From 3c0eb7790b736a3df072fdd2519eebc055cef450 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Sun, 30 Nov 2003 00:33:27 +0000 Subject: [PATCH] * trustdb.c (validate_keys): Reset the trustdb before checking if we have any ultimately trusted keys. This ensures that if we lose all our ultimately trusted keys, we don't leave behind the old validity calculations. Noted by Peter Palfrader. * revoke.c (gen_desig_revoke): Specify in the comment when a designated revocation is generated. * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, get_seckey_byname2): Remove Elgamal check since we are removing type 20 keys altogether. --- g10/ChangeLog | 14 ++++++++++++++ g10/getkey.c | 18 +----------------- g10/revoke.c | 2 +- g10/trustdb.c | 8 ++++---- 4 files changed, 20 insertions(+), 22 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index df26e0730..96a087e37 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,17 @@ +2003-11-29 David Shaw + + * trustdb.c (validate_keys): Reset the trustdb before checking if + we have any ultimately trusted keys. This ensures that if we lose + all our ultimately trusted keys, we don't leave behind the old + validity calculations. Noted by Peter Palfrader. + + * revoke.c (gen_desig_revoke): Specify in the comment when a + designated revocation is generated. + + * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, + get_seckey_byname2): Remove Elgamal check since we are removing + type 20 keys altogether. + 2003-11-27 David Shaw * pkclist.c (build_pk_list): Do not allow an empty PK list in diff --git a/g10/getkey.c b/g10/getkey.c index 477ba9e34..72b80ba76 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1055,11 +1055,7 @@ get_seckey_byname2( GETKEY_CTX *retctx, ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST; rc = lookup( &ctx, &kb, 1 ); if (!rc && sk ) - { - sk_from_block ( &ctx, sk, kb ); - if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) - rc=G10ERR_UNU_SECKEY; - } + sk_from_block ( &ctx, sk, kb ); release_kbnode ( kb ); get_seckey_end( &ctx ); } @@ -1681,11 +1677,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } - - /* Type 20 Elgamal keys are not usable. */ - if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) - key_usage=0; - pk->pubkey_usage = key_usage; if ( !key_expire_seen ) { @@ -1902,13 +1893,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } - - /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are - not usable. */ - if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL - || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) - key_usage=0; - subpk->pubkey_usage = key_usage; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); diff --git a/g10/revoke.c b/g10/revoke.c index 51dfea20a..d33e2f4b7 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -294,7 +294,7 @@ gen_desig_revoke( const char *uname ) goto leave; afx.what = 1; - afx.hdrlines = "Comment: A revocation certificate should follow\n"; + afx.hdrlines = "Comment: A designated revocation certificate should follow\n"; iobuf_push_filter( out, armor_filter, &afx ); /* create it */ diff --git a/g10/trustdb.c b/g10/trustdb.c index c9f75b933..95d8c38c5 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1949,6 +1949,10 @@ validate_keys (int interactive) stored = new_key_hash_table (); used = new_key_hash_table (); full_trust = new_key_hash_table (); + + kdb = keydb_new (0); + reset_trust_records (kdb,NULL); + /* Fixme: Instead of always building a UTK list, we could just build it * here when needed */ if (!utk_list) @@ -1957,10 +1961,6 @@ validate_keys (int interactive) goto leave; } - kdb = keydb_new (0); - - reset_trust_records (kdb,NULL); - /* mark all UTKs as used and fully_trusted and set validity to ultimate */ for (k=utk_list; k; k = k->next)