1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-25 15:27:03 +01:00

* keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit

display match the validity and trust of --with-colons --list-keys.

* passphrase.c (agent_send_all_options): Fix compile warning.

* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.

* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid.  This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
This commit is contained in:
David Shaw 2002-11-13 13:23:03 +00:00
parent 3817bf604e
commit 365011c8f1
5 changed files with 90 additions and 41 deletions

View File

@ -1,3 +1,20 @@
2002-11-13 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (show_key_with_all_names_colon): Make --with-colons
--edit display match the validity and trust of --with-colons
--list-keys.
* passphrase.c (agent_send_all_options): Fix compile warning.
* keylist.c (list_keyblock_colon): Validity for subkeys should
match that of the primary key, and not that of the last user ID.
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys
carry these facts onto all their subkeys, but only after the
subkey has a chance to be marked valid. This is to fix an
incorrect "invalid public key" error verifying a signature made by
a revoked signing subkey, with a valid unrevoked primary key.
2002-11-09 Werner Koch <wk@gnupg.org> 2002-11-09 Werner Koch <wk@gnupg.org>
* passphrase.c (agent_send_all_options): Use tty_get_ttyname to * passphrase.c (agent_send_all_options): Use tty_get_ttyname to

View File

@ -1787,21 +1787,6 @@ merge_selfsigs( KBNODE keyblock )
} }
merge_selfsigs_main ( keyblock, &revoked ); merge_selfsigs_main ( keyblock, &revoked );
main_pk = keyblock->pkt->pkt.public_key;
if ( revoked ) {
/* if the primary key has been revoked we better set the revoke
* flag on that key and all subkeys */
for(k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
PKT_public_key *pk = k->pkt->pkt.public_key;
pk->is_revoked = 1;
pk->main_keyid[0] = main_pk->main_keyid[0];
pk->main_keyid[1] = main_pk->main_keyid[1];
}
}
return;
}
/* now merge in the data from each of the subkeys */ /* now merge in the data from each of the subkeys */
for(k=keyblock; k; k = k->next ) { for(k=keyblock; k; k = k->next ) {
@ -1810,12 +1795,25 @@ merge_selfsigs( KBNODE keyblock )
} }
} }
/* If the main key is not valid, then the subkeys aren't either, main_pk = keyblock->pkt->pkt.public_key;
even if they have binding sigs. */ if ( revoked || main_pk->has_expired || !main_pk->is_valid ) {
/* if the primary key is revoked, expired, or invalid we
* better set the appropriate flags on that key and all
* subkeys */
for(k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
PKT_public_key *pk = k->pkt->pkt.public_key;
if(!main_pk->is_valid) if(!main_pk->is_valid)
for(k=keyblock; k; k=k->next) pk->is_valid = 0;
if(k->pkt->pkttype==PKT_PUBLIC_SUBKEY) if(revoked)
k->pkt->pkt.public_key->is_valid=0; pk->is_revoked = 1;
if(main_pk->has_expired)
pk->has_expired = main_pk->has_expired;
}
}
return;
}
/* set the preference list of all keys to those of the primary real /* set the preference list of all keys to those of the primary real
* user ID. Note: we use these preferences when we don't know by * user ID. Note: we use these preferences when we don't know by

View File

@ -1698,8 +1698,9 @@ static void
show_key_with_all_names_colon (KBNODE keyblock) show_key_with_all_names_colon (KBNODE keyblock)
{ {
KBNODE node; KBNODE node;
int i, j; int i, j, ulti_hack=0;
byte pk_version=0; byte pk_version=0;
PKT_public_key *primary=NULL;
/* the keys */ /* the keys */
for ( node = keyblock; node; node = node->next ) for ( node = keyblock; node; node = node->next )
@ -1708,14 +1709,12 @@ show_key_with_all_names_colon (KBNODE keyblock)
|| (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) ) || (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) )
{ {
PKT_public_key *pk = node->pkt->pkt.public_key; PKT_public_key *pk = node->pkt->pkt.public_key;
int otrust=0, trust=0;
u32 keyid[2]; u32 keyid[2];
if (node->pkt->pkttype == PKT_PUBLIC_KEY) if (node->pkt->pkttype == PKT_PUBLIC_KEY)
{ {
trust = get_validity_info (pk, NULL);
otrust = get_ownertrust_info (pk);
pk_version = pk->version; pk_version = pk->version;
primary=pk;
} }
keyid_from_pk (pk, keyid); keyid_from_pk (pk, keyid);
@ -1727,8 +1726,14 @@ show_key_with_all_names_colon (KBNODE keyblock)
putchar ('r'); putchar ('r');
else if (pk->has_expired) else if (pk->has_expired)
putchar ('e'); putchar ('e');
else else if (!(opt.fast_list_mode || opt.no_expensive_trust_checks ))
{
int trust = get_validity_info (pk, NULL);
if(trust=='u')
ulti_hack=1;
putchar (trust); putchar (trust);
}
printf (":%u:%d:%08lX%08lX:%lu:%lu:", printf (":%u:%d:%08lX%08lX:%lu:%lu:",
nbits_from_pk (pk), nbits_from_pk (pk),
pk->pubkey_algo, pk->pubkey_algo,
@ -1738,7 +1743,9 @@ show_key_with_all_names_colon (KBNODE keyblock)
if (pk->local_id) if (pk->local_id)
printf ("%lu", pk->local_id); printf ("%lu", pk->local_id);
putchar (':'); putchar (':');
putchar (otrust); if (node->pkt->pkttype==PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks ))
putchar(get_ownertrust_info (pk));
putchar(':'); putchar(':');
putchar('\n'); putchar('\n');
@ -1771,19 +1778,44 @@ show_key_with_all_names_colon (KBNODE keyblock)
if ( node->pkt->pkttype == PKT_USER_ID ) if ( node->pkt->pkttype == PKT_USER_ID )
{ {
PKT_user_id *uid = node->pkt->pkt.user_id; PKT_user_id *uid = node->pkt->pkt.user_id;
int trustletter = '?';
++i; ++i;
if(uid->attrib_data) if(uid->attrib_data)
{ printf("uat:");
printf ("uat:%c::::::::%u %lu", trustletter, else
uid->numattribs,uid->attrib_len); printf("uid:");
}
if ( uid->is_revoked )
printf("r::::::::");
else if ( uid->is_expired )
printf("e::::::::");
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
printf("::::::::");
else else
{ {
printf ("uid:%c::::::::", trustletter); byte namehash[20];
print_string (stdout, uid->name, uid->len, ':'); int uid_validity;
if( primary && !ulti_hack )
{
if( uid->attrib_data )
rmd160_hash_buffer(namehash,
uid->attrib_data, uid->attrib_len);
else
rmd160_hash_buffer( namehash, uid->name, uid->len );
uid_validity = get_validity_info( primary, namehash );
} }
else
uid_validity = 'u';
printf("%c::::::::",uid_validity);
}
if(uid->attrib_data)
printf ("%u %lu",uid->numattribs,uid->attrib_len);
else
print_string (stdout, uid->name, uid->len, ':');
putchar (':'); putchar (':');
/* signature class */ /* signature class */
putchar (':'); putchar (':');

View File

@ -694,7 +694,6 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
sk = NULL; sk = NULL;
keyid_from_pk( pk, keyid ); keyid_from_pk( pk, keyid );
fputs( "pub:", stdout ); fputs( "pub:", stdout );
trustletter = 0;
if ( !pk->is_valid ) if ( !pk->is_valid )
putchar ('i'); putchar ('i');
else if ( pk->is_revoked ) else if ( pk->is_revoked )
@ -755,6 +754,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
} }
else { else {
byte namehash[20]; byte namehash[20];
int uid_validity;
if( pk && !ulti_hack ) { if( pk && !ulti_hack ) {
if( node->pkt->pkt.user_id->attrib_data ) if( node->pkt->pkt.user_id->attrib_data )
@ -765,11 +765,11 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
rmd160_hash_buffer( namehash, rmd160_hash_buffer( namehash,
node->pkt->pkt.user_id->name, node->pkt->pkt.user_id->name,
node->pkt->pkt.user_id->len ); node->pkt->pkt.user_id->len );
trustletter = get_validity_info( pk, namehash ); uid_validity = get_validity_info( pk, namehash );
} }
else else
trustletter = 'u'; uid_validity = 'u';
printf("%s:%c::::::::",str,trustletter); printf("%s:%c::::::::",str,uid_validity);
} }
} }
if(node->pkt->pkt.user_id->attrib_data) if(node->pkt->pkt.user_id->attrib_data)
@ -818,6 +818,8 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
else if ( opt.fast_list_mode || opt.no_expensive_trust_checks ) else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
; ;
else { else {
/* trustletter should always be defined here */
if(trustletter)
printf("%c", trustletter ); printf("%c", trustletter );
} }
printf(":%u:%d:%08lX%08lX:%s:%s:", printf(":%u:%d:%08lX%08lX:%s:%s:",

View File

@ -346,7 +346,7 @@ static int
agent_send_all_options (int fd) agent_send_all_options (int fd)
{ {
char *dft_display = NULL; char *dft_display = NULL;
char *dft_ttyname = NULL; const char *dft_ttyname = NULL;
char *dft_ttytype = NULL; char *dft_ttytype = NULL;
char *old_lc = NULL; char *old_lc = NULL;
char *dft_lc = NULL; char *dft_lc = NULL;