diff options
| -rw-r--r-- | g10/ChangeLog | 14 | ||||
| -rw-r--r-- | g10/getkey.c | 18 | ||||
| -rw-r--r-- | g10/revoke.c | 2 | ||||
| -rw-r--r-- | g10/trustdb.c | 8 |
4 files changed, 20 insertions, 22 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index df26e0730..96a087e37 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,17 @@ +2003-11-29 David Shaw <[email protected]> + + * trustdb.c (validate_keys): Reset the trustdb before checking if + we have any ultimately trusted keys. This ensures that if we lose + all our ultimately trusted keys, we don't leave behind the old + validity calculations. Noted by Peter Palfrader. + + * revoke.c (gen_desig_revoke): Specify in the comment when a + designated revocation is generated. + + * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, + get_seckey_byname2): Remove Elgamal check since we are removing + type 20 keys altogether. + 2003-11-27 David Shaw <[email protected]> * pkclist.c (build_pk_list): Do not allow an empty PK list in diff --git a/g10/getkey.c b/g10/getkey.c index 477ba9e34..72b80ba76 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1055,11 +1055,7 @@ get_seckey_byname2( GETKEY_CTX *retctx, ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST; rc = lookup( &ctx, &kb, 1 ); if (!rc && sk ) - { - sk_from_block ( &ctx, sk, kb ); - if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) - rc=G10ERR_UNU_SECKEY; - } + sk_from_block ( &ctx, sk, kb ); release_kbnode ( kb ); get_seckey_end( &ctx ); } @@ -1681,11 +1677,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } - - /* Type 20 Elgamal keys are not usable. */ - if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) - key_usage=0; - pk->pubkey_usage = key_usage; if ( !key_expire_seen ) { @@ -1902,13 +1893,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } - - /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are - not usable. */ - if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL - || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) - key_usage=0; - subpk->pubkey_usage = key_usage; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); diff --git a/g10/revoke.c b/g10/revoke.c index 51dfea20a..d33e2f4b7 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -294,7 +294,7 @@ gen_desig_revoke( const char *uname ) goto leave; afx.what = 1; - afx.hdrlines = "Comment: A revocation certificate should follow\n"; + afx.hdrlines = "Comment: A designated revocation certificate should follow\n"; iobuf_push_filter( out, armor_filter, &afx ); /* create it */ diff --git a/g10/trustdb.c b/g10/trustdb.c index c9f75b933..95d8c38c5 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1949,6 +1949,10 @@ validate_keys (int interactive) stored = new_key_hash_table (); used = new_key_hash_table (); full_trust = new_key_hash_table (); + + kdb = keydb_new (0); + reset_trust_records (kdb,NULL); + /* Fixme: Instead of always building a UTK list, we could just build it * here when needed */ if (!utk_list) @@ -1957,10 +1961,6 @@ validate_keys (int interactive) goto leave; } - kdb = keydb_new (0); - - reset_trust_records (kdb,NULL); - /* mark all UTKs as used and fully_trusted and set validity to ultimate */ for (k=utk_list; k; k = k->next) |