security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

See ChangeLog: Mon Oct 4 21:23:04 CEST 1999 Werner Koch

Browse Source
This commit is contained in:
Werner Koch 1999-10-04 19:27:02 +00:00
parent 88a7532f89
commit 296f9de0bc
24 changed files with 583 additions and 361 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
NEWS
View File

@ -6,6 +6,12 @@
* Add Indonesian and Portugese translations. * Add Indonesian and Portugese translations.
* Fixed a bug with symmetric-only encryption using the non-default 3DES.
The option --emulate-3des-s2k-bug may be used to decrypt documents
which have been encrypted this way; this should be done immediately
as this workaround will be remove in 1.1
Noteworthy changes in version 1.0.0 (1999-09-07) Noteworthy changes in version 1.0.0 (1999-09-07)
----------------------------------- -----------------------------------

6
TODO
View File

@ -1,8 +1,4 @@
* try to do --verify even if the files are swapped on the commandline
(requested by Herny Spencer) or change the error message to
a more clear one.
Scheduled for 1.1 Scheduled for 1.1
----------------- -----------------
@ -27,7 +23,7 @@ Scheduled for 1.1
* Check the beginning of file to detect already compressed files (gzip, * Check the beginning of file to detect already compressed files (gzip,
bzip2, xdelta and some picture formats) bzip2, xdelta and some picture formats)
* Delay the read of the passphrase-fd afte a NEED_PASSPHRASE. But this * Delay the read of the passphrase-fd after a NEED_PASSPHRASE. But this
may break some scripts. may break some scripts.

2
VERSION
View File

@ -1 +1 @@
1.0.0c 1.0.0d

8
checks/mkdemodirs
View File

@ -24,10 +24,10 @@ for name in $NAMES; do
/bin/echo " $name\c" /bin/echo " $name\c"
[ -d $name ] && rm -r $name [ -d $name ] && rm -r $name
mkdir $name mkdir $name
$GPGDEMO --export-secret-key -o - $name | tee $name/Secret.gpg | \ $GPGDEMO --export-secret-key -o - $name > $name/Secret.gpg
$GPG --homedir $name --import $GPG --homedir $name --import $name/Secret.gpg
$GPGDEMO --export -o - $name | tee $name/Public.gpg | \ $GPGDEMO --export -o - $name > $name/Public.gpg
$GPG --homedir $name --import $GPG --homedir $name --import $name/Public.gpg
[ -f $name/pubring.gpg~ ] && rm $name/pubring.gpg~ [ -f $name/pubring.gpg~ ] && rm $name/pubring.gpg~
done done
echo "." echo "."

5
cipher/ChangeLog
View File

@ -1,3 +1,8 @@
Mon Oct 4 21:23:04 CEST 1999 Werner Koch <wk@gnupg.de>
* md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
fixing this bug.
Sat Sep 18 12:51:51 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> Sat Sep 18 12:51:51 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

2
cipher/md.c
View File

@ -291,7 +291,7 @@ md_reset( MD_HANDLE a )
{ {
struct md_digest_list_s *r; struct md_digest_list_s *r;
a->bufcount = 0; a->bufcount = a->finalized = 0;
for( r=a->list; r; r = r->next ) { for( r=a->list; r; r = r->next ) {
memset( r->context.c, 0, r->contextsize ); memset( r->context.c, 0, r->contextsize );
(*r->init)( &r->context.c ); (*r->init)( &r->context.c );

41
g10/ChangeLog
View File

@ -1,3 +1,44 @@
Mon Oct 4 21:23:04 CEST 1999 Werner Koch <wk@gnupg.de>
* import.c (import_keys): Changed calling interface, adjusted caller.
(import): Moved printing of stats out ...
(print_stats): New. ... to here.
(import_keys_stream): Call stats print here.
(import_keys): Print stats as totals for all files.
* tdbio.h (DIRF_NEWKEYS): New
* tdbio.c (tdbio_dump_record): Print the new flag.
* trustdb.c (check_trust_record): New arg sigs_only. Adapted all
callers.
(do_update_trust_record): Removed recheck arg and add a new sigs_only
do we can later improve on the performance. Changed all callers too.
(check_trustdb): Evalutate the new flag and add a status output.
Do a check when the dir record has not been checked.
(build_cert_tree): Evaluate the new flag.
(check_trust): Ditto. Do a trust_record check, when the dir record
is not marked as checked.
(mark_fresh_keys): New.
(clear_lid_table): New.
(sync_trustdb): New.
* import.c (import_keys): Call sync_trustdb() after processing.
(import_keys_stream): Ditto.
* tdbdump.c (import_ownertrust): Ditto.
* import.c (import_revoke_cert): Notify the trust DB.
(do_update_trust_record): Use |= to set the REVOKED bit and not &=;
shame on me for this bad copy+paste introduced bug.
(do_we_trust): Add trustmask to allow revoked key override to work.
Chnaged are to allow return of a mofified trustlevel. Adapted the
one caller.
* g10.c: New options --emulate-3des-s2k-bug
* passphrase.c (hash_passphrase): Implemented above.
* mainproc.c (proc_tree): Check for standalone signatures.
(do_check_sig): Print a notice for a standalone revocation
(check_sig_and_print): Do not print an error for unchecked standalone
revocations.
Tue Sep 28 20:54:37 CEST 1999 Werner Koch <wk@gnupg.de> Tue Sep 28 20:54:37 CEST 1999 Werner Koch <wk@gnupg.de>
* encode.c (encode_simple): Use new CTB when we don't have the * encode.c (encode_simple): Use new CTB when we don't have the

15
g10/g10.c
View File

@ -179,6 +179,7 @@ enum cmd_and_opt_values { aNull = 0,
oNoLiteral, oNoLiteral,
oSetFilesize, oSetFilesize,
oEntropyDLLName, oEntropyDLLName,
oEmu3DESS2KBug, /* will be removed in 1.1 */
aTest }; aTest };
@ -346,6 +347,7 @@ static ARGPARSE_OPTS opts[] = {
{ oNoLiteral, "no-literal", 0, "@" }, { oNoLiteral, "no-literal", 0, "@" },
{ oSetFilesize, "set-filesize", 20, "@" }, { oSetFilesize, "set-filesize", 20, "@" },
{ oEntropyDLLName, "entropy-dll-name", 2, "@" }, { oEntropyDLLName, "entropy-dll-name", 2, "@" },
{ oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"},
{0} }; {0} };
@ -805,6 +807,7 @@ main( int argc, char **argv )
opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
break; break;
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
case oCompressSigs: opt.compress_sigs = 1; break; case oCompressSigs: opt.compress_sigs = 1; break;
case oRunAsShmCP: case oRunAsShmCP:
#ifndef USE_SHM_COPROCESSING #ifndef USE_SHM_COPROCESSING
@ -1215,17 +1218,7 @@ main( int argc, char **argv )
case aFastImport: case aFastImport:
case aImport: case aImport:
if( !argc ) { import_keys( argc? argv:NULL, argc, (cmd == aFastImport) );
rc = import_keys( NULL, (cmd == aFastImport) );
if( rc )
log_error("import failed: %s\n", g10_errstr(rc) );
}
for( ; argc; argc--, argv++ ) {
rc = import_keys( *argv, (cmd == aFastImport) );
if( rc )
log_error("import from `%s' failed: %s\n",
*argv, g10_errstr(rc) );
}
break; break;
case aExport: case aExport:

84
g10/import.c
View File

@ -38,6 +38,7 @@
static struct { static struct {
ulong count;
ulong no_user_id; ulong no_user_id;
ulong imported; ulong imported;
ulong imported_rsa; ulong imported_rsa;
@ -53,6 +54,7 @@ static struct {
static int import( IOBUF inp, int fast, const char* fname ); static int import( IOBUF inp, int fast, const char* fname );
static void print_stats(void);
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static int import_one( const char *fname, KBNODE keyblock, int fast ); static int import_one( const char *fname, KBNODE keyblock, int fast );
static int import_secret_one( const char *fname, KBNODE keyblock ); static int import_secret_one( const char *fname, KBNODE keyblock );
@ -105,30 +107,48 @@ static int merge_keysigs( KBNODE dst, KBNODE src, int *n_sigs,
* Key revocation certificates have special handling. * Key revocation certificates have special handling.
* *
*/ */
int void
import_keys( const char *fname, int fast ) import_keys( char **fnames, int nnames, int fast )
{ {
IOBUF inp = NULL; int i;
int rc;
inp = iobuf_open(fname); /* fixme: don't use static variables */
if( !fname ) memset( &stats, 0, sizeof( stats ) );
fname = "[stdin]";
if( !inp ) { for(i=0; i < nnames; i++ ) {
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); const char *fname = fnames? fnames[i] : NULL;
return G10ERR_OPEN_FILE; IOBUF inp = iobuf_open(fname);
if( !fname )
fname = "[stdin]";
if( !inp )
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
else {
int rc = import( inp, fast, fname );
iobuf_close(inp);
if( rc )
log_error("import from `%s' failed: %s\n", fname,
g10_errstr(rc) );
}
if( !fname )
break;
} }
print_stats();
rc = import( inp, fast, fname ); if( !fast )
sync_trustdb();
iobuf_close(inp);
return rc;
} }
int int
import_keys_stream( IOBUF inp, int fast ) import_keys_stream( IOBUF inp, int fast )
{ {
return import( inp, fast, "[stream]" ); int rc = 0;
/* fixme: don't use static variables */
memset( &stats, 0, sizeof( stats ) );
rc = import( inp, fast, "[stream]" );
print_stats();
if( !fast )
sync_trustdb();
return rc;
} }
static int static int
@ -137,10 +157,6 @@ import( IOBUF inp, int fast, const char* fname )
PACKET *pending_pkt = NULL; PACKET *pending_pkt = NULL;
KBNODE keyblock; KBNODE keyblock;
int rc = 0; int rc = 0;
ulong count=0;
/* fixme: don't use static variables */
memset( &stats, 0, sizeof( stats ) );
getkey_disable_caches(); getkey_disable_caches();
@ -165,16 +181,23 @@ import( IOBUF inp, int fast, const char* fname )
release_kbnode(keyblock); release_kbnode(keyblock);
if( rc ) if( rc )
break; break;
if( !(++count % 100) && !opt.quiet ) if( !(++stats.count % 100) && !opt.quiet )
log_info(_("%lu keys so far processed\n"), count ); log_info(_("%lu keys so far processed\n"), stats.count );
} }
if( rc == -1 ) if( rc == -1 )
rc = 0; rc = 0;
else if( rc && rc != G10ERR_INV_KEYRING ) else if( rc && rc != G10ERR_INV_KEYRING )
log_error( _("error reading `%s': %s\n"), fname, g10_errstr(rc)); log_error( _("error reading `%s': %s\n"), fname, g10_errstr(rc));
return rc;
}
static void
print_stats()
{
if( !opt.quiet ) { if( !opt.quiet ) {
log_info(_("Total number processed: %lu\n"), count ); log_info(_("Total number processed: %lu\n"), stats.count );
if( stats.no_user_id ) if( stats.no_user_id )
log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id ); log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id );
if( stats.imported || stats.imported_rsa ) { if( stats.imported || stats.imported_rsa ) {
@ -202,9 +225,9 @@ import( IOBUF inp, int fast, const char* fname )
} }
if( is_status_enabled() ) { if( is_status_enabled() ) {
char buf[12*16]; char buf[12*20];
sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu", sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
count, stats.count,
stats.no_user_id, stats.no_user_id,
stats.imported, stats.imported,
stats.imported_rsa, stats.imported_rsa,
@ -218,8 +241,6 @@ import( IOBUF inp, int fast, const char* fname )
stats.secret_dups); stats.secret_dups);
write_status_text( STATUS_IMPORT_RES, buf ); write_status_text( STATUS_IMPORT_RES, buf );
} }
return rc;
} }
@ -678,6 +699,15 @@ import_revoke_cert( const char *fname, KBNODE node )
log_info( _("key %08lX: revocation certificate imported\n"), log_info( _("key %08lX: revocation certificate imported\n"),
(ulong)keyid[1]); (ulong)keyid[1]);
stats.n_revoc++; stats.n_revoc++;
if( clear_trust_checked_flag( pk ) ) {
/* seems that we have to insert the record first */
rc = insert_trust_record( keyblock );
if( rc )
log_error("key %08lX: trustdb insert failed: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
else
rc = clear_trust_checked_flag( pk );
}
leave: leave:
release_kbnode( keyblock ); release_kbnode( keyblock );

2
g10/main.h
View File

@ -116,7 +116,7 @@ KBNODE make_comment_node( const char *s );
KBNODE make_mpi_comment_node( const char *s, MPI a ); KBNODE make_mpi_comment_node( const char *s, MPI a );
/*-- import.c --*/ /*-- import.c --*/
int import_keys( const char *filename, int fast ); void import_keys( char **fnames, int nnames, int fast );
int import_keys_stream( IOBUF inp, int fast ); int import_keys_stream( IOBUF inp, int fast );
int collapse_uids( KBNODE *keyblock ); int collapse_uids( KBNODE *keyblock );

13
g10/mainproc.c
View File

@ -507,6 +507,11 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
|| c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
return check_key_signature( c->list, node, is_selfsig ); return check_key_signature( c->list, node, is_selfsig );
} }
else if( sig->sig_class == 0x20 ) {
log_info(_("standalone revocation - "
"use \"gpg --import\" to apply\n"), sig->sig_class);
return G10ERR_NOT_PROCESSED;
}
else { else {
log_error("invalid root packet for sigclass %02x\n", log_error("invalid root packet for sigclass %02x\n",
sig->sig_class); sig->sig_class);
@ -1114,7 +1119,8 @@ check_sig_and_print( CTX c, KBNODE node )
buf[16] = 0; buf[16] = 0;
write_status_text( STATUS_NO_PUBKEY, buf ); write_status_text( STATUS_NO_PUBKEY, buf );
} }
log_error(_("Can't check signature: %s\n"), g10_errstr(rc) ); if( rc != G10ERR_NOT_PROCESSED )
log_error(_("Can't check signature: %s\n"), g10_errstr(rc) );
} }
return rc; return rc;
} }
@ -1174,7 +1180,10 @@ proc_tree( CTX c, KBNODE node )
else if( node->pkt->pkttype == PKT_SIGNATURE ) { else if( node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
if( !c->have_data ) { if( sig->sig_class != 0x00 && sig->sig_class != 0x01 )
log_info(_("standalone signature of class 0x%02x\n"),
sig->sig_class);
else if( !c->have_data ) {
/* detached signature */ /* detached signature */
free_md_filter_context( &c->mfx ); free_md_filter_context( &c->mfx );
c->mfx.md = md_open(sig->digest_algo, 0); c->mfx.md = md_open(sig->digest_algo, 0);

1
g10/options.h
View File

@ -87,6 +87,7 @@ struct {
#define EMUBUG_GPGCHKSUM 1 #define EMUBUG_GPGCHKSUM 1
#define EMUBUG_3DESS2K 2
#define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ #define DBG_PACKET_VALUE 1 /* debug packet reading/writing */
#define DBG_MPI_VALUE 2 /* debug mpi details */ #define DBG_MPI_VALUE 2 /* debug mpi details */

8
g10/passphrase.c
View File

@ -242,7 +242,13 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
md = md_open( s2k->hash_algo, 1); md = md_open( s2k->hash_algo, 1);
for(pass=0; used < dek->keylen ; pass++ ) { for(pass=0; used < dek->keylen ; pass++ ) {
if( pass ) { if( pass ) {
md_reset(md); if( (opt.emulate_bugs & EMUBUG_3DESS2K)) {
int tmp = md->finalized;
md_reset( md );
md->finalized = tmp;
}
else
md_reset(md);
for(i=0; i < pass; i++ ) /* preset the hash context */ for(i=0; i < pass; i++ ) /* preset the hash context */
md_putc(md, 0 ); md_putc(md, 0 );
} }

24
g10/pkclist.c
View File

@ -337,16 +337,17 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
/**************** /****************
* Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
* Returns: true if we trust. * Returns: true if we trust. Might change the trustlevel
*/ */
static int static int
do_we_trust( PKT_public_key *pk, int trustlevel ) do_we_trust( PKT_public_key *pk, int *trustlevel )
{ {
int rc; int rc;
int did_add = 0; int did_add = 0;
int trustmask = 0;
retry: retry:
if( (trustlevel & TRUST_FLAG_REVOKED) ) { if( (*trustlevel & TRUST_FLAG_REVOKED) ) {
log_info(_("key %08lX: key has been revoked!\n"), log_info(_("key %08lX: key has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) ); (ulong)keyid_from_pk( pk, NULL) );
if( opt.batch ) if( opt.batch )
@ -355,8 +356,9 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
if( !cpr_get_answer_is_yes("revoked_key.override", if( !cpr_get_answer_is_yes("revoked_key.override",
_("Use this key anyway? ")) ) _("Use this key anyway? ")) )
return 0; return 0;
trustmask |= TRUST_FLAG_REVOKED;
} }
else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) { else if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) {
log_info(_("key %08lX: subkey has been revoked!\n"), log_info(_("key %08lX: subkey has been revoked!\n"),
(ulong)keyid_from_pk( pk, NULL) ); (ulong)keyid_from_pk( pk, NULL) );
if( opt.batch ) if( opt.batch )
@ -365,10 +367,12 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
if( !cpr_get_answer_is_yes("revoked_key.override", if( !cpr_get_answer_is_yes("revoked_key.override",
_("Use this key anyway? ")) ) _("Use this key anyway? ")) )
return 0; return 0;
trustmask |= TRUST_FLAG_SUB_REVOKED;
} }
*trustlevel &= ~trustmask;
switch( (trustlevel & TRUST_MASK) ) { switch( (*trustlevel & TRUST_MASK) ) {
case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
rc = insert_trust_record_by_pk( pk ); rc = insert_trust_record_by_pk( pk );
if( rc ) { if( rc ) {
@ -376,11 +380,12 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
g10_errstr(rc) ); g10_errstr(rc) );
return 0; /* no */ return 0; /* no */
} }
rc = check_trust( pk, &trustlevel, NULL, NULL, NULL ); rc = check_trust( pk, trustlevel, NULL, NULL, NULL );
*trustlevel &= ~trustmask;
if( rc ) if( rc )
log_fatal("trust check after insert failed: %s\n", log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) ); g10_errstr(rc) );
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED ) { if( *trustlevel == TRUST_UNKNOWN || *trustlevel == TRUST_EXPIRED ) {
log_debug("do_we_trust: oops at %d\n", __LINE__ ); log_debug("do_we_trust: oops at %d\n", __LINE__ );
return 0; return 0;
} }
@ -398,7 +403,8 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
else { else {
int quit; int quit;
rc = add_ownertrust( pk, &quit, &trustlevel ); rc = add_ownertrust( pk, &quit, trustlevel );
*trustlevel &= ~trustmask;
if( !rc && !did_add && !quit ) { if( !rc && !did_add && !quit ) {
did_add = 1; did_add = 1;
goto retry; goto retry;
@ -444,7 +450,7 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel )
{ {
int rc; int rc;
rc = do_we_trust( pk, trustlevel ); rc = do_we_trust( pk, &trustlevel );
if( (trustlevel & TRUST_FLAG_REVOKED) && !rc ) if( (trustlevel & TRUST_FLAG_REVOKED) && !rc )
return 0; return 0;

1
g10/tdbdump.c
View File

@ -520,5 +520,6 @@ import_ownertrust( const char *fname )
if( !is_stdin ) if( !is_stdin )
fclose(fp); fclose(fp);
do_sync(); do_sync();
sync_trustdb();
} }

2
g10/tdbio.c
View File

@ -1130,6 +1130,8 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp )
fputs(", expired", fp ); fputs(", expired", fp );
if( rec->r.dir.dirflags & DIRF_REVOKED ) if( rec->r.dir.dirflags & DIRF_REVOKED )
fputs(", revoked", fp ); fputs(", revoked", fp );
if( rec->r.dir.dirflags & DIRF_NEWKEYS )
fputs(", newkeys", fp );
} }
putc('\n', fp); putc('\n', fp);
break; break;

3
g10/tdbio.h
View File

@ -52,6 +52,7 @@
/* one uid with a selfsignature or an revocation */ /* one uid with a selfsignature or an revocation */
#define DIRF_EXPIRED 4 /* the complete key has expired */ #define DIRF_EXPIRED 4 /* the complete key has expired */
#define DIRF_REVOKED 8 /* the complete key has been revoked */ #define DIRF_REVOKED 8 /* the complete key has been revoked */
#define DIRF_NEWKEYS 128 /* new keys are available: we can check the sigs */
#define KEYF_CHECKED 1 /* This key has been checked */ #define KEYF_CHECKED 1 /* This key has been checked */
#define KEYF_VALID 2 /* This is a valid (sub)key */ #define KEYF_VALID 2 /* This is a valid (sub)key */
@ -121,7 +122,7 @@ struct trust_record {
} uid; } uid;
struct { /* preference record */ struct { /* preference record */
ulong lid; /* point back to the directory record */ ulong lid; /* point back to the directory record */
/* or 0 for a glocal pref record */ /* or 0 for a global pref record */
ulong next; /* points to next pref record */ ulong next; /* points to next pref record */
byte data[ITEMS_PER_PREF_RECORD]; byte data[ITEMS_PER_PREF_RECORD];
} pref; } pref;

215
g10/trustdb.c
View File

@ -125,13 +125,22 @@ static int do_check( TRUSTREC *drec, unsigned *trustlevel,
unsigned *retflgs); unsigned *retflgs);
static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec ); static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec );
static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
int recheck, int *modified ); int sigs_only, int *modified );
static int check_trust_record( TRUSTREC *drec ); static int check_trust_record( TRUSTREC *drec, int sigs_only );
static void mark_fresh_keys(void);
/* a table used to keep track of ultimately trusted keys /* a table used to keep track of ultimately trusted keys
* which are the ones from our secrings and the trusted keys */ * which are the ones from our secrings and the trusted keys */
static LOCAL_ID_TABLE ultikey_table; static LOCAL_ID_TABLE ultikey_table;
/* a table to keep track of newly importted keys. This one is
* create by the insert_trust_record function and from time to time
* used to verify key signature which have been done with these new keys */
static LOCAL_ID_TABLE fresh_imported_keys;
static int fresh_imported_keys_count;
#define FRESH_KEY_CHECK_THRESHOLD 200
/* list of unused lid items and tables */ /* list of unused lid items and tables */
static LOCAL_ID_TABLE unused_lid_tables; static LOCAL_ID_TABLE unused_lid_tables;
static struct local_id_item *unused_lid_items; static struct local_id_item *unused_lid_items;
@ -245,6 +254,27 @@ release_lid_table( LOCAL_ID_TABLE tbl )
} }
#endif #endif
/****************
* Remove all items from a LID table
*/
static void
clear_lid_table( LOCAL_ID_TABLE tbl )
{
struct local_id_item *a, *a2;
int i;
for(i=0; i < 16; i++ ) {
for(a=tbl->items[i]; a; a = a2 ) {
a2 = a->next;
a->next = unused_lid_items;
unused_lid_items = a;
}
tbl->items[i] = NULL;
}
}
/**************** /****************
* Add a new item to the table or return 1 if we already have this item * Add a new item to the table or return 1 if we already have this item
*/ */
@ -572,6 +602,18 @@ init_trustdb()
/****************
* This function should be called in certain cases to sync the internal state
* of the trustdb with the file image. Currently it is needed after
* a sequence of insert_trust_record() calls.
*/
void
sync_trustdb()
{
if( fresh_imported_keys && fresh_imported_keys_count )
mark_fresh_keys();
}
/*********************************************** /***********************************************
@ -1082,7 +1124,7 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid,
static unsigned int static unsigned int
check_sig_record( KBNODE keyblock, KBNODE signode, check_sig_record( KBNODE keyblock, KBNODE signode,
ulong siglid, int sigidx, u32 *keyid, ulong lid, ulong siglid, int sigidx, u32 *keyid, ulong lid,
u32 *r_expire ) u32 *r_expire, int *mod_down, int *mod_up )
{ {
PKT_signature *sig = signode->pkt->pkt.signature; PKT_signature *sig = signode->pkt->pkt.signature;
unsigned int sigflag = 0; unsigned int sigflag = 0;
@ -1114,16 +1156,16 @@ check_sig_record( KBNODE keyblock, KBNODE signode,
sigflag |= SIGF_CHECKED | SIGF_VALID; sigflag |= SIGF_CHECKED | SIGF_VALID;
if( revocation ) { if( revocation ) {
sigflag |= SIGF_REVOKED; sigflag |= SIGF_REVOKED;
/**mod_down = 1;*/ *mod_down = 1;
} }
else else
/**mod_up = 1*/; *mod_up = 1;
} }
else if( rc == G10ERR_NO_PUBKEY ) { else if( rc == G10ERR_NO_PUBKEY ) {
/* This may happen if the key is still in the trustdb /* This may happen if the key is still in the trustdb
* but not available in the keystorage */ * but not available in the keystorage */
sigflag |= SIGF_NOPUBKEY; sigflag |= SIGF_NOPUBKEY;
/**mod_down = 1;*/ *mod_down = 1;
if( revocation ) if( revocation )
sigflag |= SIGF_REVOKED; sigflag |= SIGF_REVOKED;
} }
@ -1137,7 +1179,7 @@ check_sig_record( KBNODE keyblock, KBNODE signode,
sigflag |= SIGF_CHECKED; sigflag |= SIGF_CHECKED;
if( revocation ) { if( revocation ) {
sigflag |= SIGF_REVOKED; sigflag |= SIGF_REVOKED;
/**mod_down = 1;*/ *mod_down = 1;
} }
} }
} }
@ -1168,7 +1210,8 @@ check_sig_record( KBNODE keyblock, KBNODE signode,
*/ */
static ulong static ulong
make_sig_records( KBNODE keyblock, KBNODE uidnode, make_sig_records( KBNODE keyblock, KBNODE uidnode,
ulong lid, u32 *mainkid, u32 *min_expire ) ulong lid, u32 *mainkid, u32 *min_expire,
int *mod_down, int *mod_up )
{ {
TRUSTREC *srecs, **s_end, *s=NULL, *s2; TRUSTREC *srecs, **s_end, *s=NULL, *s2;
KBNODE node; KBNODE node;
@ -1218,7 +1261,8 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
s->r.sig.sig[sigidx].lid = siglid; s->r.sig.sig[sigidx].lid = siglid;
s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node, s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node,
siglid, sigidx, siglid, sigidx,
mainkid, lid, &expire ); mainkid, lid, &expire,
mod_down, mod_up );
sigidx++; sigidx++;
if( sigidx == SIGS_PER_RECORD ) { if( sigidx == SIGS_PER_RECORD ) {
@ -1319,7 +1363,8 @@ make_pref_record( PKT_signature *sig, ulong lid )
static ulong static ulong
make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire,
int *mod_down, int *mod_up )
{ {
TRUSTREC *urecs, **uend, *u, *u2; TRUSTREC *urecs, **uend, *u, *u2;
KBNODE node; KBNODE node;
@ -1351,9 +1396,21 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
&& (u->r.uid.uidflags & UIDF_VALID) ) { && (u->r.uid.uidflags & UIDF_VALID) ) {
u->r.uid.prefrec = bestsig? make_pref_record( bestsig, lid ) : 0; u->r.uid.prefrec = bestsig? make_pref_record( bestsig, lid ) : 0;
} }
/* the next test is really bad because we should modify
* out modification timestamps only if we really have a change.
* But becuase we are deleting the uid records first it is somewhat
* difficult to track those changes. fixme */
if( !( u->r.uid.uidflags & UIDF_VALID )
|| ( u->r.uid.uidflags & UIDF_REVOKED ) )
*mod_down=1;
else
*mod_up=1;
/* create the list of signatures */ /* create the list of signatures */
u->r.uid.siglist = make_sig_records( keyblock, node, u->r.uid.siglist = make_sig_records( keyblock, node,
lid, keyid, min_expire ); lid, keyid, min_expire,
mod_down, mod_up );
} }
uidrecno = urecs? urecs->recnum : 0; uidrecno = urecs? urecs->recnum : 0;
@ -1380,6 +1437,8 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
TRUSTREC drec; TRUSTREC drec;
int rc; int rc;
/* NOTE: We don't need recheck anymore, but this might chnage again in
* the future */
if( opt.dry_run ) if( opt.dry_run )
return 0; return 0;
if( modified ) if( modified )
@ -1390,24 +1449,25 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
if( rc ) if( rc )
return rc; return rc;
rc = do_update_trust_record( keyblock, &drec, recheck, modified ); rc = do_update_trust_record( keyblock, &drec, 0, modified );
return rc; return rc;
} }
/**************** /****************
* Same as update_trust_record, but tghis functions expects the dir record. * Same as update_trust_record, but this functions expects the dir record.
* On exit the dirrecord will reflect any changes made. * On exit the dir record will reflect any changes made.
* With sigs_only set only foreign key signatures are checked.
*/ */
static int static int
do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
int recheck, int *modified ) int sigs_only, int *modified )
{ {
PKT_public_key *primary_pk; PKT_public_key *primary_pk;
TRUSTREC krec, urec, prec, helprec; TRUSTREC krec, urec, prec, helprec;
int i, rc = 0; int i, rc = 0;
u32 keyid[2]; /* keyid of primary key */ u32 keyid[2]; /* keyid of primary key */
/* int mod_up = 0; int mod_up = 0;
int mod_down = 0; */ int mod_down = 0;
ulong recno, r2; ulong recno, r2;
u32 expire; u32 expire;
@ -1424,7 +1484,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
if( rc ) if( rc )
return rc; return rc;
/* delete the old stuff */ /* delete the old stuff FIXME: implementend sigs_only */
for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) { for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) {
read_record( recno, &krec, RECTYPE_KEY ); read_record( recno, &krec, RECTYPE_KEY );
delete_record( recno ); delete_record( recno );
@ -1447,22 +1507,13 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
/* insert new stuff */ /* insert new stuff */
drec->r.dir.dirflags &= ~DIRF_REVOKED; drec->r.dir.dirflags &= ~DIRF_REVOKED;
drec->r.dir.dirflags &= ~DIRF_NEWKEYS;
drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i ); drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i );
if( i ) /* primary key has been revoked */ if( i ) /* primary key has been revoked */
drec->r.dir.dirflags &= DIRF_REVOKED; drec->r.dir.dirflags |= DIRF_REVOKED;
expire = 0; expire = 0;
drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid, drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid,
&expire ); &expire, &mod_down, &mod_up );
#if 0
if( orig_uidflags != urec.r.uid.uidflags ) {
write_record( &urec );
if( !( urec.r.uid.uidflags & UIDF_VALID )
|| ( urec.r.uid.uidflags & UIDF_REVOKED ) )
*mod_down=1;
else
*mod_up=1; /*(maybe a new user id)*/
#endif
if( rc ) if( rc )
rc = tdbio_cancel_transaction(); rc = tdbio_cancel_transaction();
else { else {
@ -1472,7 +1523,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
drec->r.dir.valcheck = 0; drec->r.dir.valcheck = 0;
drec->r.dir.checkat = expire; drec->r.dir.checkat = expire;
write_record( drec ); write_record( drec );
/*tdbio_write_modify_stamp( mod_up, mod_down );*/ tdbio_write_modify_stamp( mod_up, mod_down );
rc = tdbio_end_transaction(); rc = tdbio_end_transaction();
} }
return rc; return rc;
@ -1537,16 +1588,28 @@ insert_trust_record( KBNODE keyblock )
} }
} }
/* mark tdb as modified upwards */ /* mark tdb as modified upwards */
tdbio_write_modify_stamp( 1, 0 ); tdbio_write_modify_stamp( 1, 0 );
/* and put all the other stuff into the keydb */ /* and put all the other stuff into the keydb */
rc = do_update_trust_record( keyblock, &dirrec, 1, NULL ); rc = do_update_trust_record( keyblock, &dirrec, 0, NULL );
do_sync(); do_sync();
/* keep track of new keys */
if( !fresh_imported_keys )
fresh_imported_keys = new_lid_table();
ins_lid_table_item( fresh_imported_keys, pk->local_id, 0 );
if( ++fresh_imported_keys_count > FRESH_KEY_CHECK_THRESHOLD )
mark_fresh_keys();
return rc; return rc;
} }
/**************** /****************
* Insert a trust record indentified by a PK into the TrustDB * Insert a trust record indentified by a PK into the TrustDB
*/ */
@ -1584,7 +1647,7 @@ insert_trust_record_by_pk( PKT_public_key *pk )
* Currently we only do an update_trust_record. * Currently we only do an update_trust_record.
*/ */
static int static int
check_trust_record( TRUSTREC *drec ) check_trust_record( TRUSTREC *drec, int sigs_only )
{ {
KBNODE keyblock; KBNODE keyblock;
int modified, rc; int modified, rc;
@ -1596,7 +1659,7 @@ check_trust_record( TRUSTREC *drec )
return rc; return rc;
} }
rc = do_update_trust_record( keyblock, drec, 0, &modified ); rc = do_update_trust_record( keyblock, drec, sigs_only, &modified );
release_kbnode( keyblock ); release_kbnode( keyblock );
return rc; return rc;
@ -1673,7 +1736,7 @@ update_trustdb()
/**************** /****************
* Do all required check in the trustdb. This function walks over all * Do all required checks in the trustdb. This function walks over all
* records in the trustdb and does scheduled processing. * records in the trustdb and does scheduled processing.
*/ */
void void
@ -1681,7 +1744,7 @@ check_trustdb( const char *username )
{ {
TRUSTREC rec; TRUSTREC rec;
ulong recnum; ulong recnum;
ulong count=0, upd_count=0, err_count=0, skip_count=0; ulong count=0, upd_count=0, err_count=0, skip_count=0, sigonly_count=0;
ulong current_time = make_timestamp(); ulong current_time = make_timestamp();
if( username ) if( username )
@ -1690,15 +1753,25 @@ check_trustdb( const char *username )
init_trustdb(); init_trustdb();
for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) { for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
int sigs_only;
if( rec.rectype != RECTYPE_DIR ) if( rec.rectype != RECTYPE_DIR )
continue; /* we only want the dir records */ continue; /* we only want the dir records */
if( count && !(count % 100) && !opt.quiet ) if( count && !(count % 100) && !opt.quiet )
log_info(_("%lu keys so far processed\n"), count); log_info(_("%lu keys so far processed\n"), count);
count++; count++;
if( !rec.r.dir.checkat || rec.r.dir.checkat > current_time ) { sigs_only = 0;
skip_count++;
continue; /* not scheduled for checking */ if( !(rec.r.dir.dirflags & DIRF_CHECKED) )
;
else if( !rec.r.dir.checkat || rec.r.dir.checkat > current_time ) {
if( !(rec.r.dir.dirflags & DIRF_NEWKEYS) ) {
skip_count++;
continue; /* not scheduled for checking */
}
sigs_only = 1; /* new public keys - check them */
sigonly_count++;
} }
if( !rec.r.dir.keylist ) { if( !rec.r.dir.keylist ) {
@ -1707,11 +1780,12 @@ check_trustdb( const char *username )
continue; continue;
} }
check_trust_record( &rec ); check_trust_record( &rec, sigs_only );
} }
log_info(_("%lu keys processed\n"), count); log_info(_("%lu keys processed\n"), count);
if( sigonly_count )
log_info(_("\t%lu due to new pubkeys\n"), sigonly_count);
if( skip_count ) if( skip_count )
log_info(_("\t%lu keys skipped\n"), skip_count); log_info(_("\t%lu keys skipped\n"), skip_count);
if( err_count ) if( err_count )
@ -1772,7 +1846,9 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
} }
if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() ) if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() )
check_trust_record( &dirrec ); check_trust_record( &dirrec, 0 );
else if( (dirrec.r.dir.dirflags & DIRF_NEWKEYS) )
check_trust_record( &dirrec, 1 );
keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK; keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK;
@ -2074,6 +2150,7 @@ do_check( TRUSTREC *dr, unsigned *validity,
} }
else if( !add_fnc else if( !add_fnc
&& tdbio_db_matches_options() && tdbio_db_matches_options()
/* FIXME, TODO: This comparision is WRONG ! */
&& dr->r.dir.valcheck && dr->r.dir.valcheck
> tdbio_read_modify_stamp( (dr->r.dir.validity < TRUST_FULLY) ) > tdbio_read_modify_stamp( (dr->r.dir.validity < TRUST_FULLY) )
&& dr->r.dir.validity ) && dr->r.dir.validity )
@ -2241,8 +2318,13 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel,
(ulong)keyid[1], pk->local_id ); (ulong)keyid[1], pk->local_id );
return G10ERR_TIME_CONFLICT; return G10ERR_TIME_CONFLICT;
} }
if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time )
check_trust_record( &rec ); if( !(rec.r.dir.dirflags & DIRF_CHECKED) )
check_trust_record( &rec, 0 );
else if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time )
check_trust_record( &rec, 0 );
else if( (rec.r.dir.dirflags & DIRF_NEWKEYS) )
check_trust_record( &rec, 1 );
if( pk->expiredate && pk->expiredate <= cur_time ) { if( pk->expiredate && pk->expiredate <= cur_time ) {
log_info(_("key %08lX.%lu: expired at %s\n"), log_info(_("key %08lX.%lu: expired at %s\n"),
@ -2298,6 +2380,51 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel,
} }
/****************
* scan the whole trustdb and mark all signature records whose keys
* are freshly imported.
*/
static void
mark_fresh_keys()
{
TRUSTREC dirrec, rec;
ulong recnum, lid;
int i;
memset( &dirrec, 0, sizeof dirrec );
for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
if( rec.rectype != RECTYPE_SIG )
continue;
/* if we have already have the dir record, we can check it now */
if( dirrec.recnum == rec.r.sig.lid
&& (dirrec.r.dir.dirflags & DIRF_NEWKEYS) )
continue; /* flag is already set */
for(i=0; i < SIGS_PER_RECORD; i++ ) {
if( !(lid=rec.r.sig.sig[i].lid) )
continue; /* skip deleted sigs */
if( !(rec.r.sig.sig[i].flag & SIGF_CHECKED) )
continue; /* skip checked signatures */
if( qry_lid_table_flag( fresh_imported_keys, lid, NULL ) )
continue; /* not in the list of new keys */
read_record( rec.r.sig.lid, &dirrec, RECTYPE_DIR );
if( !(dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) {
dirrec.r.dir.dirflags |= DIRF_NEWKEYS;
write_record( &dirrec );
}
break;
}
}
do_sync();
clear_lid_table( fresh_imported_keys );
fresh_imported_keys_count = 0;
}
int int
query_trust_info( PKT_public_key *pk, const byte *namehash ) query_trust_info( PKT_public_key *pk, const byte *namehash )
{ {

1
g10/trustdb.h
View File

@ -49,6 +49,7 @@ void check_trustdb( const char *username );
void update_trustdb( void ); void update_trustdb( void );
int setup_trustdb( int level, const char *dbname ); int setup_trustdb( int level, const char *dbname );
void init_trustdb( void ); void init_trustdb( void );
void sync_trustdb( void );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel, int check_trust( PKT_public_key *pk, unsigned *r_trustlevel,
const byte* nh, int (*add_fnc)(ulong), unsigned *retflgs ); const byte* nh, int (*add_fnc)(ulong), unsigned *retflgs );
int query_trust_info( PKT_public_key *pk, const byte *nh ); int query_trust_info( PKT_public_key *pk, const byte *nh );

4
include/ChangeLog
View File

@ -1,3 +1,7 @@
Mon Oct 4 21:23:04 CEST 1999 Werner Koch <wk@gnupg.de>
* errors.h (G10ERR_NOT_PROCESSED): New.
Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

1
include/errors.h
View File

@ -71,6 +71,7 @@
#define G10ERR_UNKNOWN_HOST 49 #define G10ERR_UNKNOWN_HOST 49
#define G10ERR_SELFTEST_FAILED 50 #define G10ERR_SELFTEST_FAILED 50
#define G10ERR_NOT_ENCRYPTED 51 #define G10ERR_NOT_ENCRYPTED 51
#define G10ERR_NOT_PROCESSED 52
#ifndef HAVE_STRERROR #ifndef HAVE_STRERROR
char *strerror( int n ); char *strerror( int n );

4
po/ChangeLog
View File

@ -1,3 +1,7 @@
Mon Oct 4 21:23:04 CEST 1999 Werner Koch <wk@gnupg.de>
* pl.po: New version by Alex.
Thu Sep 23 06:26:28 1999 Werner Koch (wk@gnupg.org) Thu Sep 23 06:26:28 1999 Werner Koch (wk@gnupg.org)
* fr.po: Updated by Gaël. * fr.po: Updated by Gaël.

495
po/pl.po
View File

File diff suppressed because it is too large Load Diff

1
util/errors.c
View File

@ -100,6 +100,7 @@ g10_errstr( int err )
X(NETWORK ,N_("network error")) X(NETWORK ,N_("network error"))
X(SELFTEST_FAILED,"selftest failed") X(SELFTEST_FAILED,"selftest failed")
X(NOT_ENCRYPTED ,N_("not encrypted")) X(NOT_ENCRYPTED ,N_("not encrypted"))
X(NOT_PROCESSED ,N_("not processed"))
default: p = buf; sprintf(buf, "g10err=%d", err); break; default: p = buf; sprintf(buf, "g10err=%d", err); break;
} }
#undef X #undef X