* misc.c (pull_in_libs): Dead code. Removed.

* sig-check.c (check_revocation_keys): Comments. * getkey.c (merge_selfsigs_main): Don't bother to check designated revoker sigs if the key is already revoked. * packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on PKs. It is set when there is a revocation signature from a valid revocation key, but the revocation key is not present to verify the signature. * pkclist.c (check_signatures_trust): Use it here to give a warning when showing key trust. * compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library and we can at least guarantee that it won't fail because of the lack of stdio.h. * tdbio.c: Fixed format string bugs related to the use of DB_NAME. Reported by Florian Weimer.
2025-03-24 22:09:57 +01:00 · 2003-12-30 00:46:42 +00:00 · 2003-12-30 00:46:42 +00:00 · d537d547ce
commit d537d547ce
parent f13f772a29
8 changed files with 67 additions and 45 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,27 @@
+2003-12-29  David Shaw  <dshaw@jabberwocky.com>
+
+	* misc.c (pull_in_libs): Dead code.  Removed.
+
+	* sig-check.c (check_revocation_keys): Comments.
+
+	* getkey.c (merge_selfsigs_main): Don't bother to check designated
+	revoker sigs if the key is already revoked.
+
+	* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked"
+	flag on PKs.  It is set when there is a revocation signature from
+	a valid revocation key, but the revocation key is not present to
+	verify the signature.
+
+	* pkclist.c (check_signatures_trust): Use it here to give a
+	warning when showing key trust.
+
+	* compress-bz2.c: Include stdio.h.  Solaris 9 has a very old bzip2
+	library and we can at least guarantee that it won't fail because
+	of the lack of stdio.h.
+
+	* tdbio.c: Fixed format string bugs related to the use of DB_NAME.
+	Reported by Florian Weimer.
+
 2003-12-28  David Shaw  <dshaw@jabberwocky.com>

 	* options.h, g10.c (main), keyserver.c (keyserver_opts,
--- a/g10/compress-bz2.c
+++ b/g10/compress-bz2.c
@ -20,6 +20,7 @@

 #include <config.h>
 #include <string.h>
+#include <stdio.h> /* Early versions of bzlib (1.0) require stdio.h */
 #include <bzlib.h>

 #include "util.h"
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1517,9 +1517,9 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
    /* pass 1.5: look for key revocation signatures that were not made
       by the key (i.e. did a revocation key issue a revocation for
       us?).  Only bother to do this if there is a revocation key in
-       the first place. */
+       the first place and we're not revoked already. */

-    if(pk->revkey)
+    if(!*r_revoked && pk->revkey)
      for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next )
 	{
 	  if ( k->pkt->pkttype == PKT_SIGNATURE )
@ -1529,15 +1529,25 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
 	      if(IS_KEY_REV(sig) &&
 		 (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
 		{ 
-		  /* Failure here means the sig did not verify, is was
+		  int rc=check_revocation_keys(pk,sig);
+		  if(rc==0)
+		    {
+		      *r_revoked=1;
+		      /* don't continue checking since we can't be any
+			 more revoked than this */
+		      break;
+		    }
+		  else if(rc==G10ERR_NO_PUBKEY)
+		    pk->maybe_revoked=1;
+
+		  /* A failure here means the sig did not verify, was
 		     not issued by a revocation key, or a revocation
-		     key loop was broken. */
+		     key loop was broken.  If a revocation key isn't
+		     findable, however, the key might be revoked and
+		     we don't know it. */

-		  if(check_revocation_keys(pk,sig)==0)
-		    *r_revoked=1;
-
-		  /* In the future handle subkey and cert revocations?
-                     PGP doesn't, but it's in 2440. */
+		  /* TODO: In the future handle subkey and cert
+                     revocations?  PGP doesn't, but it's in 2440. */
 		}
 	    }
 	}
--- a/g10/misc.c
+++ b/g10/misc.c
@ -39,23 +39,6 @@
 #include "options.h"
 #include "i18n.h"

-
-const char *g10m_revision_string(int);
-const char *g10c_revision_string(int);
-const char *g10u_revision_string(int);
-
-#ifdef __GNUC__
-volatile
-#endif
-	 void
-pull_in_libs(void)
-{
-    g10m_revision_string(0);
-    g10c_revision_string(0);
-    g10u_revision_string(0);
-}
-
-
 #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
 static int
 setsysinfo(unsigned long op, void *buffer, unsigned long size,
--- a/g10/packet.h
+++ b/g10/packet.h
@ -206,6 +206,8 @@ typedef struct {
    byte    req_algo;       /* Ditto */
    u32     has_expired;    /* set to the expiration date if expired */ 
    int     is_revoked;     /* key has been revoked */
+    int     maybe_revoked;  /* a designated revocation is present, but
+			       without the key to check it */
    int     is_valid;       /* key (especially subkey) is valid */
    int     dont_cache;     /* do not cache this */
    ulong   local_id;	    /* internal use, valid if > 0 */
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -615,6 +615,10 @@ check_signatures_trust( PKT_signature *sig )
      goto leave;
    }

+  if(pk->maybe_revoked && !pk->is_revoked)
+    log_info(_("WARNING: this key might be revoked (revocation key"
+	       " not present)\n"));
+
  trustlevel = get_validity (pk, NULL);

  if ( (trustlevel & TRUST_FLAG_REVOKED) ) 
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -320,20 +320,22 @@ cache_sig_result ( PKT_signature *sig, int result )
    }
 }

-
 /* Check the revocation keys to see if any of them have revoked our
   pk.  sig is the revocation sig.  pk is the key it is on.  This code
   will need to be modified if gpg ever becomes multi-threaded.  Note
   that this guarantees that a designated revocation sig will never be
   considered valid unless it is actually valid, as well as being
-   issued by a revocation key in a valid direct signature.  Note that
-   this is written so that a revoked revoker can still issue
+   issued by a revocation key in a valid direct signature.  Note also
+   that this is written so that a revoked revoker can still issue
   revocations: i.e. If A revokes B, but A is revoked, B is still
   revoked.  I'm not completely convinced this is the proper behavior,
   but it matches how PGP does it. -dms */

 /* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not
-   revoked */
+   revoked.  It is important that G10ERR_NO_PUBKEY is only returned
+   when a revocation signature is from a valid revocation key
+   designated in a revkey subpacket, but the revocation key itself
+   isn't present. */
 int
 check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
 {
@ -345,9 +347,9 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)

  if(busy)
    {
-      /* return -1 (i.e. not revoked), but mark the pk as uncacheable
-         as we don't really know its revocation status until it is
-         checked directly. */
+      /* return an error (i.e. not revoked), but mark the pk as
+         uncacheable as we don't really know its revocation status
+         until it is checked directly. */

      pk->dont_cache=1;
      return rc;
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@ -774,8 +774,7 @@ upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum )
    hashrec += msb / ITEMS_PER_HTBL_RECORD;
    rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL );
    if( rc ) {
-	log_error( db_name, "upd_hashtable: read failed: %s\n",
-							g10_errstr(rc) );
+	log_error("upd_hashtable: read failed: %s\n",	g10_errstr(rc) );
 	return rc;
    }

@ -784,7 +783,7 @@ upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum )
 	rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum;
 	rc = tdbio_write_record( &rec );
 	if( rc ) {
-	    log_error( db_name, "upd_hashtable: write htbl failed: %s\n",
+	    log_error("upd_hashtable: write htbl failed: %s\n",
 							    g10_errstr(rc) );
 	    return rc;
 	}
@ -923,7 +922,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum )
    hashrec += msb / ITEMS_PER_HTBL_RECORD;
    rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL );
    if( rc ) {
-	log_error( db_name, "drop_from_hashtable: read failed: %s\n",
+	log_error("drop_from_hashtable: read failed: %s\n",
 							g10_errstr(rc) );
 	return rc;
    }
@ -936,7 +935,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum )
 	rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0;
 	rc = tdbio_write_record( &rec );
 	if( rc )
-	    log_error( db_name, "drop_from_hashtable: write htbl failed: %s\n",
+	    log_error("drop_from_hashtable: write htbl failed: %s\n",
 							    g10_errstr(rc) );
 	return rc;
    }
@ -965,7 +964,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum )
 		    rec.r.hlst.rnum[i] = 0; /* drop */
 		    rc = tdbio_write_record( &rec );
 		    if( rc )
-			log_error( db_name, "drop_from_hashtable: write htbl failed: %s\n",
+			log_error("drop_from_hashtable: write htbl failed: %s\n",
 									g10_errstr(rc) );
 		    return rc;
 		}
@ -1012,7 +1011,7 @@ lookup_hashtable( ulong table, const byte *key, size_t keylen,
    hashrec += msb / ITEMS_PER_HTBL_RECORD;
    rc = tdbio_read_record( hashrec, rec, RECTYPE_HTBL );
    if( rc ) {
-	log_error( db_name, "lookup_hashtable failed: %s\n", g10_errstr(rc) );
+	log_error("lookup_hashtable failed: %s\n", g10_errstr(rc) );
 	return rc;
    }

@ -1022,14 +1021,14 @@ lookup_hashtable( ulong table, const byte *key, size_t keylen,

    rc = tdbio_read_record( item, rec, 0 );
    if( rc ) {
-	log_error( db_name, "hashtable read failed: %s\n", g10_errstr(rc) );
+	log_error( "hashtable read failed: %s\n", g10_errstr(rc) );
 	return rc;
    }
    if( rec->rectype == RECTYPE_HTBL ) {
 	hashrec = item;
 	level++;
 	if( level >= keylen ) {
-	    log_error( db_name, "hashtable has invalid indirections\n");
+	    log_error("hashtable has invalid indirections\n");
 	    return G10ERR_TRUSTDB;
 	}
 	goto next_level;
@ -1621,6 +1620,3 @@ migrate_from_v2 ()
  log_info ("migrated %d version 2 ownertrusts\n", count);
  m_free (ottable);
 }
-
-
-