From 7c92d7381408b375d158dd3aedfa61d340ed3750 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Tue, 9 Apr 2019 13:08:20 +0200 Subject: openpgp: Guard signature verifications with a time. - In the streaming verifier and decryptor, check that signatures (and binding signatures) are valid at the given time. - Fixes #247. --- tool/src/commands/decrypt.rs | 2 +- tool/src/commands/mod.rs | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'tool/src/commands') diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs index 50dae859..8bdb6c95 100644 --- a/tool/src/commands/decrypt.rs +++ b/tool/src/commands/decrypt.rs @@ -207,7 +207,7 @@ pub fn decrypt(ctx: &Context, store: &mut store::Store, -> Result<()> { let helper = Helper::new(ctx, store, signatures, tpks, secrets, dump_session_key, dump, hex); - let mut decryptor = Decryptor::from_reader(input, helper) + let mut decryptor = Decryptor::from_reader(input, helper, None) .context("Decryption failed")?; io::copy(&mut decryptor, output) diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index aa60b5d2..172e9042 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -280,7 +280,6 @@ impl<'a> VerificationHelper for VHelper<'a> { let issuer = issuer .expect("missing key checksum has an issuer"); eprintln!("No key to check {} from {}", what, issuer); - assert!(! trusted); self.unknown_checksums += 1; }, BadChecksum(_) => { @@ -321,9 +320,9 @@ pub fn verify(ctx: &Context, store: &mut store::Store, -> Result<()> { let helper = VHelper::new(ctx, store, signatures, tpks); let mut verifier = if let Some(dsig) = detached { - DetachedVerifier::from_reader(dsig, input, helper)? + DetachedVerifier::from_reader(dsig, input, helper, None)? } else { - Verifier::from_reader(input, helper)? + Verifier::from_reader(input, helper, None)? }; io::copy(&mut verifier, output) -- cgit v1.2.3