mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-25 15:27:03 +01:00
* keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
display match the validity and trust of --with-colons --list-keys. * passphrase.c (agent_send_all_options): Fix compile warning. * keylist.c (list_keyblock_colon): Validity for subkeys should match that of the primary key, and not that of the last user ID. * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry these facts onto all their subkeys, but only after the subkey has a chance to be marked valid. This is to fix an incorrect "invalid public key" error verifying a signature made by a revoked signing subkey, with a valid unrevoked primary key.
This commit is contained in:
parent
3817bf604e
commit
365011c8f1
@ -1,3 +1,20 @@
|
|||||||
|
2002-11-13 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* keyedit.c (show_key_with_all_names_colon): Make --with-colons
|
||||||
|
--edit display match the validity and trust of --with-colons
|
||||||
|
--list-keys.
|
||||||
|
|
||||||
|
* passphrase.c (agent_send_all_options): Fix compile warning.
|
||||||
|
|
||||||
|
* keylist.c (list_keyblock_colon): Validity for subkeys should
|
||||||
|
match that of the primary key, and not that of the last user ID.
|
||||||
|
|
||||||
|
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys
|
||||||
|
carry these facts onto all their subkeys, but only after the
|
||||||
|
subkey has a chance to be marked valid. This is to fix an
|
||||||
|
incorrect "invalid public key" error verifying a signature made by
|
||||||
|
a revoked signing subkey, with a valid unrevoked primary key.
|
||||||
|
|
||||||
2002-11-09 Werner Koch <wk@gnupg.org>
|
2002-11-09 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* passphrase.c (agent_send_all_options): Use tty_get_ttyname to
|
* passphrase.c (agent_send_all_options): Use tty_get_ttyname to
|
||||||
|
38
g10/getkey.c
38
g10/getkey.c
@ -1787,21 +1787,6 @@ merge_selfsigs( KBNODE keyblock )
|
|||||||
}
|
}
|
||||||
|
|
||||||
merge_selfsigs_main ( keyblock, &revoked );
|
merge_selfsigs_main ( keyblock, &revoked );
|
||||||
main_pk = keyblock->pkt->pkt.public_key;
|
|
||||||
if ( revoked ) {
|
|
||||||
/* if the primary key has been revoked we better set the revoke
|
|
||||||
* flag on that key and all subkeys */
|
|
||||||
for(k=keyblock; k; k = k->next ) {
|
|
||||||
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|
|
||||||
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
|
|
||||||
PKT_public_key *pk = k->pkt->pkt.public_key;
|
|
||||||
pk->is_revoked = 1;
|
|
||||||
pk->main_keyid[0] = main_pk->main_keyid[0];
|
|
||||||
pk->main_keyid[1] = main_pk->main_keyid[1];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* now merge in the data from each of the subkeys */
|
/* now merge in the data from each of the subkeys */
|
||||||
for(k=keyblock; k; k = k->next ) {
|
for(k=keyblock; k; k = k->next ) {
|
||||||
@ -1810,12 +1795,25 @@ merge_selfsigs( KBNODE keyblock )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* If the main key is not valid, then the subkeys aren't either,
|
main_pk = keyblock->pkt->pkt.public_key;
|
||||||
even if they have binding sigs. */
|
if ( revoked || main_pk->has_expired || !main_pk->is_valid ) {
|
||||||
|
/* if the primary key is revoked, expired, or invalid we
|
||||||
|
* better set the appropriate flags on that key and all
|
||||||
|
* subkeys */
|
||||||
|
for(k=keyblock; k; k = k->next ) {
|
||||||
|
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|
||||||
|
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
|
||||||
|
PKT_public_key *pk = k->pkt->pkt.public_key;
|
||||||
if(!main_pk->is_valid)
|
if(!main_pk->is_valid)
|
||||||
for(k=keyblock; k; k=k->next)
|
pk->is_valid = 0;
|
||||||
if(k->pkt->pkttype==PKT_PUBLIC_SUBKEY)
|
if(revoked)
|
||||||
k->pkt->pkt.public_key->is_valid=0;
|
pk->is_revoked = 1;
|
||||||
|
if(main_pk->has_expired)
|
||||||
|
pk->has_expired = main_pk->has_expired;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
/* set the preference list of all keys to those of the primary real
|
/* set the preference list of all keys to those of the primary real
|
||||||
* user ID. Note: we use these preferences when we don't know by
|
* user ID. Note: we use these preferences when we don't know by
|
||||||
|
@ -1698,8 +1698,9 @@ static void
|
|||||||
show_key_with_all_names_colon (KBNODE keyblock)
|
show_key_with_all_names_colon (KBNODE keyblock)
|
||||||
{
|
{
|
||||||
KBNODE node;
|
KBNODE node;
|
||||||
int i, j;
|
int i, j, ulti_hack=0;
|
||||||
byte pk_version=0;
|
byte pk_version=0;
|
||||||
|
PKT_public_key *primary=NULL;
|
||||||
|
|
||||||
/* the keys */
|
/* the keys */
|
||||||
for ( node = keyblock; node; node = node->next )
|
for ( node = keyblock; node; node = node->next )
|
||||||
@ -1708,14 +1709,12 @@ show_key_with_all_names_colon (KBNODE keyblock)
|
|||||||
|| (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
|
|| (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
|
||||||
{
|
{
|
||||||
PKT_public_key *pk = node->pkt->pkt.public_key;
|
PKT_public_key *pk = node->pkt->pkt.public_key;
|
||||||
int otrust=0, trust=0;
|
|
||||||
u32 keyid[2];
|
u32 keyid[2];
|
||||||
|
|
||||||
if (node->pkt->pkttype == PKT_PUBLIC_KEY)
|
if (node->pkt->pkttype == PKT_PUBLIC_KEY)
|
||||||
{
|
{
|
||||||
trust = get_validity_info (pk, NULL);
|
|
||||||
otrust = get_ownertrust_info (pk);
|
|
||||||
pk_version = pk->version;
|
pk_version = pk->version;
|
||||||
|
primary=pk;
|
||||||
}
|
}
|
||||||
|
|
||||||
keyid_from_pk (pk, keyid);
|
keyid_from_pk (pk, keyid);
|
||||||
@ -1727,8 +1726,14 @@ show_key_with_all_names_colon (KBNODE keyblock)
|
|||||||
putchar ('r');
|
putchar ('r');
|
||||||
else if (pk->has_expired)
|
else if (pk->has_expired)
|
||||||
putchar ('e');
|
putchar ('e');
|
||||||
else
|
else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
|
||||||
|
{
|
||||||
|
int trust = get_validity_info (pk, NULL);
|
||||||
|
if(trust=='u')
|
||||||
|
ulti_hack=1;
|
||||||
putchar (trust);
|
putchar (trust);
|
||||||
|
}
|
||||||
|
|
||||||
printf (":%u:%d:%08lX%08lX:%lu:%lu:",
|
printf (":%u:%d:%08lX%08lX:%lu:%lu:",
|
||||||
nbits_from_pk (pk),
|
nbits_from_pk (pk),
|
||||||
pk->pubkey_algo,
|
pk->pubkey_algo,
|
||||||
@ -1738,7 +1743,9 @@ show_key_with_all_names_colon (KBNODE keyblock)
|
|||||||
if (pk->local_id)
|
if (pk->local_id)
|
||||||
printf ("%lu", pk->local_id);
|
printf ("%lu", pk->local_id);
|
||||||
putchar (':');
|
putchar (':');
|
||||||
putchar (otrust);
|
if (node->pkt->pkttype==PKT_PUBLIC_KEY
|
||||||
|
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
|
||||||
|
putchar(get_ownertrust_info (pk));
|
||||||
putchar(':');
|
putchar(':');
|
||||||
putchar('\n');
|
putchar('\n');
|
||||||
|
|
||||||
@ -1771,19 +1778,44 @@ show_key_with_all_names_colon (KBNODE keyblock)
|
|||||||
if ( node->pkt->pkttype == PKT_USER_ID )
|
if ( node->pkt->pkttype == PKT_USER_ID )
|
||||||
{
|
{
|
||||||
PKT_user_id *uid = node->pkt->pkt.user_id;
|
PKT_user_id *uid = node->pkt->pkt.user_id;
|
||||||
int trustletter = '?';
|
|
||||||
|
|
||||||
++i;
|
++i;
|
||||||
|
|
||||||
if(uid->attrib_data)
|
if(uid->attrib_data)
|
||||||
{
|
printf("uat:");
|
||||||
printf ("uat:%c::::::::%u %lu", trustletter,
|
else
|
||||||
uid->numattribs,uid->attrib_len);
|
printf("uid:");
|
||||||
}
|
|
||||||
|
if ( uid->is_revoked )
|
||||||
|
printf("r::::::::");
|
||||||
|
else if ( uid->is_expired )
|
||||||
|
printf("e::::::::");
|
||||||
|
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
|
||||||
|
printf("::::::::");
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
printf ("uid:%c::::::::", trustletter);
|
byte namehash[20];
|
||||||
print_string (stdout, uid->name, uid->len, ':');
|
int uid_validity;
|
||||||
|
|
||||||
|
if( primary && !ulti_hack )
|
||||||
|
{
|
||||||
|
if( uid->attrib_data )
|
||||||
|
rmd160_hash_buffer(namehash,
|
||||||
|
uid->attrib_data, uid->attrib_len);
|
||||||
|
else
|
||||||
|
rmd160_hash_buffer( namehash, uid->name, uid->len );
|
||||||
|
uid_validity = get_validity_info( primary, namehash );
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
uid_validity = 'u';
|
||||||
|
printf("%c::::::::",uid_validity);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(uid->attrib_data)
|
||||||
|
printf ("%u %lu",uid->numattribs,uid->attrib_len);
|
||||||
|
else
|
||||||
|
print_string (stdout, uid->name, uid->len, ':');
|
||||||
|
|
||||||
putchar (':');
|
putchar (':');
|
||||||
/* signature class */
|
/* signature class */
|
||||||
putchar (':');
|
putchar (':');
|
||||||
|
@ -694,7 +694,6 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
|||||||
sk = NULL;
|
sk = NULL;
|
||||||
keyid_from_pk( pk, keyid );
|
keyid_from_pk( pk, keyid );
|
||||||
fputs( "pub:", stdout );
|
fputs( "pub:", stdout );
|
||||||
trustletter = 0;
|
|
||||||
if ( !pk->is_valid )
|
if ( !pk->is_valid )
|
||||||
putchar ('i');
|
putchar ('i');
|
||||||
else if ( pk->is_revoked )
|
else if ( pk->is_revoked )
|
||||||
@ -755,6 +754,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
byte namehash[20];
|
byte namehash[20];
|
||||||
|
int uid_validity;
|
||||||
|
|
||||||
if( pk && !ulti_hack ) {
|
if( pk && !ulti_hack ) {
|
||||||
if( node->pkt->pkt.user_id->attrib_data )
|
if( node->pkt->pkt.user_id->attrib_data )
|
||||||
@ -765,11 +765,11 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
|||||||
rmd160_hash_buffer( namehash,
|
rmd160_hash_buffer( namehash,
|
||||||
node->pkt->pkt.user_id->name,
|
node->pkt->pkt.user_id->name,
|
||||||
node->pkt->pkt.user_id->len );
|
node->pkt->pkt.user_id->len );
|
||||||
trustletter = get_validity_info( pk, namehash );
|
uid_validity = get_validity_info( pk, namehash );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
trustletter = 'u';
|
uid_validity = 'u';
|
||||||
printf("%s:%c::::::::",str,trustletter);
|
printf("%s:%c::::::::",str,uid_validity);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(node->pkt->pkt.user_id->attrib_data)
|
if(node->pkt->pkt.user_id->attrib_data)
|
||||||
@ -818,6 +818,8 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
|
|||||||
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
|
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
|
||||||
;
|
;
|
||||||
else {
|
else {
|
||||||
|
/* trustletter should always be defined here */
|
||||||
|
if(trustletter)
|
||||||
printf("%c", trustletter );
|
printf("%c", trustletter );
|
||||||
}
|
}
|
||||||
printf(":%u:%d:%08lX%08lX:%s:%s:",
|
printf(":%u:%d:%08lX%08lX:%s:%s:",
|
||||||
|
@ -346,7 +346,7 @@ static int
|
|||||||
agent_send_all_options (int fd)
|
agent_send_all_options (int fd)
|
||||||
{
|
{
|
||||||
char *dft_display = NULL;
|
char *dft_display = NULL;
|
||||||
char *dft_ttyname = NULL;
|
const char *dft_ttyname = NULL;
|
||||||
char *dft_ttytype = NULL;
|
char *dft_ttytype = NULL;
|
||||||
char *old_lc = NULL;
|
char *old_lc = NULL;
|
||||||
char *dft_lc = NULL;
|
char *dft_lc = NULL;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user