gpg: Remove the use of the signature information from a KBX.

* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS. (keyblock_cache_clear): Adjust for that removal. (parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature cache setting; this is now done in the parser. (keydb_get_keyblock): Do not set SIGSTATUS. (build_keyblock_image): Remove arg SIGSTATUS and simplify. Change caller. * kbx/keybox-blob.c: Explain that the signature information is not anymore used. (_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change callers. * kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS and change callers. * kbx/keybox-update.c (keybox_insert_keyblock): Likewise. -- This thing was too complicated and has been replaced by the new ring trust packet code. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2017-03-30 15:18:45 +02:00 · 2017-03-30 15:18:45 +02:00 · a6142dbdbc
commit a6142dbdbc
parent 7bf24e8146
7 changed files with 25 additions and 145 deletions
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@ -411,8 +411,7 @@ import_openpgp (const char *filename, int dryrun)
            dump_openpgp_key (&info, p);
          else
            {
-              err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed,
-                                                 NULL, 0);
+              err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed, 0);
              if (err)
                {
                  fflush (stdout);
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@ -101,7 +101,9 @@
   - u16  [NSIGS] Number of signatures
   - u16  Size of signature information (4)
   - NSIGS times:
-      - u32  Expiration time of signature with some special values:
+      - u32  Expiration time of signature with some special values.
+             Since version 2.1.20 these special valuesare not anymore
+             used for OpenPGP:
             - 0x00000000 = not checked
             - 0x00000001 = missing key
             - 0x00000002 = bad signature
@ -705,7 +707,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
                             keybox_openpgp_info_t info,
                             const unsigned char *image,
                             size_t imagelen,
-                             u32 *sigstatus,
                             int as_ephemeral)
 {
  gpg_error_t err;
@ -713,11 +714,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,

  *r_blob = NULL;

-  /* If we have a signature status vector, check that the number of
-     elements matches the actual number of signatures.  */
-  if (sigstatus && sigstatus[0] != info->nsigs)
-    return gpg_error (GPG_ERR_INTERNAL);
-
  blob = xtrycalloc (1, sizeof *blob);
  if (!blob)
    return gpg_error_from_syserror ();
@ -756,7 +752,7 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
  if (err)
    goto leave;
  pgp_create_uid_part (blob, info);
-  pgp_create_sig_part (blob, sigstatus);
+  pgp_create_sig_part (blob, NULL);

  init_membuf (&blob->bufbuf, 1024);
  blob->buf = &blob->bufbuf;
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@ -155,7 +155,6 @@ gpg_error_t _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
                                         keybox_openpgp_info_t info,
                                         const unsigned char *image,
                                         size_t imagelen,
-                                         u32 *sigstatus,
                                         int as_ephemeral);
 #ifdef KEYBOX_WITH_X509
 int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@ -1048,23 +1048,20 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,


 /* Return the last found keyblock.  Returns 0 on success and stores a
-   new iobuf at R_IOBUF and a signature status vector at R_SIGSTATUS
-   in that case.  R_UID_NO and R_PK_NO are used to retun the number of
-   the key or user id which was matched the search criteria; if not
-   known they are set to 0. */
+ * new iobuf at R_IOBUF.  R_UID_NO and R_PK_NO are used to retun the
+ * number of the key or user id which was matched the search criteria;
+ * if not known they are set to 0. */
 gpg_error_t
 keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
-                     int *r_pk_no, int *r_uid_no, u32 **r_sigstatus)
+                     int *r_pk_no, int *r_uid_no)
 {
  gpg_error_t err;
-  const unsigned char *buffer, *p;
+  const unsigned char *buffer;
  size_t length;
  size_t image_off, image_len;
  size_t siginfo_off, siginfo_len;
-  u32 *sigstatus, n, n_sigs, sigilen;

  *r_iobuf = NULL;
-  *r_sigstatus = NULL;

  if (!hd)
    return gpg_error (GPG_ERR_INV_VALUE);
@ -1086,19 +1083,9 @@ keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
                                   &siginfo_off, &siginfo_len);
  if (err)
    return err;
-  n_sigs  = get16 (buffer + siginfo_off);
-  sigilen = get16 (buffer + siginfo_off + 2);
-  p = buffer + siginfo_off + 4;
-  sigstatus = xtrymalloc ((1+n_sigs) * sizeof *sigstatus);
-  if (!sigstatus)
-    return gpg_error_from_syserror ();
-  sigstatus[0] = n_sigs;
-  for (n=1; n <= n_sigs; n++, p += sigilen)
-    sigstatus[n] = get32 (p);

  *r_pk_no  = hd->found.pk_no;
  *r_uid_no = hd->found.uid_no;
-  *r_sigstatus = sigstatus;
  *r_iobuf = iobuf_temp_with_content (buffer+image_off, image_len);
  return 0;
 }
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@ -353,12 +353,9 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
 }


-/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD.  SIGSTATUS is
-   a vector describing the status of the signatures; its first element
-   gives the number of following elements.  */
+/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. */
 gpg_error_t
-keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen,
-                        u32 *sigstatus)
+keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
 {
  gpg_error_t err;
  const char *fname;
@ -385,7 +382,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen,
    return err;
  assert (nparsed <= imagelen);
  err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen,
-                                     sigstatus, hd->ephemeral);
+                                      hd->ephemeral);
  _keybox_destroy_openpgp_info (&info);
  if (!err)
    {
@ -436,7 +433,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
    return err;
  assert (nparsed <= imagelen);
  err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen,
-                                     NULL, hd->ephemeral);
+                                     hd->ephemeral);
  _keybox_destroy_openpgp_info (&info);

  /* Update the keyblock.  */
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@ -85,7 +85,7 @@ int _keybox_write_header_blob (FILE *fp, int openpgp_flag);

 /*-- keybox-search.c --*/
 gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
-                                 int *r_uid_no, int *r_pk_no, u32 **sigstatus);
+                                 int *r_uid_no, int *r_pk_no);
 #ifdef KEYBOX_WITH_X509
 int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
 #endif /*KEYBOX_WITH_X509*/
@ -102,8 +102,7 @@ gpg_error_t keybox_seek (KEYBOX_HANDLE hd, off_t offset);

 /*-- keybox-update.c --*/
 gpg_error_t keybox_insert_keyblock (KEYBOX_HANDLE hd,
-                                    const void *image, size_t imagelen,
-                                    u32 *sigstatus);
+                                    const void *image, size_t imagelen);
 gpg_error_t keybox_update_keyblock (KEYBOX_HANDLE hd,
                                    const void *image, size_t imagelen);