diff options
| author | David Shaw <[email protected]> | 2008-11-18 17:15:07 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2008-11-18 17:15:07 +0000 |
| commit | 9d76ee5147cdcd250efd469f88a5f89a45e020b6 (patch) | |
| tree | 14c14c6281d1d526c4c92e2b7c4f642f3e4ab88b | |
| parent | * curl-shim.h (curl_version): No need to provide a version for (diff) | |
| download | gnupg-9d76ee5147cdcd250efd469f88a5f89a45e020b6.tar.gz gnupg-9d76ee5147cdcd250efd469f88a5f89a45e020b6.zip | |
* trustdb.c (validate_one_keyblock): Fix the trust signature
calculations so that we lower the trust depth of signatures to fit
within the current chain, rather than discarding any signature that
does not fit within the trust depth.
| -rw-r--r-- | g10/ChangeLog | 7 | ||||
| -rw-r--r-- | g10/trustdb.c | 102 |
2 files changed, 69 insertions, 40 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 439333294..3747350d2 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2008-11-18 David Shaw <[email protected]> + + * trustdb.c (validate_one_keyblock): Fix the trust signature + calculations so that we lower the trust depth of signatures to fit + within the current chain, rather than discarding any signature + that does not fit within the trust depth. + 2008-10-03 David Shaw <[email protected]> * main.h, mainproc.c (check_sig_and_print), diff --git a/g10/trustdb.c b/g10/trustdb.c index 10f82ef97..57684590a 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1,6 +1,6 @@ /* trustdb.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1933,50 +1933,72 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, (uidnode && check_regexp(kr->trust_regexp, uidnode->pkt->pkt.user_id->name)))) { - if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth) - log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n", - uidnode->pkt->pkt.user_id->name,sig->trust_depth, - kr->trust_depth); - /* Are we part of a trust sig chain? We always favor the latest trust sig, rather than the greater or lesser trust sig or value. I could make a decent argument for any of these cases, but this seems to be what PGP does, and I'd like to be compatible. -dms */ - if(opt.trust_model==TM_PGP && sig->trust_depth - && pk->trust_timestamp<=sig->timestamp - && (sig->trust_depth<=kr->trust_depth - || kr->ownertrust==TRUST_ULTIMATE)) + if(opt.trust_model==TM_PGP + && sig->trust_depth + && pk->trust_timestamp<=sig->timestamp) { - /* If we got here, we know that: - - this is a trust sig. - - it's a newer trust sig than any previous trust - sig on this key (not uid). - - it is legal in that it was either generated by an - ultimate key, or a key that was part of a trust - chain, and the depth does not violate the - original trust sig. - - if there is a regexp attached, it matched - successfully. - */ - - if(DBG_TRUST) - log_debug("replacing trust value %d with %d and " - "depth %d with %d\n", - pk->trust_value,sig->trust_value, - pk->trust_depth,sig->trust_depth); - - pk->trust_value=sig->trust_value; - pk->trust_depth=sig->trust_depth-1; - - /* If the trust sig contains a regexp, record it - on the pk for the next round. */ - if(sig->trust_regexp) - pk->trust_regexp=sig->trust_regexp; + byte depth; + + /* If the depth on the signature is less than the + chain currently has, then use the signature depth + so we don't increase the depth beyond what the + signer wanted. If the depth on the signature is + more than the chain currently has, then use the + chain depth so we use as much of the signature + depth as the chain will permit. An ultimately + trusted signature can restart the depth to + whatever level it likes. */ + + if(sig->trust_depth<kr->trust_depth + || kr->ownertrust==TRUST_ULTIMATE) + depth=sig->trust_depth; + else + depth=kr->trust_depth; + + if(depth) + { + if(DBG_TRUST) + log_debug("trust sig on %s, sig depth is %d," + " kr depth is %d\n", + uidnode->pkt->pkt.user_id->name, + sig->trust_depth, + kr->trust_depth); + + /* If we got here, we know that: + + this is a trust sig. + + it's a newer trust sig than any previous trust + sig on this key (not uid). + + it is legal in that it was either generated by an + ultimate key, or a key that was part of a trust + chain, and the depth does not violate the + original trust sig. + + if there is a regexp attached, it matched + successfully. + */ + + if(DBG_TRUST) + log_debug("replacing trust value %d with %d and " + "depth %d with %d\n", + pk->trust_value,sig->trust_value, + pk->trust_depth,depth); + + pk->trust_value=sig->trust_value; + pk->trust_depth=depth-1; + + /* If the trust sig contains a regexp, record it + on the pk for the next round. */ + if(sig->trust_regexp) + pk->trust_regexp=sig->trust_regexp; + } } if (kr->ownertrust == TRUST_ULTIMATE) |