diff --git a/g10/ChangeLog b/g10/ChangeLog index 439333294..3747350d2 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2008-11-18 David Shaw + + * trustdb.c (validate_one_keyblock): Fix the trust signature + calculations so that we lower the trust depth of signatures to fit + within the current chain, rather than discarding any signature + that does not fit within the trust depth. + 2008-10-03 David Shaw * main.h, mainproc.c (check_sig_and_print), diff --git a/g10/trustdb.c b/g10/trustdb.c index 10f82ef97..57684590a 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1,6 +1,6 @@ /* trustdb.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1933,50 +1933,72 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, (uidnode && check_regexp(kr->trust_regexp, uidnode->pkt->pkt.user_id->name)))) { - if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth) - log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n", - uidnode->pkt->pkt.user_id->name,sig->trust_depth, - kr->trust_depth); - /* Are we part of a trust sig chain? We always favor the latest trust sig, rather than the greater or lesser trust sig or value. I could make a decent argument for any of these cases, but this seems to be what PGP does, and I'd like to be compatible. -dms */ - if(opt.trust_model==TM_PGP && sig->trust_depth - && pk->trust_timestamp<=sig->timestamp - && (sig->trust_depth<=kr->trust_depth - || kr->ownertrust==TRUST_ULTIMATE)) + if(opt.trust_model==TM_PGP + && sig->trust_depth + && pk->trust_timestamp<=sig->timestamp) { - /* If we got here, we know that: + byte depth; - this is a trust sig. + /* If the depth on the signature is less than the + chain currently has, then use the signature depth + so we don't increase the depth beyond what the + signer wanted. If the depth on the signature is + more than the chain currently has, then use the + chain depth so we use as much of the signature + depth as the chain will permit. An ultimately + trusted signature can restart the depth to + whatever level it likes. */ - it's a newer trust sig than any previous trust - sig on this key (not uid). + if(sig->trust_depthtrust_depth + || kr->ownertrust==TRUST_ULTIMATE) + depth=sig->trust_depth; + else + depth=kr->trust_depth; - it is legal in that it was either generated by an - ultimate key, or a key that was part of a trust - chain, and the depth does not violate the - original trust sig. + if(depth) + { + if(DBG_TRUST) + log_debug("trust sig on %s, sig depth is %d," + " kr depth is %d\n", + uidnode->pkt->pkt.user_id->name, + sig->trust_depth, + kr->trust_depth); - if there is a regexp attached, it matched - successfully. - */ + /* If we got here, we know that: - if(DBG_TRUST) - log_debug("replacing trust value %d with %d and " - "depth %d with %d\n", - pk->trust_value,sig->trust_value, - pk->trust_depth,sig->trust_depth); + this is a trust sig. - pk->trust_value=sig->trust_value; - pk->trust_depth=sig->trust_depth-1; + it's a newer trust sig than any previous trust + sig on this key (not uid). - /* If the trust sig contains a regexp, record it - on the pk for the next round. */ - if(sig->trust_regexp) - pk->trust_regexp=sig->trust_regexp; + it is legal in that it was either generated by an + ultimate key, or a key that was part of a trust + chain, and the depth does not violate the + original trust sig. + + if there is a regexp attached, it matched + successfully. + */ + + if(DBG_TRUST) + log_debug("replacing trust value %d with %d and " + "depth %d with %d\n", + pk->trust_value,sig->trust_value, + pk->trust_depth,depth); + + pk->trust_value=sig->trust_value; + pk->trust_depth=depth-1; + + /* If the trust sig contains a regexp, record it + on the pk for the next round. */ + if(sig->trust_regexp) + pk->trust_regexp=sig->trust_regexp; + } } if (kr->ownertrust == TRUST_ULTIMATE)