security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Pass CTRL object down to the trust functions 

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-05-21 11:41:49 +02:00
parent fd973ee1c1
commit 027c4e5552
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
16 changed files with 180 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/gpg.c
View File

@ -4432,12 +4432,12 @@ main (int argc, char **argv)
case aUpdateTrustDB:
if( argc )
wrong_args("--update-trustdb");
update_trustdb();
update_trustdb (ctrl);
break;
case aCheckTrustDB:
/* Old versions allowed for arguments - ignore them */
check_trustdb();
check_trustdb (ctrl);
break;
case aFixTrustDB:

17
g10/gpgv.c
View File

@ -247,8 +247,9 @@ g10_exit( int rc )
* this utility assumes that all keys in the keyring are trustworthy
*/
int
check_signatures_trust( PKT_signature *sig )
check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
{
(void)ctrl;
(void)sig;
return 0;
}
@ -280,22 +281,25 @@ cache_disabled_value(PKT_public_key *pk)
}
void
check_trustdb_stale(void)
check_trustdb_stale (ctrl_t ctrl)
{
(void)ctrl;
}
int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{
(void)ctrl;
(void)pk;
(void)uid;
return '?';
}
unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
int may_ask)
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask)
{
(void)ctrl;
(void)pk;
(void)uid;
(void)sig;
@ -311,8 +315,9 @@ trust_value_to_string (unsigned int value)
}
const char *
uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
{
(void)ctrl;
(void)key;
(void)uid;
return "err";

2
g10/import.c
View File

@ -249,7 +249,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
interactive or by not setting no-auto-check-trustdb */
if (!(options & IMPORT_FAST))
check_or_update_trustdb ();
check_or_update_trustdb (ctrl);
return rc;
}

2
g10/keydb.h
View File

@ -222,7 +222,7 @@ gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
/*-- pkclist.c --*/
void show_revocation_reason( PKT_public_key *pk, int mode );
int check_signatures_trust( PKT_signature *sig );
int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
void release_pk_list (PK_LIST pk_list);
int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);

61
g10/keyedit.c
View File

@ -51,7 +51,8 @@
static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig,
int verbose);
static void show_names (estream_t fp, KBNODE keyblock, PKT_public_key * pk,
static void show_names (ctrl_t ctrl, estream_t fp,
kbnode_t keyblock, PKT_public_key * pk,
unsigned int flag, int with_prefs);
static void show_key_with_all_names (ctrl_t ctrl, estream_t fp,
KBNODE keyblock, int only_marked,
@ -61,8 +62,8 @@ static void show_key_with_all_names (ctrl_t ctrl, estream_t fp,
static void show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys);
static void show_key_and_grip (kbnode_t keyblock);
static void subkey_expire_warning (kbnode_t keyblock);
static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name,
const char *uidstr);
static int menu_adduid (ctrl_t ctrl, kbnode_t keyblock,
int photo, const char *photo_name, const char *uidstr);
static void menu_deluid (KBNODE pub_keyblock);
static int menu_delsig (KBNODE pub_keyblock);
static int menu_clean (KBNODE keyblock, int self_only);
@ -85,13 +86,13 @@ static int count_selected_uids (KBNODE keyblock);
static int real_uids_left (KBNODE keyblock);
static int count_selected_keys (KBNODE keyblock);
static int menu_revsig (KBNODE keyblock);
static int menu_revuid (KBNODE keyblock);
static int menu_revuid (ctrl_t ctrl, kbnode_t keyblock);
static int menu_revkey (KBNODE pub_keyblock);
static int menu_revsubkey (KBNODE pub_keyblock);
#ifndef NO_TRUST_MODELS
static int enable_disable_key (KBNODE keyblock, int disable);
#endif /*!NO_TRUST_MODELS*/
static void menu_showphoto (KBNODE keyblock);
static void menu_showphoto (ctrl_t ctrl, kbnode_t keyblock);
static int update_trust = 0;
@ -2022,7 +2023,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
and run the stale check as early as possible. Note, that for
non- W32 platforms it is run indirectly trough a call to
get_validity (). */
check_trustdb_stale ();
check_trustdb_stale (ctrl);
#endif
/* Get the public key */
@ -2295,7 +2296,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
photo = 1;
/* fall through */
case cmdADDUID:
if (menu_adduid (keyblock, photo, arg_string, NULL))
if (menu_adduid (ctrl, keyblock, photo, arg_string, NULL))
{
update_trust = 1;
redisplay = 1;
@ -2537,7 +2538,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
n1 > 1 ? _("Really revoke all selected user IDs? (y/N) ")
: _("Really revoke this user ID? (y/N) ")))
{
if (menu_revuid (keyblock))
if (menu_revuid (ctrl, keyblock))
{
modified = 1;
redisplay = 1;
@ -2631,7 +2632,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
show_key_with_all_names (ctrl, NULL, keyblock, 0, 0, 0, 1, 0, 0);
tty_printf ("\n");
if (edit_ownertrust (find_kbnode (keyblock,
if (edit_ownertrust (ctrl, find_kbnode (keyblock,
PKT_PUBLIC_KEY)->pkt->pkt.
public_key, 1))
{
@ -2648,7 +2649,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{
int count = count_selected_uids (keyblock);
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
show_names (ctrl, NULL, keyblock, keyblock->pkt->pkt.public_key,
count ? NODFLG_SELUID : 0, 1);
}
break;
@ -2657,7 +2658,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{
int count = count_selected_uids (keyblock);
log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
show_names (NULL, keyblock, keyblock->pkt->pkt.public_key,
show_names (ctrl, NULL, keyblock, keyblock->pkt->pkt.public_key,
count ? NODFLG_SELUID : 0, 2);
}
break;
@ -2733,7 +2734,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
#endif /*!NO_TRUST_MODELS*/
case cmdSHOWPHOTO:
menu_showphoto (keyblock);
menu_showphoto (ctrl, keyblock);
break;
case cmdCLEAN:
@ -2863,7 +2864,7 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
#ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */
check_trustdb_stale ();
check_trustdb_stale (ctrl);
#endif
/* Search the key; we don't want the whole getkey stuff here. */
@ -2914,7 +2915,7 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
fix_keyblock (&keyblock);
if (menu_adduid (keyblock, 0, NULL, uidstring))
if (menu_adduid (ctrl, keyblock, 0, NULL, uidstring))
{
err = keydb_update_keyblock (kdbhd, keyblock);
if (err)
@ -2956,7 +2957,7 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
#ifdef HAVE_W32_SYSTEM
/* See keyedit_menu for why we need this. */
check_trustdb_stale ();
check_trustdb_stale (ctrl);
#endif
/* We require a fingerprint because only this uniquely identifies a
@ -3371,7 +3372,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
es_putc ('e', fp);
else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks))
{
int trust = get_validity_info (pk, NULL);
int trust = get_validity_info (ctrl, pk, NULL);
if (trust == 'u')
ulti_hack = 1;
es_putc (trust, fp);
@ -3430,7 +3431,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
int uid_validity;
if (primary && !ulti_hack)
uid_validity = get_validity_info (primary, uid);
uid_validity = get_validity_info (ctrl, primary, uid);
else
uid_validity = 'u';
es_fprintf (fp, "%c::::::::", uid_validity);
@ -3497,8 +3498,8 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
static void
show_names (estream_t fp,
KBNODE keyblock, PKT_public_key * pk, unsigned int flag,
show_names (ctrl_t ctrl, estream_t fp,
kbnode_t keyblock, PKT_public_key * pk, unsigned int flag,
int with_prefs)
{
KBNODE node;
@ -3513,7 +3514,7 @@ show_names (estream_t fp,
if (!flag || (flag && (node->flag & flag)))
{
if (!(flag & NODFLG_MARK_A) && pk)
tty_fprintf (fp, "%s ", uid_trust_string_fixed (pk, uid));
tty_fprintf (fp, "%s ", uid_trust_string_fixed (ctrl, pk, uid));
if (flag & NODFLG_MARK_A)
tty_fprintf (fp, " ");
@ -3600,12 +3601,12 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
* output */
static int did_warn = 0;
trust = get_validity_string (pk, NULL);
trust = get_validity_string (ctrl, pk, NULL);
otrust = get_ownertrust_string (pk);
/* Show a warning once */
if (!did_warn
&& (get_validity (pk, NULL, NULL, 0)
&& (get_validity (ctrl, pk, NULL, NULL, 0)
& TRUST_FLAG_PENDING_CHECK))
{
did_warn = 1;
@ -3792,7 +3793,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
}
}
show_names (fp,
show_names (ctrl, fp,
keyblock, primary, only_marked ? NODFLG_MARK_A : 0, with_prefs);
if (do_warn && !nowarn)
@ -4037,8 +4038,8 @@ subkey_expire_warning (kbnode_t keyblock)
* user id.
*/
static int
menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name,
const char *uidstring)
menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock,
int photo, const char *photo_name, const char *uidstring)
{
PKT_user_id *uid;
PKT_public_key *pk = NULL;
@ -4100,7 +4101,7 @@ menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name,
}
}
uid = generate_photo_id (pk, photo_name);
uid = generate_photo_id (ctrl, pk, photo_name);
}
else
uid = generate_user_id (pub_keyblock, uidstring);
@ -6015,7 +6016,7 @@ reloop: /* (must use this, because we are modifing the list) */
/* Revoke a user ID (i.e. revoke a user ID selfsig). Return true if
keyblock changed. */
static int
menu_revuid (KBNODE pub_keyblock)
menu_revuid (ctrl_t ctrl, kbnode_t pub_keyblock)
{
PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
KBNODE node;
@ -6096,7 +6097,7 @@ menu_revuid (KBNODE pub_keyblock)
/* If the trustdb has an entry for this key+uid then the
trustdb needs an update. */
if (!update_trust
&& (get_validity (pk, uid, NULL, 0) & TRUST_MASK) >=
&& (get_validity (ctrl, pk, uid, NULL, 0) & TRUST_MASK) >=
TRUST_UNDEFINED)
update_trust = 1;
#endif /*!NO_TRUST_MODELS*/
@ -6258,7 +6259,7 @@ enable_disable_key (KBNODE keyblock, int disable)
static void
menu_showphoto (KBNODE keyblock)
menu_showphoto (ctrl_t ctrl, kbnode_t keyblock)
{
KBNODE node;
int select_all = !count_selected_uids (keyblock);
@ -6295,7 +6296,7 @@ menu_showphoto (KBNODE keyblock)
"key %s (uid %d)\n"),
image_type_to_string (type, 1),
(ulong) size, keystr_from_pk (pk), count);
show_photos (&uid->attribs[i], 1, pk, uid);
show_photos (ctrl, &uid->attribs[i], 1, pk, uid);
}
}
}

27
g10/keylist.c
View File

@ -130,7 +130,7 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
is very bad for W32 because of a sharing violation. For real OSes
it might lead to false results if we are later listing a keyring
which is associated with the inode of a deleted file. */
check_trustdb_stale ();
check_trustdb_stale (ctrl);
#ifdef USE_TOFU
tofu_begin_batch_update ();
@ -154,7 +154,7 @@ secret_key_list (ctrl_t ctrl, strlist_t list)
{
(void)ctrl;
check_trustdb_stale ();
check_trustdb_stale (ctrl);
if (!list)
list_all (ctrl, 1, 0);
@ -1010,7 +1010,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock)
static void
list_keyblock_print (KBNODE keyblock, int secret, int fpr,
list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
struct keylist_context *listctx)
{
int rc;
@ -1051,7 +1051,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
else
s2k_char = ' ';
check_trustdb_stale ();
check_trustdb_stale (ctrl);
es_fprintf (es_stdout, "%s%c %s/%s %s",
@ -1088,7 +1088,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
include, but it looks sort of confusing in the listing... */
if (opt.list_options & LIST_SHOW_VALIDITY)
{
int validity = get_validity (pk, NULL, NULL, 0);
int validity = get_validity (ctrl, pk, NULL, NULL, 0);
es_fprintf (es_stdout, " [%s]", trust_value_to_string (validity));
}
#endif
@ -1134,9 +1134,9 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
{
const char *validity;
validity = uid_trust_string_fixed (pk, uid);
validity = uid_trust_string_fixed (ctrl, pk, uid);
indent = ((keystrlen () + (opt.legacy_list_mode? 9:11))
- atoi (uid_trust_string_fixed (NULL, NULL)));
- atoi (uid_trust_string_fixed (ctrl, NULL, NULL)));
if (indent < 0 || indent > 40)
indent = 0;
@ -1174,7 +1174,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
}
if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
show_photos (uid->attribs, uid->numattribs, pk, uid);
show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
}
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
@ -1390,7 +1390,8 @@ print_revokers (estream_t fp, PKT_public_key * pk)
record (i.e. requested via --list-secret-key). If HAS_SECRET a
secret key is available even if SECRET is not set. */
static void
list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
int secret, int has_secret, int fpr)
{
int rc;
KBNODE kbctx;
@ -1437,7 +1438,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
;
else
{
trustletter = get_validity_info (pk, NULL);
trustletter = get_validity_info (ctrl, pk, NULL);
if (trustletter == 'u')
ulti_hack = 1;
es_putc (trustletter, es_stdout);
@ -1519,7 +1520,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
int uid_validity;
if (!ulti_hack)
uid_validity = get_validity_info (pk, uid);
uid_validity = get_validity_info (ctrl, pk, uid);
else
uid_validity = 'u';
es_fprintf (es_stdout, "%s:%c::::", str, uid_validity);
@ -1814,9 +1815,9 @@ list_keyblock (ctrl_t ctrl,
if (opt.print_pka_records || opt.print_dane_records)
list_keyblock_pka (ctrl, keyblock);
else if (opt.with_colons)
list_keyblock_colon (keyblock, secret, has_secret, fpr);
list_keyblock_colon (ctrl, keyblock, secret, has_secret, fpr);
else
list_keyblock_print (keyblock, secret, fpr, listctx);
list_keyblock_print (ctrl, keyblock, secret, fpr, listctx);
if (secret)
es_fflush (es_stdout);
}

4
g10/keyserver.c
View File

@ -1464,7 +1464,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
/* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */
if(!(opt.keyserver_options.import_options&IMPORT_FAST))
check_or_update_trustdb ();
check_or_update_trustdb (ctrl);
return err;
}
@ -1885,7 +1885,7 @@ keyserver_fetch (ctrl_t ctrl, strlist_t urilist)
/* If the original options didn't have fast import, and the trustdb
is dirty, rebuild. */
if (!(opt.keyserver_options.import_options&IMPORT_FAST))
check_or_update_trustdb ();
check_or_update_trustdb (ctrl);
return 0;
}

62
g10/mainproc.c
View File

@ -1002,7 +1002,7 @@ list_node (CTX c, kbnode_t node)
keyid_from_pk( pk, keyid );
if (mainkey)
c->trustletter = (opt.fast_list_mode?
0 : get_validity_info( pk, NULL));
0 : get_validity_info (c->ctrl, pk, NULL));
es_printf ("%s:", mainkey? "pub":"sub" );
if (c->trustletter)
es_putc (c->trustletter, es_stdout);
@ -1603,31 +1603,31 @@ check_sig_and_print (CTX c, kbnode_t node)
}
/* Check that the message composition is valid.
Per RFC-2440bis (-15) allowed:
S{1,n} -- detached signature.
S{1,n} P -- old style PGP2 signature
O{1,n} P S{1,n} -- standard OpenPGP signature.
C P S{1,n} -- cleartext signature.
O = One-Pass Signature packet.
S = Signature packet.
P = OpenPGP Message packet (Encrypted | Compressed | Literal)
(Note that the current rfc2440bis draft also allows
for a signed message but that does not work as it
introduces ambiguities.)
We keep track of these packages using the marker packet
CTRLPKT_PLAINTEXT_MARK.
C = Marker packet for cleartext signatures.
We reject all other messages.
Actually we are calling this too often, i.e. for verification of
each message but better have some duplicate work than to silently
introduce a bug here.
*/
*
* Per RFC-2440bis (-15) allowed:
*
* S{1,n} -- detached signature.
* S{1,n} P -- old style PGP2 signature
* O{1,n} P S{1,n} -- standard OpenPGP signature.
* C P S{1,n} -- cleartext signature.
*
*
* O = One-Pass Signature packet.
* S = Signature packet.
* P = OpenPGP Message packet (Encrypted | Compressed | Literal)
* (Note that the current rfc2440bis draft also allows
* for a signed message but that does not work as it
* introduces ambiguities.)
* We keep track of these packages using the marker packet
* CTRLPKT_PLAINTEXT_MARK.
* C = Marker packet for cleartext signatures.
*
* We reject all other messages.
*
* Actually we are calling this too often, i.e. for verification of
* each message but better have some duplicate work than to silently
* introduce a bug here.
*/
{
kbnode_t n;
int n_onepass, n_sig;
@ -1871,7 +1871,7 @@ check_sig_and_print (CTX c, kbnode_t node)
does not print a LF we need to compute the validity
before calling that function. */
if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
valid = get_validity (pk, un->pkt->pkt.user_id, NULL, 0);
valid = get_validity (c->ctrl, pk, un->pkt->pkt.user_id, NULL, 0);
else
valid = 0; /* Not used. */
@ -1950,7 +1950,8 @@ check_sig_and_print (CTX c, kbnode_t node)
dump_attribs (un->pkt->pkt.user_id, pk);
if (opt.verify_options&VERIFY_SHOW_PHOTOS)
show_photos (un->pkt->pkt.user_id->attribs,
show_photos (c->ctrl,
un->pkt->pkt.user_id->attribs,
un->pkt->pkt.user_id->numattribs,
pk ,un->pkt->pkt.user_id);
}
@ -1973,7 +1974,8 @@ check_sig_and_print (CTX c, kbnode_t node)
actually ask the user to update any trust
information. */
valid = (trust_value_to_string
(get_validity (pk, un->pkt->pkt.user_id, sig, 0)));
(get_validity (c->ctrl, pk,
un->pkt->pkt.user_id, sig, 0)));
log_printf (" [%s]\n",valid);
}
else
@ -2061,7 +2063,7 @@ check_sig_and_print (CTX c, kbnode_t node)
{
if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
rc = check_signatures_trust (sig);
rc = check_signatures_trust (c->ctrl, sig);
}
/* Print extra information about the signature. */

13
g10/photoid.c
View File

@ -48,7 +48,7 @@
/* Generate a new photo id packet, or return NULL if canceled.
FIXME: Should we add a duplicates check similar to generate_user_id? */
PKT_user_id *
generate_photo_id(PKT_public_key *pk,const char *photo_name)
generate_photo_id (ctrl_t ctrl, PKT_public_key *pk,const char *photo_name)
{
PKT_user_id *uid;
int error=1,i;
@ -163,7 +163,7 @@ generate_photo_id(PKT_public_key *pk,const char *photo_name)
"user" may not be able to dismiss a viewer window! */
if(opt.command_fd==-1)
{
show_photos (uid->attribs, uid->numattribs, pk, uid);
show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid);
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
_("Is this photo correct (y/N/q)? ")))
{
@ -286,9 +286,10 @@ static const char *get_default_photo_command(void)
}
#endif
void
show_photos(const struct user_attribute *attrs, int count,
PKT_public_key *pk, PKT_user_id *uid)
show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
PKT_public_key *pk, PKT_user_id *uid)
{
#ifdef DISABLE_PHOTO_VIEWER
(void)attrs;
@ -303,8 +304,8 @@ show_photos(const struct user_attribute *attrs, int count,
memset (&args, 0, sizeof(args));
args.pk = pk;
args.validity_info = get_validity_info (pk, uid);
args.validity_string = get_validity_string (pk, uid);
args.validity_info = get_validity_info (ctrl, pk, uid);
args.validity_string = get_validity_string (ctrl, pk, uid);
namehash_from_uid (uid);
args.namehash = uid->namehash;

5
g10/photoid.h
View File

@ -24,10 +24,11 @@
#include "packet.h"
PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename);
PKT_user_id *generate_photo_id (ctrl_t ctrl,
PKT_public_key *pk,const char *filename);
int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
char *image_type_to_string(byte type,int style);
void show_photos (const struct user_attribute *attrs, int count,
void show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
PKT_public_key *pk, PKT_user_id *uid);
#endif /* !_PHOTOID_H_ */

17
g10/pkclist.c
View File

@ -178,7 +178,7 @@ show_revocation_reason( PKT_public_key *pk, int mode )
*/
#ifndef NO_TRUST_MODELS
static int
do_edit_ownertrust (PKT_public_key *pk, int mode,
do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
unsigned *new_trust, int defer_help )
{
char *p;
@ -248,7 +248,8 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
if((opt.verify_options&VERIFY_SHOW_PHOTOS)
&& un->pkt->pkt.user_id->attrib_data)
show_photos (un->pkt->pkt.user_id->attribs,
show_photos (ctrl,
un->pkt->pkt.user_id->attribs,
un->pkt->pkt.user_id->numattribs, pk,
un->pkt->pkt.user_id);
@ -376,14 +377,14 @@ do_edit_ownertrust (PKT_public_key *pk, int mode,
*/
#ifndef NO_TRUST_MODELS
int
edit_ownertrust (PKT_public_key *pk, int mode )
edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode )
{
unsigned int trust = 0;
int no_help = 0;
for(;;)
{
switch ( do_edit_ownertrust (pk, mode, &trust, no_help ) )
switch ( do_edit_ownertrust (ctrl, pk, mode, &trust, no_help ) )
{
case -1: /* quit */
return -1;
@ -526,7 +527,7 @@ write_trust_status (int statuscode, int trustlevel)
* Returns an error code if we should not trust this signature.
*/
int
check_signatures_trust( PKT_signature *sig )
check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
{
PKT_public_key *pk = xmalloc_clear( sizeof *pk );
unsigned int trustlevel = TRUST_UNKNOWN;
@ -553,7 +554,7 @@ check_signatures_trust( PKT_signature *sig )
log_info(_("WARNING: this key might be revoked (revocation key"
" not present)\n"));
trustlevel = get_validity (pk, NULL, sig, 1);
trustlevel = get_validity (ctrl, pk, NULL, sig, 1);
if ( (trustlevel & TRUST_FLAG_REVOKED) )
{
@ -845,7 +846,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
}
/* Key found and usable. Check validity. */
trustlevel = get_validity (pk, pk->user_id, NULL, 1);
trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) )
{
/* Key has been disabled. */
@ -1183,7 +1184,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
{ /* Check validity of this key. */
int trustlevel;
trustlevel = get_validity (pk, pk->user_id, NULL, 1);
trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) )
{
tty_printf (_("Public key is disabled.\n") );

3
g10/seskey.c
View File

@ -347,6 +347,9 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
return NULL;
if ( gcry_md_algo_info (hash_algo, GCRYCTL_GET_ASNOID, asn, &asnlen) )
BUG();
log_debug ("%s: hash_algo=%d pk=%p\n", __func__, hash_algo, pk);
log_debug ("%s: pk->pkey[0]=%p\n", __func__, pk->pkey[0]);
gcry_log_debugmpi ("pkey[0]", pk->pkey[0]);
frame = do_encode_md (md, hash_algo, gcry_md_get_algo_dlen (hash_algo),
gcry_mpi_get_nbits (pk->pkey[0]), asn, asnlen);
xfree (asn);

17
g10/test-stubs.c
View File

@ -58,8 +58,9 @@ g10_exit( int rc )
* this utility assumes that all keys in the keyring are trustworthy
*/
int
check_signatures_trust( PKT_signature *sig )
check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
{
(void)ctrl;
(void)sig;
return 0;
}
@ -91,22 +92,25 @@ cache_disabled_value(PKT_public_key *pk)
}
void
check_trustdb_stale(void)
check_trustdb_stale (ctrl_t ctrl)
{
(void)ctrl;
}
int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{
(void)ctrl;
(void)pk;
(void)uid;
return '?';
}
unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
int may_ask)
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask)
{
(void)ctrl;
(void)pk;
(void)uid;
(void)sig;
@ -122,8 +126,9 @@ trust_value_to_string (unsigned int value)
}
const char *
uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
{
(void)ctrl;
(void)key;
(void)uid;
return "err";

30
g10/trust.c
View File

@ -131,7 +131,7 @@ string_to_trust_value (const char *str)
const char *
uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
{
if (!key && !uid)
{
@ -151,7 +151,7 @@ uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid)
return _("[ expired]");
else if(key)
{
switch (get_validity (key, uid, NULL, 0) & TRUST_MASK)
switch (get_validity (ctrl, key, uid, NULL, 0) & TRUST_MASK)
{
case TRUST_UNKNOWN: return _("[ unknown]");
case TRUST_EXPIRED: return _("[ expired]");
@ -275,19 +275,23 @@ revalidation_mark (void)
void
check_trustdb_stale (void)
check_trustdb_stale (ctrl_t ctrl)
{
#ifndef NO_TRUST_MODELS
tdb_check_trustdb_stale ();
tdb_check_trustdb_stale (ctrl);
#else
(void)ctrl;
#endif
}
void
check_or_update_trustdb (void)
check_or_update_trustdb (ctrl_t ctrl)
{
#ifndef NO_TRUST_MODELS
tdb_check_or_update ();
tdb_check_or_update (ctrl);
#else
(void)ctrl;
#endif
}
@ -298,8 +302,8 @@ check_or_update_trustdb (void)
* otherwise, a reasonable value for the entire key is returned.
*/
unsigned int
get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
int may_ask)
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask)
{
int rc;
unsigned int validity;
@ -331,7 +335,7 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
#ifdef NO_TRUST_MODELS
validity = TRUST_UNKNOWN;
#else
validity = tdb_get_validity_core (pk, uid, main_pk, sig, may_ask);
validity = tdb_get_validity_core (ctrl, pk, uid, main_pk, sig, may_ask);
#endif
leave:
@ -353,14 +357,14 @@ get_validity (PKT_public_key *pk, PKT_user_id *uid, PKT_signature *sig,
int
get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{
int trustlevel;
if (!pk)
return '?'; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid, NULL, 0);
trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED))
return 'r';
return trust_letter (trustlevel);
@ -368,14 +372,14 @@ get_validity_info (PKT_public_key *pk, PKT_user_id *uid)
const char *
get_validity_string (PKT_public_key *pk, PKT_user_id *uid)
get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{
int trustlevel;
if (!pk)
return "err"; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (pk, uid, NULL, 0);
trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED))
return _("revoked");
return trust_value_to_string (trustlevel);

41
g10/trustdb.c
View File

@ -70,7 +70,7 @@ static struct key_item *utk_list; /* all ultimately trusted keys */
static int pending_check_trustdb;
static int validate_keys (int interactive);
static int validate_keys (ctrl_t ctrl, int interactive);
/**********************************************
@ -494,7 +494,7 @@ init_trustdb ()
* when a check is due. This can be used to run the check from a crontab
*/
void
check_trustdb ()
check_trustdb (ctrl_t ctrl)
{
init_trustdb();
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
@ -519,7 +519,7 @@ check_trustdb ()
}
}
validate_keys (0);
validate_keys (ctrl, 0);
}
else
log_info (_("no need for a trustdb check with '%s' trust model\n"),
@ -531,12 +531,12 @@ check_trustdb ()
* Recreate the WoT.
*/
void
update_trustdb()
update_trustdb (ctrl_t ctrl)
{
init_trustdb();
init_trustdb ();
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (1);
validate_keys (ctrl, 1);
else
log_info (_("no need for a trustdb update with '%s' trust model\n"),
trust_model_string(opt.trust_model));
@ -565,14 +565,14 @@ trustdb_pending_check(void)
/* If the trustdb is dirty, and we're interactive, update it.
Otherwise, check it unless no-auto-check-trustdb is set. */
void
tdb_check_or_update (void)
tdb_check_or_update (ctrl_t ctrl)
{
if(trustdb_pending_check())
if (trustdb_pending_check ())
{
if(opt.interactive)
update_trustdb();
else if(!opt.no_auto_check_trustdb)
check_trustdb();
if (opt.interactive)
update_trustdb (ctrl);
else if (!opt.no_auto_check_trustdb)
check_trustdb (ctrl);
}
}
@ -938,7 +938,7 @@ tdb_cache_disabled_value (PKT_public_key *pk)
void
tdb_check_trustdb_stale (void)
tdb_check_trustdb_stale (ctrl_t ctrl)
{
static int did_nextcheck=0;
@ -968,7 +968,7 @@ tdb_check_trustdb_stale (void)
{
if (!opt.quiet)
log_info (_("checking the trustdb\n"));
validate_keys (0);
validate_keys (ctrl, 0);
}
}
}
@ -981,7 +981,8 @@ tdb_check_trustdb_stale (void)
* by the TOFU code to record statistics.
*/
unsigned int
tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
tdb_get_validity_core (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk,
PKT_signature *sig,
int may_ask)
@ -1008,7 +1009,7 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return TRUST_UNKNOWN;
check_trustdb_stale();
check_trustdb_stale (ctrl);
if(opt.trust_model==TM_DIRECT)
{
@ -1267,7 +1268,7 @@ enum_cert_paths_print (void **context, FILE *fp,
****************************************/
static int
ask_ownertrust (u32 *kid,int minimum)
ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
{
PKT_public_key *pk;
int rc;
@ -1291,7 +1292,7 @@ ask_ownertrust (u32 *kid,int minimum)
}
else
{
ot=edit_ownertrust(pk,0);
ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0)
ot = tdb_get_ownertrust (pk);
else if(ot==0)
@ -1881,7 +1882,7 @@ reset_trust_records(void)
*
*/
static int
validate_keys (int interactive)
validate_keys (ctrl_t ctrl, int interactive)
{
int rc = 0;
int quit=0;
@ -1989,7 +1990,7 @@ validate_keys (int interactive)
if (interactive && k->ownertrust == TRUST_UNKNOWN)
{
k->ownertrust = ask_ownertrust (k->kid,min);
k->ownertrust = ask_ownertrust (ctrl, k->kid,min);
if (k->ownertrust == (unsigned int)(-1))
{

27
g10/trustdb.h
View File

@ -83,20 +83,22 @@ void register_trusted_key (const char *string);
const char *trust_value_to_string (unsigned int value);
int string_to_trust_value (const char *str);
const char *uid_trust_string_fixed (PKT_public_key *key, PKT_user_id *uid);
const char *uid_trust_string_fixed (ctrl_t ctrl,
PKT_public_key *key, PKT_user_id *uid);
unsigned int get_ownertrust (PKT_public_key *pk);
void update_ownertrust (PKT_public_key *pk, unsigned int new_trust);
int clear_ownertrusts (PKT_public_key *pk);
void revalidation_mark (void);
void check_trustdb_stale (void);
void check_or_update_trustdb (void);
void check_trustdb_stale (ctrl_t ctrl);
void check_or_update_trustdb (ctrl_t ctrl);
unsigned int get_validity (PKT_public_key *pk, PKT_user_id *uid,
unsigned int get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask);
int get_validity_info (PKT_public_key *pk, PKT_user_id *uid);
const char *get_validity_string (PKT_public_key *pk, PKT_user_id *uid);
int get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid);
const char *get_validity_string (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid);
void mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
u32 *main_kid, struct key_item *klist,
@ -115,22 +117,23 @@ void tdb_register_trusted_keyid (u32 *keyid);
void tdb_register_trusted_key (const char *string);
/* Returns whether KID is on the list of ultimately trusted keys. */
int tdb_keyid_is_utk (u32 *kid);
void check_trustdb (void);
void update_trustdb (void);
void check_trustdb (ctrl_t ctrl);
void update_trustdb (ctrl_t ctrl);
int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model);
void init_trustdb( void );
void tdb_check_trustdb_stale (void);
void tdb_check_trustdb_stale (ctrl_t ctrl);
void sync_trustdb( void );
void tdb_revalidation_mark (void);
int trustdb_pending_check(void);
void tdb_check_or_update (void);
void tdb_check_or_update (ctrl_t ctrl);
int tdb_cache_disabled_value (PKT_public_key *pk);
unsigned int tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid,
unsigned int tdb_get_validity_core (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk,
PKT_signature *sig, int may_ask);
@ -158,6 +161,6 @@ void export_ownertrust(void);
void import_ownertrust(const char *fname);
/*-- pkclist.c --*/
int edit_ownertrust (PKT_public_key *pk, int mode );
int edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode);
#endif /*G10_TRUSTDB_H*/