* trustdb.h, trustdb.c (clean_sigs_from_uid): Add flag to remove all

non-selfsigs from key during cleaning. Change all callers. * export.c (do_export_stream): Use it here so we don't need additional minimize code in the export path.
2025-01-03 12:11:33 +01:00 · 2005-11-10 21:18:49 +00:00 · 2005-11-10 21:18:49 +00:00 · debc169f88
commit debc169f88
parent 11c7699c45
6 changed files with 27 additions and 24 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,11 @@
+2005-11-10  David Shaw  <dshaw@jabberwocky.com>
+
+	* trustdb.h, trustdb.c (clean_sigs_from_uid): Add flag to remove
+	all non-selfsigs from key during cleaning.  Change all callers.
+
+	* export.c (do_export_stream): Use it here so we don't need
+	additional minimize code in the export path.
+
 2005-11-06  David Shaw  <dshaw@jabberwocky.com>

 	* options.skel: Add a section for --encrypt-to.  This is Debian
--- a/g10/export.c
+++ b/g10/export.c
@ -293,7 +293,6 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
    subkey_list_t subkey_list = NULL;  /* Track alreay processed subkeys. */
    KEYDB_HANDLE kdbhd;
    STRLIST sl;
-    u32 keyid[2];

    *any = 0;
    init_packet( &pkt );
@ -383,10 +382,6 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
 	else
 	  {
 	    /* It's a public key export. */
-	    if((options&EXPORT_MINIMAL)
-	       && (node=find_kbnode(keyblock,PKT_PUBLIC_KEY)))
-	      keyid_from_pk(node->pkt->pkt.public_key,keyid);
-
 	    if(options&EXPORT_CLEAN_UIDS)
 	      clean_uids_from_key(keyblock,opt.verbose);
 	  }
@ -460,26 +455,20 @@ do_export_stream( IOBUF out, STRLIST users, int secret,
                }
 	      }

-
 	    if(node->pkt->pkttype==PKT_USER_ID)
 	      {
 		/* Run clean_sigs_from_uid against each uid if
-		   export-clean-sigs is on. */
+		   export-clean-sigs is on.  export-minimal causes it
+		   to remove all non-selfsigs as well.  Note that
+		   export-minimal only applies to UID sigs (0x10,
+		   0x11, 0x12, and 0x13).  A designated revocation is
+		   not stripped. */
 		if(options&EXPORT_CLEAN_SIGS)
-		  clean_sigs_from_uid(keyblock,node,opt.verbose);
+		  clean_sigs_from_uid(keyblock,node,
+				      opt.verbose,options&EXPORT_MINIMAL);
 	      }
 	    else if(node->pkt->pkttype==PKT_SIGNATURE)
 	      {
-		/* If we have export-minimal turned on, do not include
-		   any signature that isn't a selfsig.  Note that this
-		   only applies to uid sigs (0x10, 0x11, 0x12, and
-		   0x13).  A designated revocation is not stripped. */
-		if((options&EXPORT_MINIMAL)
-		   && IS_UID_SIG(node->pkt->pkt.signature)
-		   && (node->pkt->pkt.signature->keyid[0]!=keyid[0]
-		       || node->pkt->pkt.signature->keyid[1]!=keyid[1]))
-		  continue;
-
 		/* do not export packets which are marked as not
 		   exportable */
 		if(!(options&EXPORT_LOCAL_SIGS)
--- a/g10/import.c
+++ b/g10/import.c
@ -674,7 +674,7 @@ clean_sigs_from_all_uids(KBNODE keyblock)

  for(uidnode=keyblock->next;uidnode;uidnode=uidnode->next)
    if(uidnode->pkt->pkttype==PKT_USER_ID)
-      deleted+=clean_sigs_from_uid(keyblock,uidnode,opt.verbose);
+      deleted+=clean_sigs_from_uid(keyblock,uidnode,opt.verbose,0);

  return deleted;
 }
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -3199,7 +3199,7 @@ menu_clean_sigs_from_uids(KBNODE keyblock)
 	  char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
 				    uidnode->pkt->pkt.user_id->len,
 				    0);
-	  deleted=clean_sigs_from_uid(keyblock,uidnode,opt.verbose);
+	  deleted=clean_sigs_from_uid(keyblock,uidnode,opt.verbose,0);
 	  if(deleted)
 	    {
 	      tty_printf(deleted==1?
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -1575,13 +1575,16 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
 }

 int
-clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
+clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only)
 {
  int deleted=0;
  KBNODE node;
+  u32 keyid[2];

  assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);

+  keyid_from_pk(keyblock->pkt->pkt.public_key,keyid);
+
  /* Passing in a 0 for current time here means that we'll never weed
     out an expired sig.  This is correct behavior since we want to
     keep the most recent expired sig in a series. */
@ -1607,12 +1610,15 @@ clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy)
      node && node->pkt->pkttype==PKT_SIGNATURE;
      node=node->next)
    {
+      int keep=self_only?(node->pkt->pkt.signature->keyid[0]==keyid[0]
+			  && node->pkt->pkt.signature->keyid[1]==keyid[1]):1;
+
      /* Keep usable uid sigs ... */
-      if(node->flag & (1<<8))
+      if((node->flag & (1<<8)) && keep)
 	continue;

      /* ... and usable revocations... */
-      if(node->flag & (1<<11))
+      if((node->flag & (1<<11)) && keep)
 	continue;

      /* ... and sigs from unavailable keys. */
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@ -82,7 +82,7 @@ const char *get_ownertrust_string (PKT_public_key *pk);
 void update_ownertrust (PKT_public_key *pk, unsigned int new_trust );
 int clear_ownertrusts (PKT_public_key *pk);

-int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy);
+int clean_sigs_from_uid(KBNODE keyblock,KBNODE uidnode,int noisy,int self_only);
 int clean_uids_from_key(KBNODE keyblock,int noisy);

 /*-- tdbdump.c --*/