security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

g10: Avoid gratuitously loading a keyblock when it is already available 

* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
load the keyblock if KB is NULL.  Update callers.
(get_validity): Likewise.
* g10/trustdb.c (tdb_get_validity_core): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2812
This commit is contained in:
Neal H. Walfield 2016-11-23 12:29:22 +01:00
parent bfeafe2d3f
commit 03a65a5323
11 changed files with 108 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/getkey.c
View File

@ -1543,7 +1543,7 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
new->uid = scopy_user_id (uid);
new->validity =
get_validity (ctrl, &new->key, uid, NULL, 0) & TRUST_MASK;
get_validity (ctrl, new_keyblock, &new->key, uid, NULL, 0) & TRUST_MASK;
new->valid = 1;
if (! old->valid)

7
g10/gpgv.c
View File

@ -292,19 +292,22 @@ check_trustdb_stale (ctrl_t ctrl)
}
int
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid)
{
(void)ctrl;
(void)kb;
(void)pk;
(void)uid;
return '?';
}
unsigned int
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask)
{
(void)ctrl;
(void)kb;
(void)pk;
(void)uid;
(void)sig;

9
g10/keyedit.c
View File

@ -3585,7 +3585,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
es_putc ('e', fp);
else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks))
{
int trust = get_validity_info (ctrl, pk, NULL);
int trust = get_validity_info (ctrl, keyblock, pk, NULL);
if (trust == 'u')
ulti_hack = 1;
es_putc (trust, fp);
@ -3644,7 +3644,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
int uid_validity;
if (primary && !ulti_hack)
uid_validity = get_validity_info (ctrl, primary, uid);
uid_validity = get_validity_info (ctrl, keyblock, primary, uid);
else
uid_validity = 'u';
es_fprintf (fp, "%c::::::::", uid_validity);
@ -3819,7 +3819,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
/* Show a warning once */
if (!did_warn
&& (get_validity (ctrl, pk, NULL, NULL, 0)
&& (get_validity (ctrl, keyblock, pk, NULL, NULL, 0)
& TRUST_FLAG_PENDING_CHECK))
{
did_warn = 1;
@ -6304,7 +6304,8 @@ core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
/* If the trustdb has an entry for this key+uid then the
trustdb needs an update. */
if (!update_trust
&& ((get_validity (ctrl, pk, uid, NULL, 0) & TRUST_MASK)
&& ((get_validity (ctrl, keyblock, pk, uid, NULL, 0)
& TRUST_MASK)
>= TRUST_UNDEFINED))
update_trust = 1;
#endif /*!NO_TRUST_MODELS*/

4
g10/keylist.c
View File

@ -1228,7 +1228,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
trustletter_print = 0;
else
{
trustletter = get_validity_info (ctrl, pk, NULL);
trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
if (trustletter == 'u')
ulti_hack = 1;
trustletter_print = trustletter;
@ -1309,7 +1309,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
else if (ulti_hack)
uid_validity = 'u';
else
uid_validity = get_validity_info (ctrl, pk, uid);
uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
if (uid_validity)

15
g10/mainproc.c
View File

@ -1015,8 +1015,13 @@ list_node (CTX c, kbnode_t node)
keyid_from_pk( pk, keyid );
if (pk->flags.primary)
c->trustletter = (opt.fast_list_mode?
0 : get_validity_info (c->ctrl, pk, NULL));
c->trustletter = (opt.fast_list_mode
? 0
: get_validity_info
(c->ctrl,
node->pkt->pkttype == PKT_PUBLIC_KEY
? node : NULL,
pk, NULL));
es_printf ("%s:", pk->flags.primary? "pub":"sub" );
if (c->trustletter)
es_putc (c->trustletter, es_stdout);
@ -1973,8 +1978,8 @@ check_sig_and_print (CTX c, kbnode_t node)
does not print a LF we need to compute the validity
before calling that function. */
if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
valid = get_validity (c->ctrl, mainpk, un->pkt->pkt.user_id,
NULL, 0);
valid = get_validity (c->ctrl, keyblock, mainpk,
un->pkt->pkt.user_id, NULL, 0);
else
valid = 0; /* Not used. */
@ -2075,7 +2080,7 @@ check_sig_and_print (CTX c, kbnode_t node)
actually ask the user to update any trust
information. */
valid = (trust_value_to_string
(get_validity (c->ctrl, mainpk,
(get_validity (c->ctrl, keyblock, mainpk,
un->pkt->pkt.user_id, NULL, 0)));
log_printf (" [%s]\n",valid);
}

2
g10/photoid.c
View File

@ -304,7 +304,7 @@ show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
memset (&args, 0, sizeof(args));
args.pk = pk;
args.validity_info = get_validity_info (ctrl, pk, uid);
args.validity_info = get_validity_info (ctrl, NULL, pk, uid);
args.validity_string = get_validity_string (ctrl, pk, uid);
namehash_from_uid (uid);
args.namehash = uid->namehash;

7
g10/pkclist.c
View File

@ -569,7 +569,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
log_info(_("WARNING: this key might be revoked (revocation key"
" not present)\n"));
trustlevel = get_validity (ctrl, pk, NULL, sig, 1);
trustlevel = get_validity (ctrl, NULL, pk, NULL, sig, 1);
if ( (trustlevel & TRUST_FLAG_REVOKED) )
{
@ -872,7 +872,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
{
int trustlevel;
trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1);
trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) )
{
/* Key has been disabled. */
@ -1212,7 +1212,8 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
{ /* Check validity of this key. */
int trustlevel;
trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1);
trustlevel =
get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) )
{
tty_printf (_("Public key is disabled.\n") );

7
g10/test-stubs.c
View File

@ -98,19 +98,22 @@ check_trustdb_stale (ctrl_t ctrl)
}
int
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid)
{
(void)ctrl;
(void)kb;
(void)pk;
(void)uid;
return '?';
}
unsigned int
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask)
{
(void)ctrl;
(void)kb;
(void)pk;
(void)uid;
(void)sig;

63
g10/trust.c
View File

@ -151,7 +151,7 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
return _("[ expired]");
else if(key)
{
switch (get_validity (ctrl, key, uid, NULL, 0) & TRUST_MASK)
switch (get_validity (ctrl, NULL, key, uid, NULL, 0) & TRUST_MASK)
{
case TRUST_UNKNOWN: return _("[ unknown]");
case TRUST_EXPIRED: return _("[ expired]");
@ -297,12 +297,13 @@ check_or_update_trustdb (ctrl_t ctrl)
/*
* Return the validity information for PK. If the namehash is not
* NULL, the validity of the corresponding user ID is returned,
* otherwise, a reasonable value for the entire key is returned.
* Return the validity information for KB/PK (at least one must be
* non-NULL). If the namehash is not NULL, the validity of the
* corresponding user ID is returned, otherwise, a reasonable value
* for the entire key is returned.
*/
unsigned int
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask)
{
int rc;
@ -310,6 +311,16 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
u32 kid[2];
PKT_public_key *main_pk;
if (kb && pk)
log_assert (keyid_cmp (pk_main_keyid (pk),
pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
if (! pk)
{
log_assert (kb);
pk = kb->pkt->pkt.public_key;
}
if (uid)
namehash_from_uid (uid);
@ -317,17 +328,22 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
{
/* This is a subkey - get the mainkey. */
main_pk = xmalloc_clear (sizeof *main_pk);
rc = get_pubkey (main_pk, pk->main_keyid);
if (rc)
if (kb)
main_pk = kb->pkt->pkt.public_key;
else
{
char *tempkeystr = xstrdup (keystr (pk->main_keyid));
log_error ("error getting main key %s of subkey %s: %s\n",
tempkeystr, keystr (kid), gpg_strerror (rc));
xfree (tempkeystr);
validity = TRUST_UNKNOWN;
goto leave;
}
main_pk = xmalloc_clear (sizeof *main_pk);
rc = get_pubkey (main_pk, pk->main_keyid);
if (rc)
{
char *tempkeystr = xstrdup (keystr (pk->main_keyid));
log_error ("error getting main key %s of subkey %s: %s\n",
tempkeystr, keystr (kid), gpg_strerror (rc));
xfree (tempkeystr);
validity = TRUST_UNKNOWN;
goto leave;
}
}
}
else
main_pk = pk;
@ -335,7 +351,7 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
#ifdef NO_TRUST_MODELS
validity = TRUST_UNKNOWN;
#else
validity = tdb_get_validity_core (ctrl, pk, uid, main_pk, sig, may_ask);
validity = tdb_get_validity_core (ctrl, kb, pk, uid, main_pk, sig, may_ask);
#endif
leave:
@ -350,21 +366,28 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
| TRUST_EXPIRED);
if (main_pk != pk)
if (main_pk != pk && !kb)
free_public_key (main_pk);
return validity;
}
int
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid)
{
int trustlevel;
if (kb && pk)
log_assert (keyid_cmp (pk_main_keyid (pk),
pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
if (! pk && kb)
pk = kb->pkt->pkt.public_key;
if (!pk)
return '?'; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
trustlevel = get_validity (ctrl, kb, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED))
return 'r';
return trust_letter (trustlevel);
@ -379,7 +402,7 @@ get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
if (!pk)
return "err"; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (ctrl, pk, uid, NULL, 0);
trustlevel = get_validity (ctrl, NULL, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED))
return _("revoked");
return trust_value_to_string (trustlevel);

34
g10/trustdb.c
View File

@ -983,13 +983,15 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
}
/*
* Return the validity information for PK. This is the core of
* get_validity. If SIG is not NULL, then the trust is being
* evaluated in the context of the provided signature. This is used
* by the TOFU code to record statistics.
* Return the validity information for KB/PK (at least one of them
* must be non-NULL). This is the core of get_validity. If SIG is
* not NULL, then the trust is being evaluated in the context of the
* provided signature. This is used by the TOFU code to record
* statistics.
*/
unsigned int
tdb_get_validity_core (ctrl_t ctrl,
kbnode_t kb,
PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk,
PKT_signature *sig,
@ -1002,6 +1004,17 @@ tdb_get_validity_core (ctrl_t ctrl,
unsigned int tofu_validity = TRUST_UNKNOWN;
#endif
unsigned int validity = TRUST_UNKNOWN;
int free_kb = 0;
if (kb && pk)
log_assert (keyid_cmp (pk_main_keyid (pk),
pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
if (! pk)
{
log_assert (kb);
pk = kb->pkt->pkt.public_key;
}
#ifndef USE_TOFU
(void)sig;
@ -1030,14 +1043,20 @@ tdb_get_validity_core (ctrl_t ctrl,
#ifdef USE_TOFU
if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
{
kbnode_t kb = NULL;
kbnode_t n = NULL;
strlist_t user_id_list = NULL;
int done = 0;
/* If the caller didn't supply a user id then use all uids. */
if (! uid)
kb = n = get_pubkeyblock (main_pk->keyid);
{
if (! kb)
{
kb = get_pubkeyblock (main_pk->keyid);
free_kb = 1;
}
n = kb;
}
if (DBG_TRUST && sig && sig->signers_uid)
log_debug ("TOFU: only considering user id: '%s'\n",
@ -1132,7 +1151,8 @@ tdb_get_validity_core (ctrl_t ctrl,
may_ask);
free_strlist (user_id_list);
release_kbnode (kb);
if (free_kb)
release_kbnode (kb);
}
#endif /*USE_TOFU*/

8
g10/trustdb.h
View File

@ -94,9 +94,11 @@ void revalidation_mark (void);
void check_trustdb_stale (ctrl_t ctrl);
void check_or_update_trustdb (ctrl_t ctrl);
unsigned int get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
unsigned int get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid,
PKT_signature *sig, int may_ask);
int get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid);
int get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid);
const char *get_validity_string (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid);
@ -135,7 +137,7 @@ void tdb_check_or_update (ctrl_t ctrl);
int tdb_cache_disabled_value (PKT_public_key *pk);
unsigned int tdb_get_validity_core (ctrl_t ctrl,
unsigned int tdb_get_validity_core (ctrl_t ctrl, kbnode_t kb,
PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk,
PKT_signature *sig, int may_ask);