mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* free-packet.c (copy_secret_key): Copy secret key into secure memory
since we may unprotect it. * main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local user support so users can use -u with --desig-revoke. This bypasses the interactive walk over the revocation keys.
This commit is contained in:
parent
092bae80a9
commit
f7c138d9e7
@ -1,3 +1,12 @@
|
||||
2005-11-19 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* free-packet.c (copy_secret_key): Copy secret key into secure
|
||||
memory since we may unprotect it.
|
||||
|
||||
* main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local
|
||||
user support so users can use -u with --desig-revoke. This
|
||||
bypasses the interactive walk over the revocation keys.
|
||||
|
||||
2005-11-17 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keyedit.c (keyedit_menu, menu_clean): Simplify clean options to
|
||||
@ -16,7 +25,8 @@
|
||||
|
||||
* armor.c (parse_header_line): A fussy bit of 2440: header lines
|
||||
are delimited with a colon-space pair. Therefore a line such as
|
||||
"Comment: " is actually legal, albeit not particularly useful.
|
||||
"Comment: " (with a trailing space) is actually legal, albeit not
|
||||
particularly useful.
|
||||
|
||||
2005-11-11 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
|
@ -285,7 +285,7 @@ copy_secret_key( PKT_secret_key *d, PKT_secret_key *s )
|
||||
int n, i;
|
||||
|
||||
if( !d )
|
||||
d = xmalloc(sizeof *d);
|
||||
d = xmalloc_secure(sizeof *d);
|
||||
else
|
||||
release_secret_key_parts (d);
|
||||
memcpy( d, s, sizeof *d );
|
||||
|
@ -3417,7 +3417,7 @@ main (int argc, char **argv )
|
||||
if( argc != 1 )
|
||||
wrong_args("--desig-revoke user-id");
|
||||
username = make_username(*argv);
|
||||
gen_desig_revoke( username );
|
||||
gen_desig_revoke( username, locusr );
|
||||
xfree( username );
|
||||
break;
|
||||
|
||||
|
@ -237,7 +237,7 @@ int enarmor_file( const char *fname );
|
||||
/*-- revoke.c --*/
|
||||
struct revocation_reason_info;
|
||||
int gen_revoke( const char *uname );
|
||||
int gen_desig_revoke( const char *uname );
|
||||
int gen_desig_revoke( const char *uname, STRLIST locusr);
|
||||
int revocation_reason_build_cb( PKT_signature *sig, void *opaque );
|
||||
struct revocation_reason_info *
|
||||
ask_revocation_reason( int key_rev, int cert_rev, int hint );
|
||||
|
46
g10/revoke.c
46
g10/revoke.c
@ -197,7 +197,7 @@ export_minimal_pk(IOBUF out,KBNODE keyblock,
|
||||
* Generate a revocation certificate for UNAME via a designated revoker
|
||||
*/
|
||||
int
|
||||
gen_desig_revoke( const char *uname )
|
||||
gen_desig_revoke( const char *uname, STRLIST locusr )
|
||||
{
|
||||
int rc = 0;
|
||||
armor_filter_context_t afx;
|
||||
@ -211,6 +211,7 @@ gen_desig_revoke( const char *uname )
|
||||
KBNODE keyblock=NULL,node;
|
||||
u32 keyid[2];
|
||||
int i,any=0;
|
||||
SK_LIST sk_list=NULL;
|
||||
|
||||
if( opt.batch )
|
||||
{
|
||||
@ -246,6 +247,13 @@ gen_desig_revoke( const char *uname )
|
||||
|
||||
keyid_from_pk(pk,keyid);
|
||||
|
||||
if(locusr)
|
||||
{
|
||||
rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT);
|
||||
if(rc)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
/* Are we a designated revoker for this key? */
|
||||
|
||||
if(!pk->revkey && pk->numrevkeys)
|
||||
@ -253,12 +261,39 @@ gen_desig_revoke( const char *uname )
|
||||
|
||||
for(i=0;i<pk->numrevkeys;i++)
|
||||
{
|
||||
SK_LIST list;
|
||||
|
||||
if(sk)
|
||||
free_secret_key(sk);
|
||||
|
||||
sk=xmalloc_clear(sizeof(*sk));
|
||||
if(sk_list)
|
||||
{
|
||||
for(list=sk_list;list;list=list->next)
|
||||
{
|
||||
byte fpr[MAX_FINGERPRINT_LEN];
|
||||
size_t fprlen;
|
||||
|
||||
rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN);
|
||||
fingerprint_from_sk(list->sk,fpr,&fprlen);
|
||||
|
||||
/* Don't get involved with keys that don't have 160
|
||||
bit fingerprints */
|
||||
if(fprlen!=20)
|
||||
continue;
|
||||
|
||||
if(memcmp(fpr,pk->revkey[i].fpr,20)==0)
|
||||
break;
|
||||
}
|
||||
|
||||
if(list)
|
||||
sk=copy_secret_key(NULL,list->sk);
|
||||
else
|
||||
continue;
|
||||
}
|
||||
else
|
||||
{
|
||||
sk=xmalloc_secure_clear(sizeof(*sk));
|
||||
rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN);
|
||||
}
|
||||
|
||||
/* We have the revocation key */
|
||||
if(!rc)
|
||||
@ -297,7 +332,8 @@ gen_desig_revoke( const char *uname )
|
||||
goto leave;
|
||||
|
||||
afx.what = 1;
|
||||
afx.hdrlines = "Comment: A designated revocation certificate should follow\n";
|
||||
afx.hdrlines = "Comment: A designated revocation certificate"
|
||||
" should follow\n";
|
||||
iobuf_push_filter( out, armor_filter, &afx );
|
||||
|
||||
/* create it */
|
||||
@ -384,6 +420,8 @@ gen_desig_revoke( const char *uname )
|
||||
if( sig )
|
||||
free_seckey_enc( sig );
|
||||
|
||||
release_sk_list(sk_list);
|
||||
|
||||
if( rc )
|
||||
iobuf_cancel(out);
|
||||
else
|
||||
|
Loading…
x
Reference in New Issue
Block a user