diff options
| author | NIIBE Yutaka <[email protected]> | 2022-01-17 04:58:58 +0000 |
|---|---|---|
| committer | NIIBE Yutaka <[email protected]> | 2022-01-17 04:58:58 +0000 |
| commit | 4cc724639c012215f59648cbb4b7631b9d352e36 (patch) | |
| tree | 2a85b36c4538b9980aa0dd569a8b8d9170feeb90 | |
| parent | gpgconf: Add command aliases -L -K -R. (diff) | |
| download | gnupg-4cc724639c012215f59648cbb4b7631b9d352e36.tar.gz gnupg-4cc724639c012215f59648cbb4b7631b9d352e36.zip | |
gpg: Fix adding the list of ultimate trusted keys.
* g10/keygen.c (do_generate_keypair): Remove call to
register_trusted_keyid for updating user_utk_list.
* g10/trust.c (register_trusted_keyid): Remove.
(update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_register_trusted_keyid): Make it internal
function by adding "static" qualifier.
Replace calls of register_trusted_keyid to tdb_register_trusted_keyid.
(tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.
--
Backport of master commit of:
4aeeaa65ad09fa72ee21c5597b1ce6255ec7dfa8
GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <[email protected]>
| -rw-r--r-- | g10/keygen.c | 3 | ||||
| -rw-r--r-- | g10/trust.c | 15 | ||||
| -rw-r--r-- | g10/trustdb.c | 49 | ||||
| -rw-r--r-- | g10/trustdb.h | 2 |
4 files changed, 51 insertions, 18 deletions
diff --git a/g10/keygen.c b/g10/keygen.c index 5d8cccb63..fee752376 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -5196,9 +5196,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key; - keyid_from_pk (pk, pk->main_keyid); - register_trusted_keyid (pk->main_keyid); - update_ownertrust (ctrl, pk, ((get_ownertrust (ctrl, pk) & ~TRUST_MASK) | TRUST_ULTIMATE )); diff --git a/g10/trust.c b/g10/trust.c index f7763bd0c..9749bd786 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -50,17 +50,6 @@ cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk) void -register_trusted_keyid (u32 *keyid) -{ -#ifdef NO_TRUST_MODELS - (void)keyid; -#else - tdb_register_trusted_keyid (keyid); -#endif -} - - -void register_trusted_key (const char *string) { #ifdef NO_TRUST_MODELS @@ -278,7 +267,11 @@ update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust) (void)pk; (void)new_trust; #else + u32 keyid[2]; + tdb_update_ownertrust (ctrl, pk, new_trust, 0); + keyid_from_pk (pk, keyid); + tdb_update_utk (keyid, (new_trust & TRUST_ULTIMATE)); #endif } diff --git a/g10/trustdb.c b/g10/trustdb.c index 3094bdcfc..1b6da96b0 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -192,7 +192,7 @@ release_key_array ( struct key_array *keys ) * before initializing the validation module. * FIXME: Should be replaced by a function to add those keys to the trustdb. */ -void +static void tdb_register_trusted_keyid (u32 *keyid) { struct key_item *k; @@ -217,7 +217,7 @@ tdb_register_trusted_key (const char *string) { if (desc.mode == KEYDB_SEARCH_MODE_LONG_KID) { - register_trusted_keyid (desc.u.kid); + tdb_register_trusted_keyid (desc.u.kid); return; } if (desc.mode == KEYDB_SEARCH_MODE_FPR @@ -225,7 +225,7 @@ tdb_register_trusted_key (const char *string) { kid[0] = buf32_to_u32 (desc.u.fpr+12); kid[1] = buf32_to_u32 (desc.u.fpr+16); - register_trusted_keyid (kid); + tdb_register_trusted_keyid (kid); return; } } @@ -257,6 +257,49 @@ add_utk (u32 *kid) } +/* Add/remove KID to/from the list of ultimately trusted keys. */ +void +tdb_update_utk (u32 *kid, int add) +{ + struct key_item *k, *k_prev; + + k_prev = NULL; + for (k = utk_list; k; k = k->next) + if (k->kid[0] == kid[0] && k->kid[1] == kid[1]) + break; + else + k_prev = k; + + if (add) + { + if (!k) + { + k = new_key_item (); + k->kid[0] = kid[0]; + k->kid[1] = kid[1]; + k->ownertrust = TRUST_ULTIMATE; + k->next = utk_list; + utk_list = k; + if ( opt.verbose > 1 ) + log_info(_("key %s: accepted as trusted key\n"), keystr(kid)); + } + } + else + { + if (k) + { + if (k_prev) + k_prev->next = k->next; + else + utk_list = NULL; + + xfree (k->trust_regexp); + xfree (k); + } + } +} + + /**************** * Verify that all our secret keys are usable and put them into the utk_list. */ diff --git a/g10/trustdb.h b/g10/trustdb.h index 758cfe3eb..595f8b236 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -75,13 +75,13 @@ const char *get_validity_string (ctrl_t ctrl, /*-- trustdb.c --*/ -void tdb_register_trusted_keyid (u32 *keyid); void tdb_register_trusted_key (const char *string); /* Returns whether KID is on the list of ultimately trusted keys. */ int tdb_keyid_is_utk (u32 *kid); /* Return the list of ultimately trusted keys. The caller must not * modify this list nor must it free the list. */ struct key_item *tdb_utks (void); +void tdb_update_utk (u32 *kid, int add); void check_trustdb (ctrl_t ctrl); void update_trustdb (ctrl_t ctrl); int setup_trustdb( int level, const char *dbname ); |