1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

181 Commits

Author SHA1 Message Date
Werner Koch
e7251be84c
gpg: Auto import keys specified with --trusted-keys.
* g10/getkey.c (get_pubkey_with_ldap_fallback): New.
* g10/trustdb.c (verify_own_keys): Use it.

(cherry picked from commit 100037ac0f558e8959fc065d4703c85c2962489e)
2021-05-04 10:21:14 +02:00
Werner Koch
8a2e5025eb
gpg: Fix --trusted-key with fingerprint arg.
* g10/trustdb.c (tdb_register_trusted_key): Take care of that
other constant.
--

Fixes-commit: 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-18 17:10:01 +01:00
NIIBE Yutaka
199309190a gpg: Add regular expression support.
* AUTHORS, COPYING.other: Update.
* Makefile.am (SUBDIRS): Add regexp sub directory.
* configure.ac (DISABLE_REGEX): Remove.
* g10/Makefile.am (needed_libs): Add libregexp.a.
* g10/trustdb.c: Remove DISABLE_REGEX support.
* regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
  regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
* regexp/UnicodeData.txt: New from Unicode.
* regexp/Makefile.am, regexp/parse-unidata.awk: New.
* tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
* tools/Makefile.am: Remove DISABLE_REGEX support.

--

Backport master commit of:
	ba247a114c75a84473c11c1484013b09fbb9bcd1

GnuPG-bug-id: 4843
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-15 14:16:57 +09:00
Daniel Kahn Gillmor
b6d89d1944
gpg: Update --trusted-key to accept fingerprint as well as long key id.
* g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
as long key ID.
* doc/gpg.texi: document that --trusted-key can accept a fingerprint.
--

GnuPG-bug-id: 4855
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Fixed uses or return and kept the old string to avoid breaking
translations.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb)

Remove the test for FPRLEN which we do not have in 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-18 14:01:17 +01:00
Werner Koch
215858aba3
gpg: Do not show an informational diagnostics with quiet.
* g10/trustdb.c (verify_own_keys): Silence informational diagnostic.
--

This silences this notes with --quiet
  gpg: key EE65E8C75D41FD1D marked as ultimately trusted

GnuPG-bug-id: 4634
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 11:47:12 +02:00
Werner Koch
40bf383f72
gpg: Move key cleaning functions to a separate file.
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f)
2018-07-09 10:24:37 +02:00
Werner Koch
a750ebebf3
gpg: Pass CTRL arg to get_trusthashrec.
* g10/tdbio.c (get_trusthashrec): Add arg CTRL.
(tdbio_search_trust_byfpr): Ditto.
(tdbio_search_trust_bypk): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 18:06:43 +02:00
NIIBE Yutaka
0d0b9eb0d4 g10: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

Backport from master commit:
	ccf3ba92087e79abdeaa0208795829b431c6f201

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-04 19:26:49 +09:00
Werner Koch
13821e15fb
gpg: Fix memory leak while running --check-trustdb.
* g10/trustdb.c (update_min_ownertrust): Free PK.
--

This bug was revealed by the new trust-pgp-2.scm test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-24 22:10:44 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
Werner Koch
8f2671d2cc
gpg: Pass CTRL to many more functions.
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:20 +02:00
Justus Winter
2649fdfff5
g10: Move more flags into the flag bitfield.
* g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
'is_expired' into the flags bitfield, and drop the prefix.
* g10/call-dirmngr.c: Adapt accordingly.
* g10/export.c: Likewise.
* g10/getkey.c: Likewise.
* g10/import.c: Likewise.
* g10/kbnode.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyserver.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
--

This patch has been created by applying the following semantic patch:

    @@
    expression E;
    @@
    -E->is_expired
    +E->flags.expired

    @@
    expression E;
    @@
    -E->is_primary
    +E->flags.primary

    @@
    expression E;
    @@
    -E->is_revoked
    +E->flags.revoked

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-08 13:31:10 +01:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Justus Winter
4735ab96aa
gpg: Fix (quick) key generation with --always-trust.
* g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
do have a trust database.
* g10/trustdb.c (have_trustdb): New function.
* g10/trustdb.h (have_trustdb): New prototype.
* tests/openpgp/quick-key-manipulation.scm: Remove workaround.

GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 14:50:23 +01:00
Werner Koch
e182542e90
gpg: Do not require a trustdb for decryption.
* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
Change to return an error code.  Change all callers to to pass False
for NO_CREATE.
(tdb_get_ownertrust): New arg NO_CREATE.  Call init_trustdb to test
for a non-existing trustdb.  Change all callers to to pass False for
NO_CREATE.
(tdb_get_min_ownertrust): Ditto.
* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE.  Call
init_trustdb for a quick check.
(get_ownertrust_info): Add arg NO_CREATE.
(get_ownertrust_string): Ditto.
* g10/gpgv.c (get_ownertrust_info): Adjust stub.
* g10/test-stubs.c (get_ownertrust_info): Ditto.
* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
set.
* g10/pubkey-enc.c (get_it): Ditto.
--

Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b

For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to
gnupg-devel 'test failure on git master with
decrypt-session-key.scm (and: continuous integration?)'

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-28 20:30:48 +01:00
Daniel Kahn Gillmor
ccb420380b Fix spelling.
--

Clean up several other misspellings noticed while reviewing Yuri's
de-duplication patch.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Damien Goutte-Gattat
a85731ada2
gpg: Fix misleading log message when checking regexp.
* src/trustdb.c (check_regexp): Correctly print whether the
regexp matched or not.
--

This patch fixes the log message displayed when gpg attempts to
match the regexp associated with a trust signature with an user ID.
The current message interprets the 'ret' variable backwards, and
displays 'YES' when the regexp actually fails to match.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-01-23 10:48:06 +01:00
Daniel Kahn Gillmor
38671cfe5a g10: avoid warning when --disable-tofu
If configured with --disable-tofu, we see compiler warnings about an
unused variable.  This should remove those warnings.
2017-01-04 13:18:04 -05:00
Neal H. Walfield
03a65a5323 g10: Avoid gratuitously loading a keyblock when it is already available
* g10/trust.c (get_validity): Add new, optional parameter KB.  Only
load the keyblock if KB is NULL.  Update callers.
(get_validity): Likewise.
* g10/trustdb.c (tdb_get_validity_core): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2812
2016-11-23 12:29:22 +01:00
Neal H. Walfield
44c17bcb00 g10: If the set of UTKs changes, invalidate any changed policies.
* g10/trustdb.c (tdb_utks): New function.
* g10/tofu.c (check_utks): New function.
(initdb): Call it.
* tests/openpgp/tofu.scm: Modify test to check the effective policy of
keys whose effective policy changes when we change the set of UTKs.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

If the set of ultimately trusted keys changes, then it is possible
that a binding's effective policy changes.  To deal with this, we
detect when the set of ultimately trusted keys changes and invalidate
all cached policies.
2016-11-22 15:24:05 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Justus Winter
c0e620cee8 g10: Add missing header.
* g10/trustdb.c: Include 'mbox-util.h'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-15 14:46:06 +02:00
Neal H. Walfield
3f7f744731 g10: Only consider bindings matching the signer's user id.
* g10/trustdb.c (tdb_get_validity_core): If the signer's user id
subpacket is present, only consider matching user ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-15 12:21:35 +02:00
Neal H. Walfield
875ac9216f g10: Record and show statistics for encrypted messages when using TOFU
* g10/tofu.c: Include "sqrtu32.h".
(struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
get_trust_gather_signature_stats.  Add new field
get_trust_gather_encryption_stats.
(initdb): Create the encryptions table.
(ask_about_binding): Show the encryption statistics too.
(tofu_register): Rename from this...
(tofu_register_signature): ... to this and update callers.
(tofu_register_encryption): New function.
(write_stats_status): Add parameters encryption_count,
encryption_first_done and encryption_most_recent.  Update callers.
Compute the trust using the euclidean distance of the signature and
signature count.  Compare with twice the threshold.  Include
encryption count information in the TFS and TOFU_STATS lines.
(show_statistics): Also get information about the encrypted messages.
* g10/trustdb.c (tdb_get_validity_core): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-06 21:37:48 +02:00
Neal H. Walfield
9082bde01c g10: Don't add user attributes to the TOFU DB.
* g10/trustdb.c (tdb_get_validity_core): Skip user attributes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-09-05 16:48:51 +02:00
Neal H. Walfield
6052c14709 g10: Change tofu_register & tofu_get_validity to process multiple uids.
* g10/tofu.c (tofu_register): Take a list of user ids, not a single
user id.  Only register the bindings, don't compute the trust.  Thus,
change return type to an int and remove the may_ask parameter.  Update
callers.
(tofu_get_validity): Take a list of user ids, not a single user id.
Update callers.  Observe signatures made by expired user ids, but
don't include them in the trust calculation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-08-30 16:06:37 +02:00
Justus Winter
44d4c69572 g10: Fix memory leak.
* g10/trustdb.c (tdb_get_validity_core): Fix kbnode leak.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-07-01 12:48:57 +02:00
Werner Koch
754b1c4630
gpg: Store the Tofu meta handle for databases in CTRL.
* g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
(struct server_control_s): Add field tofu.dbs.
* g10/tofu.c (struct dbs): Rename to tofu_dbs_s.  Replace all users by
by tofu_dbs_t.
(opendbs):  Add arg CTRL.  Cache the DBS in CTRL.
(closedbs): Rename to tofu_closedbs and make global.  Add arg CTRL.
(tofu_register): Add arg CTRL.  Change all callers.  Do not call
closedbs.
(tofu_get_validity): Ditto.
(tofu_set_policy): Ditto.
(tofu_get_policy): Ditto.
(tofu_set_policy_by_keyid): Add arg CTRL.
* g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 12:26:44 +02:00
Werner Koch
027c4e5552
gpg: Pass CTRL object down to the trust functions
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-21 11:41:49 +02:00
Werner Koch
ae1889320b
gpg: Extend TRUST_foo status lines with the trust model.
* g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
* g10/trustdb.c (trust_model_string): Lowercase the strings.  Add arg
"model" and change callers to call with OPT.TRUST_MODEL.
* g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
* g10/pkclist.c (write_trust_status): New.
(check_signatures_trust): Call new function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-02 19:10:59 +02:00
Werner Koch
64bfeafa52
gpg: Remove all assert.h and s/assert/log_assert/.
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-29 11:05:24 +02:00
Werner Koch
7b58a1118d
gpg: Replace use of "gpg2" by GPG_NAME
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-05 11:11:11 +02:00
Werner Koch
af9a4afbf0
gpg: Silence trustdb computation with --quiet.
* g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-03-19 14:43:28 +01:00
Werner Koch
bdb6135177
gpg: Silence message about ignoring revoked user ids.
* g10/trustdb.c (tdb_get_validity_core): Print message only in debug
mode.
--

This makes only sense for debugging.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-20 15:51:18 +01:00
Werner Koch
437965e562
Use ngettext for some strings.
* scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
some diagnostics.
(do_genkey): Ditto.
* g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
* g10/keylist.c (print_signature_stats): Ditto.
* g10/keyserver.c (keyserver_refresh): Ditto.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/sign.c (do_sign): Ditto.
* g10/trustdb.c (reset_trust_records): Ditto.
(validate_keys): Use a table like diagnostic output.
--

Suggested-by: Ineiev <ineiev@gnu.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-18 11:20:15 +01:00
Werner Koch
8a56a38387
gpg: Avoid warnings about possible NULL deref.
* g10/getkey.c (cache_public_key): Protect deref of CE which actually
can't happen.
* g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
* g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
DB.
* g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
ERR.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
008aa6e6d4
gpg: Fix warnings about useless assignments.
* g10/armor.c (parse_hash_header): Remove duplicate var assignment.
* g10/getkey.c (cache_user_id): Ditto.
* g10/keygen.c (ask_curve): Ditto.  This also fixes a small memory
leak.

* g10/keygen.c (proc_parameter_file): Remove useless assignment or
pointer increment.
(generate_keypair): Ditto.
* g10/getkey.c (finish_lookup, lookup): Ditto.
* g10/card-util.c (change_pin): Ditto.
* g10/gpg.c (main) <aVerify>: Ditto.
* g10/import.c (import): Ditto.
(print_import_check): Ditto
* g10/keyring.c (do_copy): Ditto.
* g10/tdbio.c (tdbio_read_record): Ditto.
* g10/trustdb.c (tdb_update_ownertrust): Ditto.
(update_validity): Ditto.

* g10/server.c (cmd_passwd): Remove useless call to skip_options.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-07 19:09:16 +01:00
Werner Koch
a28ac99efe
gpg: Take care of keydb_new returning NULL.
* g10/keydb.c (keydb_new): Print an error message if needed.  Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.

* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.

* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--

Commit 04a6b903 changed keydb_new to return an error.  However the
error was not checked at most places which we fix with this patch.  To
make things easier keydb_new prints an error message itself.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
Werner Koch
022342e284
Silence unused variable or parameter warnings.
--
2015-11-27 18:32:26 +01:00
Neal H. Walfield
58e4a492e2 gpg: Change keydb_search to not return legacy keys.
* g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
If set, skip any legacy keys.  Update callers.
* g10/keydb.c (keydb_search): Skip any legacy keys.
(keydb_search_first): Don't skip legacy keys.  Treat them
as an error.
(keydb_search_next): Likewise.
(keydb_search_fpr): Likewise.
* g10/export.c (do_export_stream): Likewise.
* g10/getkey.c (lookup): Likewise.
(have_secret_key_with_kid): Likewise.
* g10/keylist.c (list_all): Likewise.
(keyring_rebuild_cache): Likewise.
* g10/keyserver.c (keyidlist): Likewise.
* g10/trustdb.c (validate_key_list): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 14:53:05 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Werner Koch
e7d7160ab7
gpg: Simplify the tofu interface by using the public key packet.
* g10/tofu.c (fingerprint_str): Remove.
(tofu_register): Take a public key instead of a fingerprint as arg.
Use hexfingerprint() to get a fpr from the PK.
(tofu_get_validity): Ditto.
(tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
* g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
instead of the fingerprint to the tofu functions.
--

This change has the advantage that we are not bound to a specific
fingerprint length and will thus helps us to implement rfc4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-13 16:42:59 +01:00
Neal H. Walfield
67c701d1e5 gpg: Default to the the PGP trust model.
* g10/trustdb.c (init_trustdb): If we can't read the trust model from
the trust DB, default to TM_PGP, not TM_TOFU_PGP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-10 08:05:17 +01:00
Neal H. Walfield
641df615da gpg: Display the correct error message.
* g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
RC does not contain the error code.  Save the error code in rc2 and
use that.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:42 +01:00
Neal H. Walfield
d68bdc553a gpg: Eliminate a memory leak.
* g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
failure.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-29 10:10:41 +01:00
Neal H. Walfield
9afeb4cca1 gpg: If the saved trust model is unknown, default to tofu+pgp.
* g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
default to tofu+pgp instead of pgp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:50 +02:00
Neal H. Walfield
8c3b7915d6 gpg: Don't accidentally free UTK_LIST.
* g10/trustdb.c (validate_keys): Don't free UTK_LIST.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
cbaca254ac gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:49 +02:00
Neal H. Walfield
d05ff81732 gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-21 13:45:48 +02:00