security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-07 17:33:02 +01:00
Code Activity

* sig-check.c (check_revocation_keys): Comments.

Browse Source 
* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.

* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs.  It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.

* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.

* compress-bz2.c: Include stdio.h.  Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.
This commit is contained in:
David Shaw 2003-12-29 03:40:21 +00:00
parent f77e485241
commit 727171a6c1
6 changed files with 59 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
g10/ChangeLog
View File

@ -1,3 +1,22 @@
2003-12-28 David Shaw <dshaw@jabberwocky.com>
* sig-check.c (check_revocation_keys): Comments.
* getkey.c (merge_selfsigs_main): Don't bother to check designated
revoker sigs if the key is already revoked.
* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked"
flag on PKs. It is set when there is a revocation signature from
a valid revocation key, but the revocation key is not present to
verify the signature.
* pkclist.c (check_signatures_trust): Use it here to give a
warning when showing key trust.
* compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2
library and we can at least guarantee that it won't fail because
of the lack of stdio.h.
2003-12-23 Werner Koch <wk@gnupg.org> 2003-12-23 Werner Koch <wk@gnupg.org>
* tdbio.c: Fixed format string bugs related to the sue of * tdbio.c: Fixed format string bugs related to the sue of

1
g10/compress-bz2.c
View File

@ -20,6 +20,7 @@
#include <config.h> #include <config.h>
#include <string.h> #include <string.h>
#include <stdio.h> /* Early versions of bzlib (1.0) require stdio.h */
#include <bzlib.h> #include <bzlib.h>
#include "util.h" #include "util.h"

28
g10/getkey.c
View File

@ -1506,9 +1506,9 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
/* pass 1.5: look for key revocation signatures that were not made /* pass 1.5: look for key revocation signatures that were not made
by the key (i.e. did a revocation key issue a revocation for by the key (i.e. did a revocation key issue a revocation for
us?). Only bother to do this if there is a revocation key in us?). Only bother to do this if there is a revocation key in
the first place. */ the first place and we're not revoked already. */
if(pk->revkey) if(!*r_revoked && pk->revkey)
for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next )
{ {
if ( k->pkt->pkttype == PKT_SIGNATURE ) if ( k->pkt->pkttype == PKT_SIGNATURE )
@ -1518,15 +1518,25 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
if(IS_KEY_REV(sig) && if(IS_KEY_REV(sig) &&
(sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1])) (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
{ {
/* Failure here means the sig did not verify, is was int rc=check_revocation_keys(pk,sig);
if(rc==0)
{
*r_revoked=1;
/* don't continue checking since we can't be any
more revoked than this */
break;
}
else if(rc==G10ERR_NO_PUBKEY)
pk->maybe_revoked=1;
/* A failure here means the sig did not verify, was
not issued by a revocation key, or a revocation not issued by a revocation key, or a revocation
key loop was broken. */ key loop was broken. If a revocation key isn't
findable, however, the key might be revoked and
we don't know it. */
if(check_revocation_keys(pk,sig)==0) /* TODO: In the future handle subkey and cert
*r_revoked=1; revocations? PGP doesn't, but it's in 2440. */
/* In the future handle subkey and cert revocations?
PGP doesn't, but it's in 2440. */
} }
} }
} }

5
g10/packet.h
View File

@ -1,5 +1,6 @@
/* packet.h - packet definitions /* packet.h - packet definitions
* Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2002,
* 2003 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -199,6 +200,8 @@ typedef struct {
byte req_algo; /* Ditto */ byte req_algo; /* Ditto */
u32 has_expired; /* set to the expiration date if expired */ u32 has_expired; /* set to the expiration date if expired */
int is_revoked; /* key has been revoked */ int is_revoked; /* key has been revoked */
int maybe_revoked; /* a designated revocation is present, but
without the key to check it */
int is_valid; /* key (especially subkey) is valid */ int is_valid; /* key (especially subkey) is valid */
int dont_cache; /* do not cache this */ int dont_cache; /* do not cache this */
ulong local_id; /* internal use, valid if > 0 */ ulong local_id; /* internal use, valid if > 0 */

6
g10/pkclist.c
View File

@ -588,7 +588,7 @@ check_signatures_trust( PKT_signature *sig )
goto leave; goto leave;
} }
if ( opt.always_trust) if ( opt.always_trust )
{ {
if( !opt.quiet ) if( !opt.quiet )
log_info(_("WARNING: Using untrusted key!\n")); log_info(_("WARNING: Using untrusted key!\n"));
@ -597,6 +597,10 @@ check_signatures_trust( PKT_signature *sig )
goto leave; goto leave;
} }
if(pk->maybe_revoked && !pk->is_revoked)
log_info(_("WARNING: this key might be revoked (revocation key"
" not present)\n"));
trustlevel = get_validity (pk, NULL); trustlevel = get_validity (pk, NULL);
if ( (trustlevel & TRUST_FLAG_REVOKED) ) if ( (trustlevel & TRUST_FLAG_REVOKED) )

20
g10/sig-check.c
View File

@ -1,6 +1,6 @@
/* sig-check.c - Check a signature /* sig-check.c - Check a signature
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 * Copyright (C) 1998, 1999, 2000, 2001, 2002,
* Free Software Foundation, Inc. * 200 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -406,20 +406,22 @@ cache_sig_result ( PKT_signature *sig, int result )
} }
} }
/* Check the revocation keys to see if any of them have revoked our /* Check the revocation keys to see if any of them have revoked our
pk. sig is the revocation sig. pk is the key it is on. This code pk. sig is the revocation sig. pk is the key it is on. This code
will need to be modified if gpg ever becomes multi-threaded. Note will need to be modified if gpg ever becomes multi-threaded. Note
that this guarantees that a designated revocation sig will never be that this guarantees that a designated revocation sig will never be
considered valid unless it is actually valid, as well as being considered valid unless it is actually valid, as well as being
issued by a revocation key in a valid direct signature. Note that issued by a revocation key in a valid direct signature. Note also
this is written so that a revoked revoker can still issue that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revocations: i.e. If A revokes B, but A is revoked, B is still
revoked. I'm not completely convinced this is the proper behavior, revoked. I'm not completely convinced this is the proper behavior,
but it matches how PGP does it. -dms */ but it matches how PGP does it. -dms */
/* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not /* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not
revoked */ revoked. It is important that G10ERR_NO_PUBKEY is only returned
when a revocation signature is from a valid revocation key
designated in a revkey subpacket, but the revocation key itself
isn't present. */
int int
check_revocation_keys(PKT_public_key *pk,PKT_signature *sig) check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
{ {
@ -431,9 +433,9 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
if(busy) if(busy)
{ {
/* return -1 (i.e. not revoked), but mark the pk as uncacheable /* return an error (i.e. not revoked), but mark the pk as
as we don't really know its revocation status until it is uncacheable as we don't really know its revocation status
checked directly. */ until it is checked directly. */
pk->dont_cache=1; pk->dont_cache=1;
return rc; return rc;