* trustdb.c (clean_uids_from_key): Don't keep a valid selfsig around

when compacting a uid. There is no reason to make an attacker's job easier - this way they only have a revocation which is useless in bringing the uid back. * keydb.h, kbnode.c (undelete_kbnode): Removed. No longer needed. * import.c (chk_self_sigs): Allow a uid revocation to be enough to allow importing a particular uid (no self sig needed). This allows importing compacted uids.
2025-04-13 22:21:09 +02:00 · 2005-07-09 02:34:04 +00:00 · 2005-07-09 02:34:04 +00:00 · 8238e7698b
commit 8238e7698b
parent ccab129be5
5 changed files with 24 additions and 22 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,16 @@
 2005-07-08  David Shaw  <dshaw@jabberwocky.com>
 	* trustdb.c (clean_uids_from_key): Don't keep a valid selfsig
 	around when compacting a uid.  There is no reason to make an
 	attacker's job easier - this way they only have a revocation which
 	is useless in bringing the uid back.
 	* keydb.h, kbnode.c (undelete_kbnode): Removed.  No longer needed.
 	* import.c (chk_self_sigs): Allow a uid revocation to be enough to
 	allow importing a particular uid (no self sig needed).  This
 	allows importing compacted uids.
 2005-06-20  David Shaw  <dshaw@jabberwocky.com>
 	* keygen.c (save_unprotected_key_to_card): Better fix for gcc4
--- a/g10/import.c
+++ b/g10/import.c
@ -1346,12 +1346,13 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 	sig = n->pkt->pkt.signature;
 	if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
-	  /* This just caches the sigs for later use.  That way we
+	    /* This just caches the sigs for later use.  That way we
-	     import a fully-cached key which speeds things up. */
+	       import a fully-cached key which speeds things up. */
-	  if(!opt.no_sig_cache)
+	    if(!opt.no_sig_cache)
-	    check_key_signature(keyblock,n,NULL);
+	      check_key_signature(keyblock,n,NULL);
-	    if( (sig->sig_class&~3) == 0x10 ) {
+	    if( IS_UID_SIG(sig) || IS_UID_REV(sig) )
 	      {
 		KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
 		if( !unode )
 		  {
@ -1381,7 +1382,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
 		  else
 		    unode->flag |= 1; /* mark that signature checked */
 		}
-	    }
+	      }
 	    else if( sig->sig_class == 0x18 ) {
 	      /* Note that this works based solely on the timestamps
 		 like the rest of gpg.  If the standard gets
--- a/g10/kbnode.c
+++ b/g10/kbnode.c
@ -114,13 +114,6 @@ delete_kbnode( KBNODE node )
    node->private_flag |= 1;
 }
 void
 undelete_kbnode( KBNODE node )
 {
    node->private_flag &= ~1;
 }
 /****************
 * Append NODE to ROOT.  ROOT must exist!
 */
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -293,7 +293,6 @@ KBNODE new_kbnode( PACKET *pkt );
 KBNODE clone_kbnode( KBNODE node );
 void release_kbnode( KBNODE n );
 void delete_kbnode( KBNODE node );
 void undelete_kbnode( KBNODE node );
 void add_kbnode( KBNODE root, KBNODE node );
 void insert_kbnode( KBNODE root, KBNODE node, int pkttype );
 void move_kbnode( KBNODE *root, KBNODE node, KBNODE where );
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -1672,9 +1672,6 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
 	{
 	  PKT_user_id *uid=node->pkt->pkt.user_id;
 	  if(signode && !signode->pkt->pkt.signature->flags.chosen_selfsig)
 	    undelete_kbnode(signode);
 	  sigdate=0;
 	  signode=NULL;
@ -1687,7 +1684,6 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
 	  else
 	    {
 	      delete_until_next=1;
 	      deleted++;
 	      if(noisy)
 		{
@ -1724,13 +1720,13 @@ clean_uids_from_key(KBNODE keyblock,int noisy)
 	    }
 	  if(delete_until_next && !sig->flags.chosen_selfsig)
-	    delete_kbnode(node);
+	    {
 	      delete_kbnode(node);
 	      deleted++;
 	    }
 	}
    }
  if(signode && !signode->pkt->pkt.signature->flags.chosen_selfsig)
    undelete_kbnode(signode);
  return deleted;
 }