mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-11 13:14:25 +01:00
See ChangeLog: Mon Feb 14 14:30:20 CET 2000 Werner Koch
This commit is contained in:
parent
1d0f589754
commit
17eb1405a2
@ -1,3 +1,8 @@
|
|||||||
|
Mon Feb 14 14:30:20 CET 2000 Werner Koch <wk@gnupg.de>
|
||||||
|
|
||||||
|
(update_random_seed_file): Silently ignore update request when pool
|
||||||
|
is not filled.
|
||||||
|
|
||||||
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
||||||
|
|
||||||
* random.c (read_seed_file): New.
|
* random.c (read_seed_file): New.
|
||||||
|
@ -361,7 +361,7 @@ update_random_seed_file()
|
|||||||
ulong *sp, *dp;
|
ulong *sp, *dp;
|
||||||
int fd, i;
|
int fd, i;
|
||||||
|
|
||||||
if( !seed_file_name || !is_initialized )
|
if( !seed_file_name || !is_initialized || !pool_filled )
|
||||||
return;
|
return;
|
||||||
if( !allow_seed_file_update ) {
|
if( !allow_seed_file_update ) {
|
||||||
log_info(_("note: random_seed file not updated\n"));
|
log_info(_("note: random_seed file not updated\n"));
|
||||||
|
@ -1,3 +1,13 @@
|
|||||||
|
Mon Feb 14 14:30:20 CET 2000 Werner Koch <wk@gnupg.de>
|
||||||
|
|
||||||
|
* sig-check.c (check_key_signature2): Add new arg r_expired.
|
||||||
|
(do_signature_check): New arg to pass it down to ...
|
||||||
|
(do_check): New arg r-expire which is set when the signature
|
||||||
|
has expired.
|
||||||
|
* trustdb.c (check_sig_record): Set SIGF_EXPIRED flag and set
|
||||||
|
the expiretime to zero so that thi signature will not be checked
|
||||||
|
anymore.
|
||||||
|
|
||||||
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
Fri Feb 11 17:44:40 CET 2000 Werner Koch <wk@gnupg.de>
|
||||||
|
|
||||||
* g10.c (g10_exit): Update the random seed_file.
|
* g10.c (g10_exit): Update the random seed_file.
|
||||||
|
@ -81,7 +81,7 @@ int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
|
|||||||
/*-- sig-check.c --*/
|
/*-- sig-check.c --*/
|
||||||
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
|
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
|
||||||
int check_key_signature2( KBNODE root, KBNODE node,
|
int check_key_signature2( KBNODE root, KBNODE node,
|
||||||
int *is_selfsig, u32 *r_expire );
|
int *is_selfsig, u32 *r_expiredate, int *r_expired );
|
||||||
|
|
||||||
/*-- delkey.c --*/
|
/*-- delkey.c --*/
|
||||||
int delete_key( const char *username, int secure );
|
int delete_key( const char *username, int secure );
|
||||||
|
@ -41,9 +41,9 @@ struct cmp_help_context_s {
|
|||||||
|
|
||||||
|
|
||||||
static int do_signature_check( PKT_signature *sig, MD_HANDLE digest,
|
static int do_signature_check( PKT_signature *sig, MD_HANDLE digest,
|
||||||
u32 *r_expire );
|
u32 *r_expiredate, int *r_expired );
|
||||||
static int do_check( PKT_public_key *pk, PKT_signature *sig,
|
static int do_check( PKT_public_key *pk, PKT_signature *sig,
|
||||||
MD_HANDLE digest );
|
MD_HANDLE digest, int *r_expired );
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
@ -55,11 +55,13 @@ int
|
|||||||
signature_check( PKT_signature *sig, MD_HANDLE digest )
|
signature_check( PKT_signature *sig, MD_HANDLE digest )
|
||||||
{
|
{
|
||||||
u32 dummy;
|
u32 dummy;
|
||||||
return do_signature_check( sig, digest, &dummy );
|
int dum2;
|
||||||
|
return do_signature_check( sig, digest, &dummy, &dum2 );
|
||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
|
do_signature_check( PKT_signature *sig, MD_HANDLE digest,
|
||||||
|
u32 *r_expiredate, int *r_expired )
|
||||||
{
|
{
|
||||||
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
|
||||||
int rc=0;
|
int rc=0;
|
||||||
@ -67,12 +69,12 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
|
|||||||
if( is_RSA(sig->pubkey_algo) )
|
if( is_RSA(sig->pubkey_algo) )
|
||||||
write_status(STATUS_RSA_OR_IDEA);
|
write_status(STATUS_RSA_OR_IDEA);
|
||||||
|
|
||||||
*r_expire = 0;
|
*r_expiredate = 0;
|
||||||
if( get_pubkey( pk, sig->keyid ) )
|
if( get_pubkey( pk, sig->keyid ) )
|
||||||
rc = G10ERR_NO_PUBKEY;
|
rc = G10ERR_NO_PUBKEY;
|
||||||
else {
|
else {
|
||||||
*r_expire = pk->expiredate;
|
*r_expiredate = pk->expiredate;
|
||||||
rc = do_check( pk, sig, digest );
|
rc = do_check( pk, sig, digest, r_expired );
|
||||||
}
|
}
|
||||||
|
|
||||||
free_public_key( pk );
|
free_public_key( pk );
|
||||||
@ -285,13 +287,15 @@ cmp_help( void *opaque, MPI result )
|
|||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
|
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
|
||||||
|
int *r_expired )
|
||||||
{
|
{
|
||||||
MPI result = NULL;
|
MPI result = NULL;
|
||||||
int rc=0;
|
int rc=0;
|
||||||
struct cmp_help_context_s ctx;
|
struct cmp_help_context_s ctx;
|
||||||
u32 cur_time;
|
u32 cur_time;
|
||||||
|
|
||||||
|
*r_expired = 0;
|
||||||
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
|
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
|
||||||
log_info(_("this is a PGP generated "
|
log_info(_("this is a PGP generated "
|
||||||
"ElGamal key which is NOT secure for signatures!\n"));
|
"ElGamal key which is NOT secure for signatures!\n"));
|
||||||
@ -323,6 +327,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
|
|||||||
log_info(_("NOTE: signature key expired %s\n"),
|
log_info(_("NOTE: signature key expired %s\n"),
|
||||||
asctimestamp( pk->expiredate ) );
|
asctimestamp( pk->expiredate ) );
|
||||||
write_status(STATUS_SIGEXPIRED);
|
write_status(STATUS_SIGEXPIRED);
|
||||||
|
*r_expired = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -428,11 +433,13 @@ int
|
|||||||
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
|
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
|
||||||
{
|
{
|
||||||
u32 dummy;
|
u32 dummy;
|
||||||
return check_key_signature2(root, node, is_selfsig, &dummy );
|
int dum2;
|
||||||
|
return check_key_signature2(root, node, is_selfsig, &dummy, &dum2 );
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
|
check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
|
||||||
|
u32 *r_expiredate, int *r_expired )
|
||||||
{
|
{
|
||||||
MD_HANDLE md;
|
MD_HANDLE md;
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
@ -442,7 +449,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
|
|||||||
|
|
||||||
if( is_selfsig )
|
if( is_selfsig )
|
||||||
*is_selfsig = 0;
|
*is_selfsig = 0;
|
||||||
*r_expire = 0;
|
*r_expiredate = 0;
|
||||||
|
*r_expired = 0;
|
||||||
assert( node->pkt->pkttype == PKT_SIGNATURE );
|
assert( node->pkt->pkttype == PKT_SIGNATURE );
|
||||||
assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
|
assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
|
||||||
|
|
||||||
@ -462,7 +470,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
|
|||||||
if( sig->sig_class == 0x20 ) {
|
if( sig->sig_class == 0x20 ) {
|
||||||
md = md_open( algo, 0 );
|
md = md_open( algo, 0 );
|
||||||
hash_public_key( md, pk );
|
hash_public_key( md, pk );
|
||||||
rc = do_check( pk, sig, md );
|
rc = do_check( pk, sig, md, r_expired );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
else if( sig->sig_class == 0x28 ) { /* subkey revocation */
|
else if( sig->sig_class == 0x28 ) { /* subkey revocation */
|
||||||
@ -472,7 +480,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
|
|||||||
md = md_open( algo, 0 );
|
md = md_open( algo, 0 );
|
||||||
hash_public_key( md, pk );
|
hash_public_key( md, pk );
|
||||||
hash_public_key( md, snode->pkt->pkt.public_key );
|
hash_public_key( md, snode->pkt->pkt.public_key );
|
||||||
rc = do_check( pk, sig, md );
|
rc = do_check( pk, sig, md, r_expired );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -494,7 +502,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
|
|||||||
md = md_open( algo, 0 );
|
md = md_open( algo, 0 );
|
||||||
hash_public_key( md, pk );
|
hash_public_key( md, pk );
|
||||||
hash_public_key( md, snode->pkt->pkt.public_key );
|
hash_public_key( md, snode->pkt->pkt.public_key );
|
||||||
rc = do_check( pk, sig, md );
|
rc = do_check( pk, sig, md, r_expired );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@ -515,10 +523,10 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
|
|||||||
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
|
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
|
||||||
if( is_selfsig )
|
if( is_selfsig )
|
||||||
*is_selfsig = 1;
|
*is_selfsig = 1;
|
||||||
rc = do_check( pk, sig, md );
|
rc = do_check( pk, sig, md, r_expired );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
rc = do_signature_check( sig, md, r_expire );
|
rc = do_signature_check( sig, md, r_expiredate, r_expired );
|
||||||
md_close(md);
|
md_close(md);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -110,7 +110,6 @@ static int alloced_tns;
|
|||||||
static int max_alloced_tns;
|
static int max_alloced_tns;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
static LOCAL_ID_TABLE new_lid_table(void);
|
static LOCAL_ID_TABLE new_lid_table(void);
|
||||||
static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
|
static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
|
||||||
static int qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag );
|
static int qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag );
|
||||||
@ -1127,17 +1126,17 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid,
|
|||||||
static unsigned int
|
static unsigned int
|
||||||
check_sig_record( KBNODE keyblock, KBNODE signode,
|
check_sig_record( KBNODE keyblock, KBNODE signode,
|
||||||
ulong siglid, int sigidx, u32 *keyid, ulong lid,
|
ulong siglid, int sigidx, u32 *keyid, ulong lid,
|
||||||
u32 *r_expire, int *mod_down, int *mod_up )
|
u32 *r_expiretime, int *mod_down, int *mod_up )
|
||||||
{
|
{
|
||||||
PKT_signature *sig = signode->pkt->pkt.signature;
|
PKT_signature *sig = signode->pkt->pkt.signature;
|
||||||
unsigned int sigflag = 0;
|
unsigned int sigflag = 0;
|
||||||
TRUSTREC tmp;
|
TRUSTREC tmp;
|
||||||
int revocation=0, rc;
|
int revocation=0, expired=0, rc;
|
||||||
|
|
||||||
if( DBG_TRUST )
|
if( DBG_TRUST )
|
||||||
log_debug("check_sig_record: %08lX.%lu %lu[%d]\n",
|
log_debug("check_sig_record: %08lX.%lu %lu[%d]\n",
|
||||||
(ulong)keyid[1], lid, siglid, sigidx );
|
(ulong)keyid[1], lid, siglid, sigidx );
|
||||||
*r_expire = 0;
|
*r_expiretime = 0;
|
||||||
if( (sig->sig_class&~3) == 0x10 ) /* regular certification */
|
if( (sig->sig_class&~3) == 0x10 ) /* regular certification */
|
||||||
;
|
;
|
||||||
else if( sig->sig_class == 0x30 ) /* cert revocation */
|
else if( sig->sig_class == 0x30 ) /* cert revocation */
|
||||||
@ -1148,7 +1147,8 @@ check_sig_record( KBNODE keyblock, KBNODE signode,
|
|||||||
read_record( siglid, &tmp, 0 );
|
read_record( siglid, &tmp, 0 );
|
||||||
if( tmp.rectype == RECTYPE_DIR ) {
|
if( tmp.rectype == RECTYPE_DIR ) {
|
||||||
/* the public key is in the trustdb: check sig */
|
/* the public key is in the trustdb: check sig */
|
||||||
rc = check_key_signature2( keyblock, signode, NULL, r_expire );
|
rc = check_key_signature2( keyblock, signode, NULL,
|
||||||
|
r_expiretime, &expired );
|
||||||
if( !rc ) { /* valid signature */
|
if( !rc ) { /* valid signature */
|
||||||
if( opt.verbose )
|
if( opt.verbose )
|
||||||
log_info("sig %08lX.%lu/%lu[%d]/%08lX: %s\n",
|
log_info("sig %08lX.%lu/%lu[%d]/%08lX: %s\n",
|
||||||
@ -1157,6 +1157,13 @@ check_sig_record( KBNODE keyblock, KBNODE signode,
|
|||||||
revocation? _("Valid certificate revocation")
|
revocation? _("Valid certificate revocation")
|
||||||
: _("Good certificate") );
|
: _("Good certificate") );
|
||||||
sigflag |= SIGF_CHECKED | SIGF_VALID;
|
sigflag |= SIGF_CHECKED | SIGF_VALID;
|
||||||
|
if( expired ) {
|
||||||
|
sigflag |= SIGF_EXPIRED;
|
||||||
|
/* We have to reset the expiretime, so that this signature
|
||||||
|
* does not get checked over and over due to the reached
|
||||||
|
* expiretime */
|
||||||
|
*r_expiretime = 0;
|
||||||
|
}
|
||||||
if( revocation ) {
|
if( revocation ) {
|
||||||
sigflag |= SIGF_REVOKED;
|
sigflag |= SIGF_REVOKED;
|
||||||
*mod_down = 1;
|
*mod_down = 1;
|
||||||
@ -1221,7 +1228,7 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
|
|||||||
PKT_signature *sig;
|
PKT_signature *sig;
|
||||||
ulong sigrecno, siglid;
|
ulong sigrecno, siglid;
|
||||||
int i, sigidx = 0;
|
int i, sigidx = 0;
|
||||||
u32 expire;
|
u32 expiretime;
|
||||||
|
|
||||||
srecs = NULL; s_end = &srecs;
|
srecs = NULL; s_end = &srecs;
|
||||||
for( node=uidnode->next; node; node = node->next ) {
|
for( node=uidnode->next; node; node = node->next ) {
|
||||||
@ -1264,7 +1271,7 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
|
|||||||
s->r.sig.sig[sigidx].lid = siglid;
|
s->r.sig.sig[sigidx].lid = siglid;
|
||||||
s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node,
|
s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node,
|
||||||
siglid, sigidx,
|
siglid, sigidx,
|
||||||
mainkid, lid, &expire,
|
mainkid, lid, &expiretime,
|
||||||
mod_down, mod_up );
|
mod_down, mod_up );
|
||||||
|
|
||||||
sigidx++;
|
sigidx++;
|
||||||
@ -1275,8 +1282,8 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
|
|||||||
sigidx = 0;
|
sigidx = 0;
|
||||||
}
|
}
|
||||||
/* keep track of signers pk expire time */
|
/* keep track of signers pk expire time */
|
||||||
if( expire && (!*min_expire || *min_expire > expire ) )
|
if( expiretime && (!*min_expire || *min_expire > expiretime ) )
|
||||||
*min_expire = expire;
|
*min_expire = expiretime;
|
||||||
}
|
}
|
||||||
if( sigidx ) {
|
if( sigidx ) {
|
||||||
s->recnum = tdbio_new_recnum();
|
s->recnum = tdbio_new_recnum();
|
||||||
@ -1475,7 +1482,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
|
|||||||
int mod_up = 0;
|
int mod_up = 0;
|
||||||
int mod_down = 0;
|
int mod_down = 0;
|
||||||
ulong recno, r2;
|
ulong recno, r2;
|
||||||
u32 expire;
|
u32 expiretime;
|
||||||
|
|
||||||
primary_pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )->pkt->pkt.public_key;
|
primary_pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )->pkt->pkt.public_key;
|
||||||
if( !primary_pk->local_id )
|
if( !primary_pk->local_id )
|
||||||
@ -1517,9 +1524,9 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
|
|||||||
drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i );
|
drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i );
|
||||||
if( i ) /* primary key has been revoked */
|
if( i ) /* primary key has been revoked */
|
||||||
drec->r.dir.dirflags |= DIRF_REVOKED;
|
drec->r.dir.dirflags |= DIRF_REVOKED;
|
||||||
expire = 0;
|
expiretime = 0;
|
||||||
drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid,
|
drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid,
|
||||||
&expire, &mod_down, &mod_up );
|
&expiretime, &mod_down, &mod_up );
|
||||||
if( rc )
|
if( rc )
|
||||||
rc = tdbio_cancel_transaction();
|
rc = tdbio_cancel_transaction();
|
||||||
else {
|
else {
|
||||||
@ -1527,7 +1534,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
|
|||||||
*modified = 1;
|
*modified = 1;
|
||||||
drec->r.dir.dirflags |= DIRF_CHECKED;
|
drec->r.dir.dirflags |= DIRF_CHECKED;
|
||||||
drec->r.dir.valcheck = 0;
|
drec->r.dir.valcheck = 0;
|
||||||
drec->r.dir.checkat = expire;
|
drec->r.dir.checkat = expiretime;
|
||||||
write_record( drec );
|
write_record( drec );
|
||||||
tdbio_write_modify_stamp( mod_up, mod_down );
|
tdbio_write_modify_stamp( mod_up, mod_down );
|
||||||
rc = tdbio_end_transaction();
|
rc = tdbio_end_transaction();
|
||||||
@ -1851,10 +1858,12 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() )
|
if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() ) {
|
||||||
check_trust_record( &dirrec, 0 );
|
check_trust_record( &dirrec, 0 );
|
||||||
else if( (dirrec.r.dir.dirflags & DIRF_NEWKEYS) )
|
}
|
||||||
|
else if( (dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) {
|
||||||
check_trust_record( &dirrec, 1 );
|
check_trust_record( &dirrec, 1 );
|
||||||
|
}
|
||||||
|
|
||||||
keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK;
|
keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK;
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user