
*/
struct openpgp_publickey {
struct openpgp_packet *publickey;
* @uids: The list of UIDs with signatures for this key.
* @subkeys: The list of subkeys with signatures for this key.
* @next: The next public key.
*/
struct openpgp_publickey {
struct openpgp_packet *publickey;
- struct openpgp_packet_list *revocations;
- struct openpgp_packet_list *last_revocation;
+ bool revoked;
+ struct openpgp_packet_list *sigs;
+ struct openpgp_packet_list *last_sig;
struct openpgp_signedpacket_list *uids;
struct openpgp_signedpacket_list *last_uid;
struct openpgp_signedpacket_list *subkeys;
struct openpgp_signedpacket_list *uids;
struct openpgp_signedpacket_list *last_uid;
struct openpgp_signedpacket_list *subkeys;
free_packet(key->publickey);
key->publickey = NULL;
}
free_packet(key->publickey);
key->publickey = NULL;
}
- if (key->revocations != NULL) {
- free_packet_list(key->revocations);
- key->revocations = NULL;
+ if (key->sigs != NULL) {
+ free_packet_list(key->sigs);
+ key->sigs = NULL;
}
if (key->uids != NULL) {
free_signedpacket_list(key->uids);
}
if (key->uids != NULL) {
free_signedpacket_list(key->uids);
/*
* Key IDs are the same, so I guess we have to merge them.
*/
/*
* Key IDs are the same, so I guess we have to merge them.
*/
- curpacket = b->revocations;
while (curpacket != NULL) {
nextpacket = curpacket->next;
while (curpacket != NULL) {
nextpacket = curpacket->next;
- if (find_packet(a->revocations, curpacket->packet)) {
+ if (find_packet(a->sigs, curpacket->packet)) {
- * We already have this revocation, remove it
+ * We already have this signature, remove it
* from the difference list and free the memory
* allocated for it.
*/
* from the difference list and free the memory
* allocated for it.
*/
if (lastpacket != NULL) {
lastpacket->next = curpacket->next;
} else {
if (lastpacket != NULL) {
lastpacket->next = curpacket->next;
} else {
- log_assert(curpacket == b->revocations);
- b->revocations = curpacket->next;
+ log_assert(curpacket == b->sigs);
+ b->sigs = curpacket->next;
}
curpacket->next = NULL;
free_packet_list(curpacket);
}
curpacket->next = NULL;
free_packet_list(curpacket);
}
curpacket = nextpacket;
}
}
curpacket = nextpacket;
}
- b->last_revocation = lastpacket;
+ b->last_sig = lastpacket;
- * Anything left on b->revocations doesn't exist on
- * a->revocations, so add them to the list.
+ * Anything left on b->sigs doesn't exist on
+ * a->sigs, so add them to the list.
- packet_list_add(&a->revocations,
- &a->last_revocation,
- b->revocations);
+ packet_list_add(&a->sigs,
+ &a->last_sig,
+ b->sigs);
/*
* Merge uids (signed list).
/*
* Merge uids (signed list).
+ /*
+ * If either key was revoked, make sure both the new ones are marked as
+ * being so.
+ */
+ if (a->revoked || b->revoked) {
+ a->revoked = b->revoked = true;
+ }
+
case 2:
/*
* It's a signature packet. Add it to either the public
case 2:
/*
* It's a signature packet. Add it to either the public
- * key (it should be a revocation), to the current UID
- * or the current subkey.
+ * key, to the current UID or the current subkey.
*/
log_assert(curkey != NULL);
if (curkey->subkeys != NULL) {
*/
log_assert(curkey != NULL);
if (curkey->subkeys != NULL) {
packet_dup(packets->packet));
} else {
ADD_PACKET_TO_LIST_END(curkey,
packet_dup(packets->packet));
} else {
ADD_PACKET_TO_LIST_END(curkey,
packet_dup(packets->packet));
packet_dup(packets->packet));
+ /*
+ * This is a signature on the public key; check
+ * if it's a revocation.
+ */
+ if (packets->packet->data[0] == 3 &&
+ packets->packet->data[2] == 0x20) {
+ /*
+ * Type 3 key, 0x20 == revocation
+ */
+ curkey->revoked = true;
+ } else if (packets->packet->data[0] == 4 &&
+ packets->packet->data[1] == 0x20) {
+ /*
+ * Type 4 key, 0x20 == revocation
+ */
+ curkey->revoked = true;
+ }
- * Now do any revocation signatures on the main key.
+ * Now do any signatures on the main key.
- for (tmplist = key->revocations; tmplist != NULL;
+ for (tmplist = key->sigs; tmplist != NULL;
tmplist = tmplist->next) {
ADD_PACKET_TO_LIST((*list_end),
packet_dup(tmplist->packet));
tmplist = tmplist->next) {
ADD_PACKET_TO_LIST((*list_end),
packet_dup(tmplist->packet));