From d537d547cef144014f46aa050b5e3b911c48cf93 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Tue, 30 Dec 2003 00:46:42 +0000 Subject: [PATCH] * misc.c (pull_in_libs): Dead code. Removed. * sig-check.c (check_revocation_keys): Comments. * getkey.c (merge_selfsigs_main): Don't bother to check designated revoker sigs if the key is already revoked. * packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on PKs. It is set when there is a revocation signature from a valid revocation key, but the revocation key is not present to verify the signature. * pkclist.c (check_signatures_trust): Use it here to give a warning when showing key trust. * compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library and we can at least guarantee that it won't fail because of the lack of stdio.h. * tdbio.c: Fixed format string bugs related to the use of DB_NAME. Reported by Florian Weimer. --- g10/ChangeLog | 24 ++++++++++++++++++++++++ g10/compress-bz2.c | 1 + g10/getkey.c | 28 +++++++++++++++++++--------- g10/misc.c | 17 ----------------- g10/packet.h | 2 ++ g10/pkclist.c | 4 ++++ g10/sig-check.c | 16 +++++++++------- g10/tdbio.c | 20 ++++++++------------ 8 files changed, 67 insertions(+), 45 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 4e7fdf31d..1f3fd7fff 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,27 @@ +2003-12-29 David Shaw + + * misc.c (pull_in_libs): Dead code. Removed. + + * sig-check.c (check_revocation_keys): Comments. + + * getkey.c (merge_selfsigs_main): Don't bother to check designated + revoker sigs if the key is already revoked. + + * packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" + flag on PKs. It is set when there is a revocation signature from + a valid revocation key, but the revocation key is not present to + verify the signature. + + * pkclist.c (check_signatures_trust): Use it here to give a + warning when showing key trust. + + * compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 + library and we can at least guarantee that it won't fail because + of the lack of stdio.h. + + * tdbio.c: Fixed format string bugs related to the use of DB_NAME. + Reported by Florian Weimer. + 2003-12-28 David Shaw * options.h, g10.c (main), keyserver.c (keyserver_opts, diff --git a/g10/compress-bz2.c b/g10/compress-bz2.c index 139a39997..73b382ed1 100644 --- a/g10/compress-bz2.c +++ b/g10/compress-bz2.c @@ -20,6 +20,7 @@ #include #include +#include /* Early versions of bzlib (1.0) require stdio.h */ #include #include "util.h" diff --git a/g10/getkey.c b/g10/getkey.c index 7d437a07a..4aba21eae 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1517,9 +1517,9 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) /* pass 1.5: look for key revocation signatures that were not made by the key (i.e. did a revocation key issue a revocation for us?). Only bother to do this if there is a revocation key in - the first place. */ + the first place and we're not revoked already. */ - if(pk->revkey) + if(!*r_revoked && pk->revkey) for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) @@ -1529,15 +1529,25 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) if(IS_KEY_REV(sig) && (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1])) { - /* Failure here means the sig did not verify, is was + int rc=check_revocation_keys(pk,sig); + if(rc==0) + { + *r_revoked=1; + /* don't continue checking since we can't be any + more revoked than this */ + break; + } + else if(rc==G10ERR_NO_PUBKEY) + pk->maybe_revoked=1; + + /* A failure here means the sig did not verify, was not issued by a revocation key, or a revocation - key loop was broken. */ + key loop was broken. If a revocation key isn't + findable, however, the key might be revoked and + we don't know it. */ - if(check_revocation_keys(pk,sig)==0) - *r_revoked=1; - - /* In the future handle subkey and cert revocations? - PGP doesn't, but it's in 2440. */ + /* TODO: In the future handle subkey and cert + revocations? PGP doesn't, but it's in 2440. */ } } } diff --git a/g10/misc.c b/g10/misc.c index 229436cf5..1941b2c61 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -39,23 +39,6 @@ #include "options.h" #include "i18n.h" - -const char *g10m_revision_string(int); -const char *g10c_revision_string(int); -const char *g10u_revision_string(int); - -#ifdef __GNUC__ -volatile -#endif - void -pull_in_libs(void) -{ - g10m_revision_string(0); - g10c_revision_string(0); - g10u_revision_string(0); -} - - #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2 static int setsysinfo(unsigned long op, void *buffer, unsigned long size, diff --git a/g10/packet.h b/g10/packet.h index 57306e6e7..db27d7a46 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -206,6 +206,8 @@ typedef struct { byte req_algo; /* Ditto */ u32 has_expired; /* set to the expiration date if expired */ int is_revoked; /* key has been revoked */ + int maybe_revoked; /* a designated revocation is present, but + without the key to check it */ int is_valid; /* key (especially subkey) is valid */ int dont_cache; /* do not cache this */ ulong local_id; /* internal use, valid if > 0 */ diff --git a/g10/pkclist.c b/g10/pkclist.c index 7a9ac8137..eb4872580 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -615,6 +615,10 @@ check_signatures_trust( PKT_signature *sig ) goto leave; } + if(pk->maybe_revoked && !pk->is_revoked) + log_info(_("WARNING: this key might be revoked (revocation key" + " not present)\n")); + trustlevel = get_validity (pk, NULL); if ( (trustlevel & TRUST_FLAG_REVOKED) ) diff --git a/g10/sig-check.c b/g10/sig-check.c index 3270c682b..4aeaaee38 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -320,20 +320,22 @@ cache_sig_result ( PKT_signature *sig, int result ) } } - /* Check the revocation keys to see if any of them have revoked our pk. sig is the revocation sig. pk is the key it is on. This code will need to be modified if gpg ever becomes multi-threaded. Note that this guarantees that a designated revocation sig will never be considered valid unless it is actually valid, as well as being - issued by a revocation key in a valid direct signature. Note that - this is written so that a revoked revoker can still issue + issued by a revocation key in a valid direct signature. Note also + that this is written so that a revoked revoker can still issue revocations: i.e. If A revokes B, but A is revoked, B is still revoked. I'm not completely convinced this is the proper behavior, but it matches how PGP does it. -dms */ /* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not - revoked */ + revoked. It is important that G10ERR_NO_PUBKEY is only returned + when a revocation signature is from a valid revocation key + designated in a revkey subpacket, but the revocation key itself + isn't present. */ int check_revocation_keys(PKT_public_key *pk,PKT_signature *sig) { @@ -345,9 +347,9 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig) if(busy) { - /* return -1 (i.e. not revoked), but mark the pk as uncacheable - as we don't really know its revocation status until it is - checked directly. */ + /* return an error (i.e. not revoked), but mark the pk as + uncacheable as we don't really know its revocation status + until it is checked directly. */ pk->dont_cache=1; return rc; diff --git a/g10/tdbio.c b/g10/tdbio.c index 07e64a250..b245da049 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -774,8 +774,7 @@ upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum ) hashrec += msb / ITEMS_PER_HTBL_RECORD; rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL ); if( rc ) { - log_error( db_name, "upd_hashtable: read failed: %s\n", - g10_errstr(rc) ); + log_error("upd_hashtable: read failed: %s\n", g10_errstr(rc) ); return rc; } @@ -784,7 +783,7 @@ upd_hashtable( ulong table, byte *key, int keylen, ulong newrecnum ) rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum; rc = tdbio_write_record( &rec ); if( rc ) { - log_error( db_name, "upd_hashtable: write htbl failed: %s\n", + log_error("upd_hashtable: write htbl failed: %s\n", g10_errstr(rc) ); return rc; } @@ -923,7 +922,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum ) hashrec += msb / ITEMS_PER_HTBL_RECORD; rc = tdbio_read_record( hashrec, &rec, RECTYPE_HTBL ); if( rc ) { - log_error( db_name, "drop_from_hashtable: read failed: %s\n", + log_error("drop_from_hashtable: read failed: %s\n", g10_errstr(rc) ); return rc; } @@ -936,7 +935,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum ) rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0; rc = tdbio_write_record( &rec ); if( rc ) - log_error( db_name, "drop_from_hashtable: write htbl failed: %s\n", + log_error("drop_from_hashtable: write htbl failed: %s\n", g10_errstr(rc) ); return rc; } @@ -965,7 +964,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum ) rec.r.hlst.rnum[i] = 0; /* drop */ rc = tdbio_write_record( &rec ); if( rc ) - log_error( db_name, "drop_from_hashtable: write htbl failed: %s\n", + log_error("drop_from_hashtable: write htbl failed: %s\n", g10_errstr(rc) ); return rc; } @@ -1012,7 +1011,7 @@ lookup_hashtable( ulong table, const byte *key, size_t keylen, hashrec += msb / ITEMS_PER_HTBL_RECORD; rc = tdbio_read_record( hashrec, rec, RECTYPE_HTBL ); if( rc ) { - log_error( db_name, "lookup_hashtable failed: %s\n", g10_errstr(rc) ); + log_error("lookup_hashtable failed: %s\n", g10_errstr(rc) ); return rc; } @@ -1022,14 +1021,14 @@ lookup_hashtable( ulong table, const byte *key, size_t keylen, rc = tdbio_read_record( item, rec, 0 ); if( rc ) { - log_error( db_name, "hashtable read failed: %s\n", g10_errstr(rc) ); + log_error( "hashtable read failed: %s\n", g10_errstr(rc) ); return rc; } if( rec->rectype == RECTYPE_HTBL ) { hashrec = item; level++; if( level >= keylen ) { - log_error( db_name, "hashtable has invalid indirections\n"); + log_error("hashtable has invalid indirections\n"); return G10ERR_TRUSTDB; } goto next_level; @@ -1621,6 +1620,3 @@ migrate_from_v2 () log_info ("migrated %d version 2 ownertrusts\n", count); m_free (ottable); } - - -