diff --git a/g10/keygen.c b/g10/keygen.c index 5d8cccb63..fee752376 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -5196,9 +5196,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key; - keyid_from_pk (pk, pk->main_keyid); - register_trusted_keyid (pk->main_keyid); - update_ownertrust (ctrl, pk, ((get_ownertrust (ctrl, pk) & ~TRUST_MASK) | TRUST_ULTIMATE )); diff --git a/g10/trust.c b/g10/trust.c index f7763bd0c..9749bd786 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -49,17 +49,6 @@ cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk) } -void -register_trusted_keyid (u32 *keyid) -{ -#ifdef NO_TRUST_MODELS - (void)keyid; -#else - tdb_register_trusted_keyid (keyid); -#endif -} - - void register_trusted_key (const char *string) { @@ -278,7 +267,11 @@ update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust) (void)pk; (void)new_trust; #else + u32 keyid[2]; + tdb_update_ownertrust (ctrl, pk, new_trust, 0); + keyid_from_pk (pk, keyid); + tdb_update_utk (keyid, (new_trust & TRUST_ULTIMATE)); #endif } diff --git a/g10/trustdb.c b/g10/trustdb.c index 3094bdcfc..1b6da96b0 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -192,7 +192,7 @@ release_key_array ( struct key_array *keys ) * before initializing the validation module. * FIXME: Should be replaced by a function to add those keys to the trustdb. */ -void +static void tdb_register_trusted_keyid (u32 *keyid) { struct key_item *k; @@ -217,7 +217,7 @@ tdb_register_trusted_key (const char *string) { if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID) { - register_trusted_keyid (desc.u.kid); + tdb_register_trusted_keyid (desc.u.kid); return; } if (desc.mode == KEYDB_SEARCH_MODE_FPR @@ -225,7 +225,7 @@ tdb_register_trusted_key (const char *string) { kid[0] = buf32_to_u32 (desc.u.fpr+12); kid[1] = buf32_to_u32 (desc.u.fpr+16); - register_trusted_keyid (kid); + tdb_register_trusted_keyid (kid); return; } } @@ -257,6 +257,49 @@ add_utk (u32 *kid) } +/* Add/remove KID to/from the list of ultimately trusted keys. */ +void +tdb_update_utk (u32 *kid, int add) +{ + struct key_item *k, *k_prev; + + k_prev = NULL; + for (k = utk_list; k; k = k->next) + if (k->kid[0] == kid[0] && k->kid[1] == kid[1]) + break; + else + k_prev = k; + + if (add) + { + if (!k) + { + k = new_key_item (); + k->kid[0] = kid[0]; + k->kid[1] = kid[1]; + k->ownertrust = TRUST_ULTIMATE; + k->next = utk_list; + utk_list = k; + if ( opt.verbose > 1 ) + log_info(_("key %s: accepted as trusted key\n"), keystr(kid)); + } + } + else + { + if (k) + { + if (k_prev) + k_prev->next = k->next; + else + utk_list = NULL; + + xfree (k->trust_regexp); + xfree (k); + } + } +} + + /**************** * Verify that all our secret keys are usable and put them into the utk_list. */ diff --git a/g10/trustdb.h b/g10/trustdb.h index 758cfe3eb..595f8b236 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -75,13 +75,13 @@ const char *get_validity_string (ctrl_t ctrl, /*-- trustdb.c --*/ -void tdb_register_trusted_keyid (u32 *keyid); void tdb_register_trusted_key (const char *string); /* Returns whether KID is on the list of ultimately trusted keys. */ int tdb_keyid_is_utk (u32 *kid); /* Return the list of ultimately trusted keys. The caller must not * modify this list nor must it free the list. */ struct key_item *tdb_utks (void); +void tdb_update_utk (u32 *kid, int add); void check_trustdb (ctrl_t ctrl); void update_trustdb (ctrl_t ctrl); int setup_trustdb( int level, const char *dbname );