gpg: Fix adding the list of ultimate trusted keys.

* g10/keygen.c (do_generate_keypair): Remove call to
register_trusted_keyid for updating user_utk_list.
* g10/trust.c (register_trusted_keyid): Remove.
(update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
function by adding "static" qualifier.
Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
(tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

Backport of master commit of:
	4aeeaa65ad

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2022-01-17 13:58:58 +09:00
parent f16c535eee
commit 4cc724639c
4 changed files with 51 additions and 18 deletions

View File

@ -5196,9 +5196,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key; pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
keyid_from_pk (pk, pk->main_keyid);
register_trusted_keyid (pk->main_keyid);
update_ownertrust (ctrl, pk, update_ownertrust (ctrl, pk,
((get_ownertrust (ctrl, pk) & ~TRUST_MASK) ((get_ownertrust (ctrl, pk) & ~TRUST_MASK)
| TRUST_ULTIMATE )); | TRUST_ULTIMATE ));

View File

@ -49,17 +49,6 @@ cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
} }
void
register_trusted_keyid (u32 *keyid)
{
#ifdef NO_TRUST_MODELS
(void)keyid;
#else
tdb_register_trusted_keyid (keyid);
#endif
}
void void
register_trusted_key (const char *string) register_trusted_key (const char *string)
{ {
@ -278,7 +267,11 @@ update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust)
(void)pk; (void)pk;
(void)new_trust; (void)new_trust;
#else #else
u32 keyid[2];
tdb_update_ownertrust (ctrl, pk, new_trust, 0); tdb_update_ownertrust (ctrl, pk, new_trust, 0);
keyid_from_pk (pk, keyid);
tdb_update_utk (keyid, (new_trust & TRUST_ULTIMATE));
#endif #endif
} }

View File

@ -192,7 +192,7 @@ release_key_array ( struct key_array *keys )
* before initializing the validation module. * before initializing the validation module.
* FIXME: Should be replaced by a function to add those keys to the trustdb. * FIXME: Should be replaced by a function to add those keys to the trustdb.
*/ */
void static void
tdb_register_trusted_keyid (u32 *keyid) tdb_register_trusted_keyid (u32 *keyid)
{ {
struct key_item *k; struct key_item *k;
@ -217,7 +217,7 @@ tdb_register_trusted_key (const char *string)
{ {
if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID) if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID)
{ {
register_trusted_keyid (desc.u.kid); tdb_register_trusted_keyid (desc.u.kid);
return; return;
} }
if (desc.mode == KEYDB_SEARCH_MODE_FPR if (desc.mode == KEYDB_SEARCH_MODE_FPR
@ -225,7 +225,7 @@ tdb_register_trusted_key (const char *string)
{ {
kid[0] = buf32_to_u32 (desc.u.fpr+12); kid[0] = buf32_to_u32 (desc.u.fpr+12);
kid[1] = buf32_to_u32 (desc.u.fpr+16); kid[1] = buf32_to_u32 (desc.u.fpr+16);
register_trusted_keyid (kid); tdb_register_trusted_keyid (kid);
return; return;
} }
} }
@ -257,6 +257,49 @@ add_utk (u32 *kid)
} }
/* Add/remove KID to/from the list of ultimately trusted keys. */
void
tdb_update_utk (u32 *kid, int add)
{
struct key_item *k, *k_prev;
k_prev = NULL;
for (k = utk_list; k; k = k->next)
if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
break;
else
k_prev = k;
if (add)
{
if (!k)
{
k = new_key_item ();
k->kid[0] = kid[0];
k->kid[1] = kid[1];
k->ownertrust = TRUST_ULTIMATE;
k->next = utk_list;
utk_list = k;
if ( opt.verbose > 1 )
log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
}
}
else
{
if (k)
{
if (k_prev)
k_prev->next = k->next;
else
utk_list = NULL;
xfree (k->trust_regexp);
xfree (k);
}
}
}
/**************** /****************
* Verify that all our secret keys are usable and put them into the utk_list. * Verify that all our secret keys are usable and put them into the utk_list.
*/ */

View File

@ -75,13 +75,13 @@ const char *get_validity_string (ctrl_t ctrl,
/*-- trustdb.c --*/ /*-- trustdb.c --*/
void tdb_register_trusted_keyid (u32 *keyid);
void tdb_register_trusted_key (const char *string); void tdb_register_trusted_key (const char *string);
/* Returns whether KID is on the list of ultimately trusted keys. */ /* Returns whether KID is on the list of ultimately trusted keys. */
int tdb_keyid_is_utk (u32 *kid); int tdb_keyid_is_utk (u32 *kid);
/* Return the list of ultimately trusted keys. The caller must not /* Return the list of ultimately trusted keys. The caller must not
* modify this list nor must it free the list. */ * modify this list nor must it free the list. */
struct key_item *tdb_utks (void); struct key_item *tdb_utks (void);
void tdb_update_utk (u32 *kid, int add);
void check_trustdb (ctrl_t ctrl); void check_trustdb (ctrl_t ctrl);
void update_trustdb (ctrl_t ctrl); void update_trustdb (ctrl_t ctrl);
int setup_trustdb( int level, const char *dbname ); int setup_trustdb( int level, const char *dbname );