security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-11 22:52:47 +01:00
Code Activity

g10: Avoid gratuitously loading a keyblock when it is already available

Browse Source 
* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
load the keyblock if KB is NULL.  Update callers.
(get_validity): Likewise.
* g10/trustdb.c (tdb_get_validity_core): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2812
This commit is contained in:
Neal H. Walfield 2016-11-23 12:29:22 +01:00
parent bfeafe2d3f
commit 03a65a5323
11 changed files with 108 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
g10/getkey.c
View File

@ -1543,7 +1543,7 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
new->uid = scopy_user_id (uid); new->uid = scopy_user_id (uid);
new->validity = new->validity =
get_validity (ctrl, &new->key, uid, NULL, 0) & TRUST_MASK; get_validity (ctrl, new_keyblock, &new->key, uid, NULL, 0) & TRUST_MASK;
new->valid = 1; new->valid = 1;
if (! old->valid) if (! old->valid)

7
g10/gpgv.c
View File

@ -292,19 +292,22 @@ check_trustdb_stale (ctrl_t ctrl)
} }
int int
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid) get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid)
{ {
(void)ctrl; (void)ctrl;
(void)kb;
(void)pk; (void)pk;
(void)uid; (void)uid;
return '?'; return '?';
} }
unsigned int unsigned int
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid, get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask) PKT_signature *sig, int may_ask)
{ {
(void)ctrl; (void)ctrl;
(void)kb;
(void)pk; (void)pk;
(void)uid; (void)uid;
(void)sig; (void)sig;

9
g10/keyedit.c
View File

@ -3585,7 +3585,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
es_putc ('e', fp); es_putc ('e', fp);
else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks)) else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks))
{ {
int trust = get_validity_info (ctrl, pk, NULL); int trust = get_validity_info (ctrl, keyblock, pk, NULL);
if (trust == 'u') if (trust == 'u')
ulti_hack = 1; ulti_hack = 1;
es_putc (trust, fp); es_putc (trust, fp);
@ -3644,7 +3644,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
int uid_validity; int uid_validity;
if (primary && !ulti_hack) if (primary && !ulti_hack)
uid_validity = get_validity_info (ctrl, primary, uid); uid_validity = get_validity_info (ctrl, keyblock, primary, uid);
else else
uid_validity = 'u'; uid_validity = 'u';
es_fprintf (fp, "%c::::::::", uid_validity); es_fprintf (fp, "%c::::::::", uid_validity);
@ -3819,7 +3819,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
/* Show a warning once */ /* Show a warning once */
if (!did_warn if (!did_warn
&& (get_validity (ctrl, pk, NULL, NULL, 0) && (get_validity (ctrl, keyblock, pk, NULL, NULL, 0)
& TRUST_FLAG_PENDING_CHECK)) & TRUST_FLAG_PENDING_CHECK))
{ {
did_warn = 1; did_warn = 1;
@ -6304,7 +6304,8 @@ core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
/* If the trustdb has an entry for this key+uid then the /* If the trustdb has an entry for this key+uid then the
trustdb needs an update. */ trustdb needs an update. */
if (!update_trust if (!update_trust
&& ((get_validity (ctrl, pk, uid, NULL, 0) & TRUST_MASK) && ((get_validity (ctrl, keyblock, pk, uid, NULL, 0)
& TRUST_MASK)
>= TRUST_UNDEFINED)) >= TRUST_UNDEFINED))
update_trust = 1; update_trust = 1;
#endif /*!NO_TRUST_MODELS*/ #endif /*!NO_TRUST_MODELS*/

4
g10/keylist.c
View File

@ -1228,7 +1228,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
trustletter_print = 0; trustletter_print = 0;
else else
{ {
trustletter = get_validity_info (ctrl, pk, NULL); trustletter = get_validity_info (ctrl, keyblock, pk, NULL);
if (trustletter == 'u') if (trustletter == 'u')
ulti_hack = 1; ulti_hack = 1;
trustletter_print = trustletter; trustletter_print = trustletter;
@ -1309,7 +1309,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
else if (ulti_hack) else if (ulti_hack)
uid_validity = 'u'; uid_validity = 'u';
else else
uid_validity = get_validity_info (ctrl, pk, uid); uid_validity = get_validity_info (ctrl, keyblock, pk, uid);
es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout); es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout);
if (uid_validity) if (uid_validity)

15
g10/mainproc.c
View File

@ -1015,8 +1015,13 @@ list_node (CTX c, kbnode_t node)
keyid_from_pk( pk, keyid ); keyid_from_pk( pk, keyid );
if (pk->flags.primary) if (pk->flags.primary)
c->trustletter = (opt.fast_list_mode? c->trustletter = (opt.fast_list_mode
0 : get_validity_info (c->ctrl, pk, NULL)); ? 0
: get_validity_info
(c->ctrl,
node->pkt->pkttype == PKT_PUBLIC_KEY
? node : NULL,
pk, NULL));
es_printf ("%s:", pk->flags.primary? "pub":"sub" ); es_printf ("%s:", pk->flags.primary? "pub":"sub" );
if (c->trustletter) if (c->trustletter)
es_putc (c->trustletter, es_stdout); es_putc (c->trustletter, es_stdout);
@ -1973,8 +1978,8 @@ check_sig_and_print (CTX c, kbnode_t node)
does not print a LF we need to compute the validity does not print a LF we need to compute the validity
before calling that function. */ before calling that function. */
if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY)) if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
valid = get_validity (c->ctrl, mainpk, un->pkt->pkt.user_id, valid = get_validity (c->ctrl, keyblock, mainpk,
NULL, 0); un->pkt->pkt.user_id, NULL, 0);
else else
valid = 0; /* Not used. */ valid = 0; /* Not used. */
@ -2075,7 +2080,7 @@ check_sig_and_print (CTX c, kbnode_t node)
actually ask the user to update any trust actually ask the user to update any trust
information. */ information. */
valid = (trust_value_to_string valid = (trust_value_to_string
(get_validity (c->ctrl, mainpk, (get_validity (c->ctrl, keyblock, mainpk,
un->pkt->pkt.user_id, NULL, 0))); un->pkt->pkt.user_id, NULL, 0)));
log_printf (" [%s]\n",valid); log_printf (" [%s]\n",valid);
} }

2
g10/photoid.c
View File

@ -304,7 +304,7 @@ show_photos (ctrl_t ctrl, const struct user_attribute *attrs, int count,
memset (&args, 0, sizeof(args)); memset (&args, 0, sizeof(args));
args.pk = pk; args.pk = pk;
args.validity_info = get_validity_info (ctrl, pk, uid); args.validity_info = get_validity_info (ctrl, NULL, pk, uid);
args.validity_string = get_validity_string (ctrl, pk, uid); args.validity_string = get_validity_string (ctrl, pk, uid);
namehash_from_uid (uid); namehash_from_uid (uid);
args.namehash = uid->namehash; args.namehash = uid->namehash;

7
g10/pkclist.c
View File

@ -569,7 +569,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
log_info(_("WARNING: this key might be revoked (revocation key" log_info(_("WARNING: this key might be revoked (revocation key"
" not present)\n")); " not present)\n"));
trustlevel = get_validity (ctrl, pk, NULL, sig, 1); trustlevel = get_validity (ctrl, NULL, pk, NULL, sig, 1);
if ( (trustlevel & TRUST_FLAG_REVOKED) ) if ( (trustlevel & TRUST_FLAG_REVOKED) )
{ {
@ -872,7 +872,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
{ {
int trustlevel; int trustlevel;
trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1); trustlevel = get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) ) if ( (trustlevel & TRUST_FLAG_DISABLED) )
{ {
/* Key has been disabled. */ /* Key has been disabled. */
@ -1212,7 +1212,8 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
{ /* Check validity of this key. */ { /* Check validity of this key. */
int trustlevel; int trustlevel;
trustlevel = get_validity (ctrl, pk, pk->user_id, NULL, 1); trustlevel =
get_validity (ctrl, NULL, pk, pk->user_id, NULL, 1);
if ( (trustlevel & TRUST_FLAG_DISABLED) ) if ( (trustlevel & TRUST_FLAG_DISABLED) )
{ {
tty_printf (_("Public key is disabled.\n") ); tty_printf (_("Public key is disabled.\n") );

7
g10/test-stubs.c
View File

@ -98,19 +98,22 @@ check_trustdb_stale (ctrl_t ctrl)
} }
int int
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid) get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid)
{ {
(void)ctrl; (void)ctrl;
(void)kb;
(void)pk; (void)pk;
(void)uid; (void)uid;
return '?'; return '?';
} }
unsigned int unsigned int
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid, get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask) PKT_signature *sig, int may_ask)
{ {
(void)ctrl; (void)ctrl;
(void)kb;
(void)pk; (void)pk;
(void)uid; (void)uid;
(void)sig; (void)sig;

63
g10/trust.c
View File

@ -151,7 +151,7 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
return _("[ expired]"); return _("[ expired]");
else if(key) else if(key)
{ {
switch (get_validity (ctrl, key, uid, NULL, 0) & TRUST_MASK) switch (get_validity (ctrl, NULL, key, uid, NULL, 0) & TRUST_MASK)
{ {
case TRUST_UNKNOWN: return _("[ unknown]"); case TRUST_UNKNOWN: return _("[ unknown]");
case TRUST_EXPIRED: return _("[ expired]"); case TRUST_EXPIRED: return _("[ expired]");
@ -297,12 +297,13 @@ check_or_update_trustdb (ctrl_t ctrl)
/* /*
* Return the validity information for PK. If the namehash is not * Return the validity information for KB/PK (at least one must be
* NULL, the validity of the corresponding user ID is returned, * non-NULL). If the namehash is not NULL, the validity of the
* otherwise, a reasonable value for the entire key is returned. * corresponding user ID is returned, otherwise, a reasonable value
* for the entire key is returned.
*/ */
unsigned int unsigned int
get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid, get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
PKT_signature *sig, int may_ask) PKT_signature *sig, int may_ask)
{ {
int rc; int rc;
@ -310,6 +311,16 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
u32 kid[2]; u32 kid[2];
PKT_public_key *main_pk; PKT_public_key *main_pk;
if (kb && pk)
log_assert (keyid_cmp (pk_main_keyid (pk),
pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
if (! pk)
{
log_assert (kb);
pk = kb->pkt->pkt.public_key;
}
if (uid) if (uid)
namehash_from_uid (uid); namehash_from_uid (uid);
@ -317,17 +328,22 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1]) if (pk->main_keyid[0] != kid[0] || pk->main_keyid[1] != kid[1])
{ {
/* This is a subkey - get the mainkey. */ /* This is a subkey - get the mainkey. */
main_pk = xmalloc_clear (sizeof *main_pk); if (kb)
rc = get_pubkey (main_pk, pk->main_keyid); main_pk = kb->pkt->pkt.public_key;
if (rc) else
{ {
char *tempkeystr = xstrdup (keystr (pk->main_keyid)); main_pk = xmalloc_clear (sizeof *main_pk);
log_error ("error getting main key %s of subkey %s: %s\n", rc = get_pubkey (main_pk, pk->main_keyid);
tempkeystr, keystr (kid), gpg_strerror (rc)); if (rc)
xfree (tempkeystr); {
validity = TRUST_UNKNOWN; char *tempkeystr = xstrdup (keystr (pk->main_keyid));
goto leave; log_error ("error getting main key %s of subkey %s: %s\n",
} tempkeystr, keystr (kid), gpg_strerror (rc));
xfree (tempkeystr);
validity = TRUST_UNKNOWN;
goto leave;
}
}
} }
else else
main_pk = pk; main_pk = pk;
@ -335,7 +351,7 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
#ifdef NO_TRUST_MODELS #ifdef NO_TRUST_MODELS
validity = TRUST_UNKNOWN; validity = TRUST_UNKNOWN;
#else #else
validity = tdb_get_validity_core (ctrl, pk, uid, main_pk, sig, may_ask); validity = tdb_get_validity_core (ctrl, kb, pk, uid, main_pk, sig, may_ask);
#endif #endif
leave: leave:
@ -350,21 +366,28 @@ get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK)) validity = ((validity & (~TRUST_MASK | TRUST_FLAG_PENDING_CHECK))
| TRUST_EXPIRED); | TRUST_EXPIRED);
if (main_pk != pk) if (main_pk != pk && !kb)
free_public_key (main_pk); free_public_key (main_pk);
return validity; return validity;
} }
int int
get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid) get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid)
{ {
int trustlevel; int trustlevel;
if (kb && pk)
log_assert (keyid_cmp (pk_main_keyid (pk),
pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
if (! pk && kb)
pk = kb->pkt->pkt.public_key;
if (!pk) if (!pk)
return '?'; /* Just in case a NULL PK is passed. */ return '?'; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (ctrl, pk, uid, NULL, 0); trustlevel = get_validity (ctrl, kb, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED)) if ((trustlevel & TRUST_FLAG_REVOKED))
return 'r'; return 'r';
return trust_letter (trustlevel); return trust_letter (trustlevel);
@ -379,7 +402,7 @@ get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
if (!pk) if (!pk)
return "err"; /* Just in case a NULL PK is passed. */ return "err"; /* Just in case a NULL PK is passed. */
trustlevel = get_validity (ctrl, pk, uid, NULL, 0); trustlevel = get_validity (ctrl, NULL, pk, uid, NULL, 0);
if ((trustlevel & TRUST_FLAG_REVOKED)) if ((trustlevel & TRUST_FLAG_REVOKED))
return _("revoked"); return _("revoked");
return trust_value_to_string (trustlevel); return trust_value_to_string (trustlevel);

34
g10/trustdb.c
View File

@ -983,13 +983,15 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
} }
/* /*
* Return the validity information for PK. This is the core of * Return the validity information for KB/PK (at least one of them
* get_validity. If SIG is not NULL, then the trust is being * must be non-NULL). This is the core of get_validity. If SIG is
* evaluated in the context of the provided signature. This is used * not NULL, then the trust is being evaluated in the context of the
* by the TOFU code to record statistics. * provided signature. This is used by the TOFU code to record
* statistics.
*/ */
unsigned int unsigned int
tdb_get_validity_core (ctrl_t ctrl, tdb_get_validity_core (ctrl_t ctrl,
kbnode_t kb,
PKT_public_key *pk, PKT_user_id *uid, PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk, PKT_public_key *main_pk,
PKT_signature *sig, PKT_signature *sig,
@ -1002,6 +1004,17 @@ tdb_get_validity_core (ctrl_t ctrl,
unsigned int tofu_validity = TRUST_UNKNOWN; unsigned int tofu_validity = TRUST_UNKNOWN;
#endif #endif
unsigned int validity = TRUST_UNKNOWN; unsigned int validity = TRUST_UNKNOWN;
int free_kb = 0;
if (kb && pk)
log_assert (keyid_cmp (pk_main_keyid (pk),
pk_main_keyid (kb->pkt->pkt.public_key)) == 0);
if (! pk)
{
log_assert (kb);
pk = kb->pkt->pkt.public_key;
}
#ifndef USE_TOFU #ifndef USE_TOFU
(void)sig; (void)sig;
@ -1030,14 +1043,20 @@ tdb_get_validity_core (ctrl_t ctrl,
#ifdef USE_TOFU #ifdef USE_TOFU
if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP) if (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)
{ {
kbnode_t kb = NULL;
kbnode_t n = NULL; kbnode_t n = NULL;
strlist_t user_id_list = NULL; strlist_t user_id_list = NULL;
int done = 0; int done = 0;
/* If the caller didn't supply a user id then use all uids. */ /* If the caller didn't supply a user id then use all uids. */
if (! uid) if (! uid)
kb = n = get_pubkeyblock (main_pk->keyid); {
if (! kb)
{
kb = get_pubkeyblock (main_pk->keyid);
free_kb = 1;
}
n = kb;
}
if (DBG_TRUST && sig && sig->signers_uid) if (DBG_TRUST && sig && sig->signers_uid)
log_debug ("TOFU: only considering user id: '%s'\n", log_debug ("TOFU: only considering user id: '%s'\n",
@ -1132,7 +1151,8 @@ tdb_get_validity_core (ctrl_t ctrl,
may_ask); may_ask);
free_strlist (user_id_list); free_strlist (user_id_list);
release_kbnode (kb); if (free_kb)
release_kbnode (kb);
} }
#endif /*USE_TOFU*/ #endif /*USE_TOFU*/

8
g10/trustdb.h
View File

@ -94,9 +94,11 @@ void revalidation_mark (void);
void check_trustdb_stale (ctrl_t ctrl); void check_trustdb_stale (ctrl_t ctrl);
void check_or_update_trustdb (ctrl_t ctrl); void check_or_update_trustdb (ctrl_t ctrl);
unsigned int get_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid, unsigned int get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid,
PKT_signature *sig, int may_ask); PKT_signature *sig, int may_ask);
int get_validity_info (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid); int get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
PKT_user_id *uid);
const char *get_validity_string (ctrl_t ctrl, const char *get_validity_string (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid); PKT_public_key *pk, PKT_user_id *uid);
@ -135,7 +137,7 @@ void tdb_check_or_update (ctrl_t ctrl);
int tdb_cache_disabled_value (PKT_public_key *pk); int tdb_cache_disabled_value (PKT_public_key *pk);
unsigned int tdb_get_validity_core (ctrl_t ctrl, unsigned int tdb_get_validity_core (ctrl_t ctrl, kbnode_t kb,
PKT_public_key *pk, PKT_user_id *uid, PKT_public_key *pk, PKT_user_id *uid,
PKT_public_key *main_pk, PKT_public_key *main_pk,
PKT_signature *sig, int may_ask); PKT_signature *sig, int may_ask);