Commit c8f12e21 authored by Werner Koch's avatar Werner Koch

changed structure of trustdb

parent 3bcd3cd7
## Process this file with automake to produce Makefile.in
SUBDIRS = @INTLSUB@ @POSUB@ util mpi cipher tools g10
SUBDIRS = util mpi cipher tools g10
EXTRA_DIST = VERSION
......
This diff is collapsed.
......@@ -12,14 +12,6 @@
* add signal handling
* enable a SIGSEGV handler while using zlib functions
* PGP writes the signature and then the file, this is not
a good idea, we can't write such files if we take input from stdin.
So the solution will: accept such packet, but write
signature the corret way: first the data and then the signature[s]
this is much easier to check, also we must read the entire data
before we can check wether we have the pubkey or not. The one-pass
signature packets should be implemented to avoid this.
* complete cipher/cast.c
* complete cipher/dsa.c
......
This diff is collapsed.
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I$(top_srcdir)/include
EXTRA_DIST = @CIPHER_EXTRA_DIST@
noinst_LIBRARIES = cipher
noinst_LIBRARIES = libcipher.a
cipher_SOURCES = blowfish.c \
libcipher_a_SOURCES = blowfish.c \
blowfish.h \
elgamal.c \
elgamal.h \
......@@ -27,6 +27,8 @@ cipher_SOURCES = blowfish.c \
misc.c \
smallprime.c
cipher_LIBADD = @CIPHER_EXTRA_OBJS@
libcipher_a_LIBADD = @CIPHER_EXTRA_OBJS@
$(LIBRARIES): @CIPHER_EXTRA_OBJS@
This diff is collapsed.
......@@ -23,49 +23,21 @@
/* Define if using alloca.c. */
#undef C_ALLOCA
/* Define to empty if the keyword does not work. */
#undef const
/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems.
This function is required for alloca.c support on those systems. */
#undef CRAY_STACKSEG_END
/* Define if you have alloca, as a function or macro. */
#undef HAVE_ALLOCA
/* Define if you have <alloca.h> and it should be used (not on Ultrix). */
#undef HAVE_ALLOCA_H
/* Define if you don't have vprintf but do have _doprnt. */
#undef HAVE_DOPRNT
/* Define if you have a working `mmap' system call. */
#undef HAVE_MMAP
/* Define if you have the vprintf function. */
#undef HAVE_VPRINTF
/* Define as __inline if that's what the C compiler calls it. */
#undef inline
/* Define to `long' if <sys/types.h> doesn't define. */
#undef off_t
/* Define to `unsigned' if <sys/types.h> doesn't define. */
#undef size_t
/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at run-time.
STACK_DIRECTION > 0 => grows toward higher addresses
STACK_DIRECTION < 0 => grows toward lower addresses
STACK_DIRECTION = 0 => direction of growth unknown
*/
#undef STACK_DIRECTION
/* Define if you have the ANSI C header files. */
#undef STDC_HEADERS
......@@ -74,20 +46,6 @@
#undef PACKAGE
#undef G10_LOCALEDIR
/* Define if your locale.h file contains LC_MESSAGES. */
#undef HAVE_LC_MESSAGES
/* Define to 1 if NLS is requested. */
#undef ENABLE_NLS
/* Define as 1 if you have catgets and don't want to use GNU gettext. */
#undef HAVE_CATGETS
/* Define as 1 if you have gettext and don't want to use GNU gettext. */
#undef HAVE_GETTEXT
#undef HAVE_STPCPY
#undef BIG_ENDIAN_HOST
#undef LITTLE_ENDIAN_HOST
......@@ -115,45 +73,18 @@
/* The number of bytes in a unsigned short. */
#undef SIZEOF_UNSIGNED_SHORT
/* Define if you have the dcgettext function. */
#undef HAVE_DCGETTEXT
/* Define if you have the getcwd function. */
#undef HAVE_GETCWD
/* Define if you have the getpagesize function. */
#undef HAVE_GETPAGESIZE
/* Define if you have the mlock function. */
#undef HAVE_MLOCK
/* Define if you have the mmap function. */
#undef HAVE_MMAP
/* Define if you have the munmap function. */
#undef HAVE_MUNMAP
/* Define if you have the putenv function. */
#undef HAVE_PUTENV
/* Define if you have the rand function. */
#undef HAVE_RAND
/* Define if you have the setenv function. */
#undef HAVE_SETENV
/* Define if you have the setlocale function. */
#undef HAVE_SETLOCALE
/* Define if you have the stpcpy function. */
#undef HAVE_STPCPY
/* Define if you have the strcasecmp function. */
#undef HAVE_STRCASECMP
/* Define if you have the strchr function. */
#undef HAVE_STRCHR
/* Define if you have the strerror function. */
#undef HAVE_STRERROR
......@@ -166,36 +97,12 @@
/* Define if you have the tcgetattr function. */
#undef HAVE_TCGETATTR
/* Define if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H
/* Define if you have the <locale.h> header file. */
#undef HAVE_LOCALE_H
/* Define if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H
/* Define if you have the <nl_types.h> header file. */
#undef HAVE_NL_TYPES_H
/* Define if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
/* Define if you have the <values.h> header file. */
#undef HAVE_VALUES_H
/* Define if you have the <zlib.h> header file. */
#undef HAVE_ZLIB_H
/* Define if you have the i library (-li). */
#undef HAVE_LIBI
/* Define if you have the intl library (-lintl). */
#undef HAVE_LIBINTL
/* The AC_CHECK_SIZEOF() fails for some machines.
* we provide some fallback values here */
......
......@@ -5,7 +5,10 @@ dnl (Process this file with autoconf to produce a configure script.)
AC_INIT(g10/g10.c)
AC_CONFIG_AUX_DIR(scripts)
AC_CONFIG_HEADER(config.h)
dnl Ooops: automake 1.2d looks for AC_CONFIG_HEADER (and not AM_..)
dnl to decide where config.h is - so we have to add it to
dnl every makefile.am
AM_CONFIG_HEADER(config.h)
if test "x$exec_prefix" = xNONE ; then
......@@ -45,6 +48,14 @@ WK_CHECK_CACHE
dnl Checks for programs.
AC_PROG_MAKE_SET
AC_ARG_PROGRAM
missing_dir=`cd $ac_aux_dir && pwd`
AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir)
AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir)
AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir)
dnl AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir)
case "${target}" in
i386--mingw32)
......@@ -64,16 +75,15 @@ AC_PROG_CPP
esac
AC_ARG_PROGRAM
dnl Checks for libraries.
dnl Checks for header files.
AC_HEADER_STDC
AC_CHECK_HEADERS(unistd.h)
ud_GNU_GETTEXT
WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
dnl AM_GNU_GETTEXT
dnl WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
AC_MSG_WARN([i18n disabled for this release - sorry])
dnl Checks for typedefs, structures, and compiler characteristics.
......
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include
INCLUDES = -I.. -I$(top_srcdir)/include
EXTRA_DIST = OPTIONS
needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
bin_PROGRAMS = g10
bin_PROGRAMS = g10 g10maint
g10_SOURCES = g10.c \
common_source = \
build-packet.c \
compress.c \
encode.c \
encr-data.c \
filter.h \
free-packet.c \
getkey.c \
......@@ -18,7 +17,6 @@ g10_SOURCES = g10.c \
skclist.c \
ringedit.c \
kbnode.c \
keygen.c \
main.h \
mainproc.c \
armor.c \
......@@ -35,22 +33,29 @@ g10_SOURCES = g10.c \
packet.h \
parse-packet.c \
passphrase.c \
plaintext.c \
pubkey-enc.c \
seckey-cert.c \
seskey.c \
sign.c \
import.c \
export.c \
comment.c \
status.c \
status.h \
sign.c \
plaintext.c \
encr-data.c \
encode.c \
sig-check.c
g10_SOURCES = g10.c \
$(common_source) \
keygen.c
LDADD = -L ../cipher -L ../mpi -L ../util \
-lcipher -lmpi -lutil
g10maint_SOURCES = g10maint.c \
$(common_source)
LDADD = $(needed_libs)
$(PROGRAMS): ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
$(PROGRAMS): $(needed_libs)
This diff is collapsed.
......@@ -42,18 +42,15 @@
enum cmd_values { aNull = 0,
aSym, aStore, aEncr, aPrimegen, aKeygen, aSign, aSignEncr,
aPrintMDs, aSignKey, aClearsig, aListPackets, aEditSig,
aKMode, aKModeC, aChangePass, aImport, aListTrustDB,
aListTrustPath, aExport,
aSym, aStore, aEncr, aKeygen, aSign, aSignEncr,
aSignKey, aClearsig, aListPackets, aEditSig,
aKMode, aKModeC, aChangePass, aImport,
aExport,
aTest };
static void set_cmd( enum cmd_values *ret_cmd,
enum cmd_values new_cmd );
static void print_hex( byte *p, size_t n );
static void print_mds( const char *fname );
static void do_test(int);
const char *
strusage( int level )
......@@ -104,7 +101,7 @@ strusage( int level )
static void
i18n_init(void)
{
#ifdef HAVE_LIBINTL
#ifdef ENABLE_NLS
setlocale( LC_MESSAGES, "" );
bindtextdomain( PACKAGE, G10_LOCALEDIR );
textdomain( PACKAGE );
......@@ -189,10 +186,7 @@ main( int argc, char **argv )
{ 510, "debug" ,4|16, N_("set debugging flags")},
{ 511, "debug-all" ,0, N_("enable full debugging")},
{ 512, "status-fd" ,1, N_("write status info to this fd") },
{ 513, "gen-prime" , 0, "\r" },
{ 514, "test" , 0, "\r" },
{ 515, "fingerprint", 0, N_("show the fingerprints")},
{ 516, "print-mds" , 0, N_("print all message digests")},
{ 517, "secret-keyring" ,2, N_("add this secret keyring to the list")},
{ 518, "options" , 2, N_("read options from file")},
{ 519, "no-armor", 0, "\r"},
......@@ -207,13 +201,12 @@ main( int argc, char **argv )
{ 528, "pubkey-algo", 2 , N_("select default puplic key algorithm")},
{ 529, "digest-algo", 2 , N_("select default message digest algorithm")},
{ 530, "import", 0 , N_("put public keys into the trustdb")},
{ 531, "list-trustdb",0 , "\r"},
{ 532, "quick-random", 0, "\r"},
{ 533, "list-trust-path",0, "\r"},
{ 534, "no-comment", 0, N_("do not write comment packets")},
{ 535, "completes-needed", 1, N_("(default is 1)")},
{ 536, "marginals-needed", 1, N_("(default is 3)")},
{ 537, "export", 0, N_("export all or the given keys") },
{ 538, "trustdb-name", 2, "\r" },
{0} };
ARGPARSE_ARGS pargs;
......@@ -236,6 +229,7 @@ main( int argc, char **argv )
int default_keyring = 1;
int greeting = 1;
enum cmd_values cmd = 0;
const char *trustdb_name = NULL;
secmem_init( 16384 );
......@@ -331,10 +325,7 @@ main( int argc, char **argv )
case 510: opt.debug |= pargs.r.ret_ulong; break;
case 511: opt.debug = ~0; break;
case 512: set_status_fd( pargs.r.ret_int ); break;
case 513: set_cmd( &cmd, aPrimegen); break;
case 514: set_cmd( &cmd, aTest); break;
case 515: opt.fingerprint = 1; break;
case 516: set_cmd( &cmd, aPrintMDs); break;
case 517: add_secret_keyring(pargs.r.ret_str); sec_nrings++; break;
case 518:
/* config files may not be nested (silently ignore them) */
......@@ -362,13 +353,12 @@ main( int argc, char **argv )
opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str);
break;
case 530: set_cmd( &cmd, aImport); break;
case 531: set_cmd( &cmd, aListTrustDB); break;
case 532: quick_random_gen(1); break;
case 533: set_cmd( &cmd, aListTrustPath); break;
case 534: opt.no_comment=1; break;
case 535: opt.completes_needed = pargs.r.ret_int; break;
case 536: opt.marginals_needed = pargs.r.ret_int; break;
case 537: set_cmd( &cmd, aExport); break;
case 538: trustdb_name = pargs.r.ret_str; break;
default : errors++; pargs.err = configfp? 1:2; break;
}
}
......@@ -453,13 +443,7 @@ main( int argc, char **argv )
}
}
switch( cmd ) {
case aPrimegen:
case aPrintMDs:
break;
case aListTrustDB: rc = init_trustdb( argc? 1:0 ); break;
default: rc = init_trustdb(1); break;
}
rc = init_trustdb(1, trustdb_name );
if( rc )
log_error(_("failed to initialize the TrustDB: %s\n"), g10_errstr(rc));
......@@ -578,46 +562,12 @@ main( int argc, char **argv )
usage(1);
break;
case aPrimegen:
if( argc == 1 ) {
mpi_print( stdout, generate_public_prime( atoi(argv[0]) ), 1);
putchar('\n');
}
else if( argc == 2 ) {
mpi_print( stdout, generate_elg_prime( atoi(argv[0]),
atoi(argv[1]), NULL ), 1);
putchar('\n');
}
else if( argc == 3 ) {
MPI g = mpi_alloc(1);
mpi_print( stdout, generate_elg_prime( atoi(argv[0]),
atoi(argv[1]), g ), 1);
printf("\nGenerator: ");
mpi_print( stdout, g, 1 );
putchar('\n');
mpi_free(g);
}
else
usage(1);
break;
case aPrintMDs:
if( !argc )
print_mds(NULL);
else {
for(; argc; argc--, argv++ )
print_mds(*argv);
}
break;
case aKeygen: /* generate a key (interactive) */
if( argc )
usage(1);
generate_keypair();
break;
case aTest: do_test( argc? atoi(*argv): 0 ); break;
case aImport:
if( !argc )
usage(1);
......@@ -637,22 +587,6 @@ main( int argc, char **argv )
free_strlist(sl);
break;
case aListTrustDB:
if( !argc )
list_trustdb(NULL);
else {
for( ; argc; argc--, argv++ )
list_trustdb( *argv );
}
break;
case aListTrustPath:
if( argc != 2 )
wrong_args("--list-trust-path [-- -]<maxdepth> <username>");
list_trust_path( atoi(*argv), argv[1] );
break;
case aListPackets:
opt.list_packets=1;
default:
......@@ -693,95 +627,3 @@ g10_exit( int rc )
}
static void
print_hex( byte *p, size_t n )
{
int i;
if( n == 20 ) {
for(i=0; i < n ; i++, i++, p += 2 ) {
if( i == 10 )
putchar(' ');
printf(" %02X%02X", *p, p[1] );
}
}
else {
for(i=0; i < n ; i++, p++ ) {
if( i && !(i%8) )
putchar(' ');
printf(" %02X", *p );
}
}
}
static void
print_mds( const char *fname )
{
FILE *fp;
char buf[1024];
size_t n;
MD_HANDLE md;
if( !fname ) {
fp = stdin;
fname = "[stdin]";
}
else
fp = fopen( fname, "rb" );
if( !fp ) {
log_error("%s: %s\n", fname, strerror(errno) );
return;
}
md = md_open( DIGEST_ALGO_MD5, 0 );
md_enable( md, DIGEST_ALGO_RMD160 );
md_enable( md, DIGEST_ALGO_SHA1 );
while( (n=fread( buf, 1, DIM(buf), fp )) )
md_write( md, buf, n );
if( ferror(fp) )
log_error("%s: %s\n", fname, strerror(errno) );
else {
md_final(md);
printf( "%s: MD5 =", fname ); print_hex(md_read(md, DIGEST_ALGO_MD5), 16 );
printf("\n%s: RMD160 =", fname ); print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 );
printf("\n%s: SHA1 =", fname ); print_hex(md_read(md, DIGEST_ALGO_SHA1), 20 );
putchar('\n');
}
md_close(md);
if( fp != stdin )
fclose(fp);
}
static void
do_test(int times)
{
#if 0
MPI t = mpi_alloc( 50 );
MPI m = mpi_alloc( 50 );
MPI a = mpi_alloc( 50 );
MPI b = mpi_alloc( 50 );
MPI p = mpi_alloc( 50 );
MPI x = mpi_alloc( 50 );
/* output = b/(a^x) mod p */
log_debug("invm %d times ", times);
for( ; times > 0; times -- ) {
mpi_fromstr(a, "0xef45678343589854354a4545545454554545455"
"aaaaaaaaaaaaa44444fffdecb33434343443331" );
mpi_fromstr(b, "0x8765765589854354a4545545454554545455"
"aaaaaaa466577778decb36666343443331" );
mpi_invm( t, a, b );
fputc('.', stderr); fflush(stderr);
}
m_check(NULL);
#endif
}
This diff is collapsed.
......@@ -592,8 +592,11 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
}
else
cert->d.elg.is_protected = 0;
n = pktlen; cert->d.elg.x = mpi_read(inp, &n, 1 ); pktlen -=n;
/* It does not make sense to read it into secure memory.
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect him. */
n = pktlen; cert->d.elg.x = mpi_read(inp, &n, 0 ); pktlen -=n;
cert->d.elg.csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
......@@ -646,11 +649,11 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
}
else
cert->d.rsa.is_protected = 0;
n = pktlen; cert->d.rsa.rsa_d = mpi_read(inp, &n, 1 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_p = mpi_read(inp, &n, 1 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_q = mpi_read(inp, &n, 1 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_u = mpi_read(inp, &n, 1 ); pktlen -=n;
/* (See comments at the code for elg keys) */
n = pktlen; cert->d.rsa.rsa_d = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_p = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_q = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->d.rsa.rsa_u = mpi_read(inp, &n, 0 ); pktlen -=n;
cert->d.rsa.csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
......
......@@ -85,6 +85,9 @@ check_elg( PKT_secret_cert *cert )
blowfish_decode_cfb( blowfish_ctx,
cert->d.elg.protect.blowfish.iv,
cert->d.elg.protect.blowfish.iv, 8 );
mpi_set_secure(cert->d.elg.x );
/*fixme: maybe it is better to set the buger secure with a
* new get_buffer_secure() function */
buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL );
csum = checksum_u16( nbytes*8 );
blowfish_decode_cfb( blowfish_ctx, buffer, buffer, nbytes );
......@@ -196,6 +199,7 @@ check_rsa( PKT_secret_cert *cert )
cert->d.rsa.protect.blowfish.iv, 8 );
csum = 0;
#define X(a) do { \
mpi_set_secure(cert->d.rsa.rsa_##a); \
buffer = mpi_get_buffer( cert->d.rsa.rsa_##a, &nbytes, NULL );\
csum += checksum_u16( nbytes*8 ); \
blowfish_decode_cfb( blowfish_ctx, buffer, buffer, nbytes ); \
......
......@@ -371,10 +371,16 @@ dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
case RECTYPE_VER: fprintf(fp, "version\n");
break;
case RECTYPE_DIR:
fprintf(fp, "dir keyid=%08lx, key=%lu, ctl=%lu, sig=%lu%s\n",
fprintf(fp, "dir keyid=%08lx, key=%lu, ctl=%lu, sig=%lu",
rec->r.dir.keyid[1],
rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec,
rec->r.dir.no_sigs?" (inv sigs)":"");
rec->r.dir.keyrec, rec->r.dir.ctlrec, rec->r.dir.sigrec );
if( rec->r.dir.no_sigs == 1 )
fputs(", (none)", fp );
else if( rec->r.dir.no_sigs == 2 )
fputs(", (invalid)", fp );
else if( rec->r.dir.no_sigs )
fputs(", (revoked)", fp );
putc('\n', fp);
break;
case RECTYPE_KEY: fprintf(fp, "key keyid=%08lx, own=%lu, ownertrust=%02x\n",
rec->r.key.keyid[1],
......@@ -643,7 +649,7 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
TRUSTREC keyrec;
if( read_record( rec->r.dir.keyrec, &keyrec, RECTYPE_KEY ) ) {
log_error("%lu: ooops: invalid dir record\n", recnum );
log_error("%lu: ooops: invalid key record\n", recnum );
break;
}
if( keyrec.r.key.pubkey_algo == pkc->pubkey_algo
......@@ -748,6 +754,8 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
if( !c->sigrec && create && !r->r.dir.no_sigs ) {
rc = build_sigrecs( c->local_id );
if( rc ) {
if( rc == G10ERR_BAD_CERT )
rc = -1; /* maybe no selcficnature */
if( rc != -1 )
log_info("%lu: error building sigs on the fly: %s\n",
c->local_id, g10_errstr(rc) );
......@@ -1088,6 +1096,10 @@ check_sigs( KBNODE keyblock, int *selfsig_okay )
int selfsig;
rc = check_key_signature( keyblock, node, &selfsig );
if( !rc ) {
rc = set_signature_packets_local_id( node->pkt->pkt.signature );
if( rc )
log_fatal("set_signature_packets_local_id failed: %s\n",
g10_errstr(rc));
if( selfsig ) {
node->flag |= 2; /* mark signature valid */
*selfsig_okay = 1;
......@@ -1101,9 +1113,10 @@ check_sigs( KBNODE keyblock, int *selfsig_okay )
node->flag |= 4; /* mark as duplicate */
}
if( DBG_TRUST )
log_debug("trustdb: sig from %08lX: %s\n",
log_debug("trustdb: sig from %08lX(%lu): %s%s\n",
(ulong)node->pkt->pkt.signature->keyid[1],
g10_errstr(rc) );
node->pkt->pkt.signature->local_id,
g10_errstr(rc), (node->flag&4)?" (dup)":"" );
}
}
if( dups )
......@@ -1128,6 +1141,7 @@ build_sigrecs( ulong pubkeyid )
int rc=0;
int i, selfsig;
ulong rnum, rnum2;
ulong first_sigrec = 0;
if( DBG_TRUST )
log_debug("trustdb: build_sigrecs for pubkey %lu\n", (ulong)pubkeyid );
......@@ -1164,11 +1178,11 @@ build_sigrecs( ulong pubkeyid )
}
if( !selfsig ) {
log_error("build_sigrecs: self-certificate missing\n" );
update_no_sigs( pubkeyid, 1 );
update_no_sigs( pubkeyid, 2 );
rc = G10ERR_BAD_CERT;
goto leave;
}
update_no_sigs( pubkeyid, 0 );
update_no_sigs( pubkeyid, 0 ); /* assume we have sigs */
/* valid key signatures are now marked; we can now build the
* sigrecs */
......@@ -1203,6 +1217,8 @@ build_sigrecs( ulong pubkeyid )
log_error("build_sigrecs: write_record failed\n" );
goto leave;
}
if( !first_sigrec )
first_sigrec = rnum2;
}
rec2 = rec;
rnum2 = rnum;
......@@ -1226,6 +1242,8 @@ build_sigrecs( ulong pubkeyid )
log_error("build_sigrecs: write_record failed\n" );
goto leave;
}
if( !first_sigrec )
first_sigrec = rnum2;
}
if( i ) { /* write the pending record */
rec.r.sig.owner = pubkeyid;
......@@ -1235,8 +1253,24 @@ build_sigrecs( ulong pubkeyid )
log_error("build_sigrecs: write_record failed\n" );
goto leave;
}
if( !first_sigrec )
first_sigrec = rnum;
}
}
if( first_sigrec ) {
/* update the dir record */
if( (rc =read_record( pubkeyid, &rec, RECTYPE_DIR )) ) {
log_error("update_dir_record: read failed\n");
goto leave;
}
rec.r.dir.sigrec = first_sigrec;
if( (rc=write_record( pubkeyid, &rec )) ) {
log_error("update_dir_record: write failed\n");
goto leave;
}
}
else
update_no_sigs( pubkeyid, 1 ); /* no signatures */
leave:
m_free( finfo );
......@@ -1309,7 +1343,7 @@ static int