aboutsummaryrefslogtreecommitdiffstats
path: root/g10/key-clean.c
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2023-01-30 14:59:15 +0000
committerWerner Koch <[email protected]>2023-01-30 14:59:15 +0000
commitd11d3cf85b948cb2aedff230fc19fe5925d1ecd1 (patch)
tree9353d77cd56bdd5c36da2a8ca1766b51219e90be /g10/key-clean.c
parentgpgtar: Fix new --status-fd handling. (diff)
downloadgnupg-d11d3cf85b948cb2aedff230fc19fe5925d1ecd1.tar.gz
gnupg-d11d3cf85b948cb2aedff230fc19fe5925d1ecd1.zip
gpg: For readibility use macro instead of integers in key-clean.
* g10/key-clean.c (NF_USABLE, NF_CONSIDER): New. (NF_PROCESSED, NF_REVOC, NF_NOKEY): New.
Diffstat (limited to 'g10/key-clean.c')
-rw-r--r--g10/key-clean.c76
1 files changed, 42 insertions, 34 deletions
diff --git a/g10/key-clean.c b/g10/key-clean.c
index 9320428c8..c8a6efe50 100644
--- a/g10/key-clean.c
+++ b/g10/key-clean.c
@@ -35,14 +35,19 @@
#include "key-clean.h"
+#define NF_USABLE 8 /* Usable signature and not a revocation. */
+#define NF_CONSIDER 9 /* Internal use. */
+#define NF_PROCESSED 10 /* Internal use. */
+#define NF_REVOC 11 /* Usable revocation. */
+#define NF_NOKEY 12 /* Key not available. */
+
/*
* Mark the signature of the given UID which are used to certify it.
* To do this, we first remove all signatures which are not valid and
* from the remaining we look for the latest one. If this is not a
* certification revocation signature we mark the signature by setting
- * node flag bit 8. Revocations are marked with flag 11, and sigs
- * from unavailable keys are marked with flag 12. Note that flag bits
- * 9 and 10 are used for internal purposes.
+ * node flag bit NF_USABLE. Revocations are marked with NF_REVOC, and
+ * sigs from unavailable keys are marked with NF_NOKEY.
*/
void
mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
@@ -57,7 +62,8 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
{
int rc;
- node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
+ node->flag &= ~(1<<NF_USABLE | 1<<NF_CONSIDER
+ | 1<<NF_PROCESSED | 1<<NF_REVOC | 1<<NF_NOKEY);
if (node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY)
@@ -81,19 +87,20 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
/* we ignore anything that won't verify, but tag the
no_pubkey case */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
- node->flag |= 1<<12;
+ node->flag |= 1<<NF_NOKEY;
continue;
}
- node->flag |= 1<<9;
+ node->flag |= 1<<NF_CONSIDER;
}
/* Reset the remaining flags. */
for (; node; node = node->next)
- node->flag &= ~(1<<8 | 1<<9 | 1<<10 | 1<<11 | 1<<12);
+ node->flag &= ~(1<<NF_USABLE | 1<<NF_CONSIDER
+ | 1<<NF_PROCESSED | 1<<NF_REVOC | 1<<NF_NOKEY);
- /* kbnode flag usage: bit 9 is here set for signatures to consider,
- * bit 10 will be set by the loop to keep track of keyIDs already
- * processed, bit 8 will be set for the usable signatures, and bit
- * 11 will be set for usable revocations. */
+ /* kbnode flag usage: bit NF_CONSIDER is here set for signatures to consider,
+ * bit NF_PROCESSED will be set by the loop to keep track of keyIDs already
+ * processed, bit NF_USABLE will be set for the usable signatures, and bit
+ * NF_REVOC will be set for usable revocations. */
/* For each cert figure out the latest valid one. */
for (node=uidnode->next; node; node = node->next)
@@ -105,11 +112,11 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY)
break;
- if ( !(node->flag & (1<<9)) )
+ if ( !(node->flag & (1<<NF_CONSIDER)) )
continue; /* not a node to look at */
- if ( (node->flag & (1<<10)) )
+ if ( (node->flag & (1<<NF_PROCESSED)) )
continue; /* signature with a keyID already processed */
- node->flag |= (1<<10); /* mark this node as processed */
+ node->flag |= (1<<NF_PROCESSED); /* mark this node as processed */
sig = node->pkt->pkt.signature;
signode = node;
sigdate = sig->timestamp;
@@ -121,14 +128,14 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| n->pkt->pkttype == PKT_SECRET_SUBKEY)
break;
- if ( !(n->flag & (1<<9)) )
+ if ( !(n->flag & (1<<NF_CONSIDER)) )
continue;
- if ( (n->flag & (1<<10)) )
+ if ( (n->flag & (1<<NF_PROCESSED)) )
continue; /* shortcut already processed signatures */
sig = n->pkt->pkt.signature;
if (kid[0] != sig->keyid[0] || kid[1] != sig->keyid[1])
continue;
- n->flag |= (1<<10); /* mark this node as processed */
+ n->flag |= (1<<NF_PROCESSED); /* mark this node as processed */
/* If signode is nonrevocable and unexpired and n isn't,
then take signode (skip). It doesn't matter which is
@@ -197,13 +204,13 @@ mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
if (expire==0 || expire > curtime )
{
- signode->flag |= (1<<8); /* yeah, found a good cert */
+ signode->flag |= (1<<NF_USABLE); /* yeah, found a good cert */
if (next_expire && expire && expire < *next_expire)
*next_expire = expire;
}
}
else
- signode->flag |= (1<<11);
+ signode->flag |= (1<<NF_REVOC);
}
}
@@ -231,12 +238,13 @@ clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
signatures are out, as are any signatures that aren't the last of
a series of uid sigs or revocations It breaks down like this:
coming out of mark_usable_uid_certs, if a sig is unflagged, it is
- not even a candidate. If a sig has flag 9 or 10, that means it
- was selected as a candidate and vetted. If a sig has flag 8 it
- is a usable signature. If a sig has flag 11 it is a usable
- revocation. If a sig has flag 12 it was issued by an unavailable
- key. "Usable" here means the most recent valid
- signature/revocation in a series from a particular signer.
+ not even a candidate. If a sig has flag NF_CONSIDER or
+ NF_PROCESSED, that means it was selected as a candidate and
+ vetted. If a sig has flag NF_USABLE it is a usable signature.
+ If a sig has flag NF_REVOC it is a usable revocation. If a sig
+ has flag NF_NOKEY it was issued by an unavailable key. "Usable"
+ here means the most recent valid signature/revocation in a series
+ from a particular signer.
Delete everything that isn't a usable uid sig (which might be
expired), a usable revocation, or a sig from an unavailable
@@ -252,34 +260,34 @@ clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
&& node->pkt->pkt.signature->keyid[1] == keyid[1]) : 1;
/* Keep usable uid sigs ... */
- if ((node->flag & (1<<8)) && keep)
+ if ((node->flag & (1<<NF_USABLE)) && keep)
continue;
/* ... and usable revocations... */
- if ((node->flag & (1<<11)) && keep)
+ if ((node->flag & (1<<NF_REVOC)) && keep)
continue;
/* ... and sigs from unavailable keys. */
/* disabled for now since more people seem to want sigs from
unavailable keys removed altogether. */
/*
- if(node->flag & (1<<12))
+ if(node->flag & (1<<NF_NOKEY))
continue;
*/
/* Everything else we delete */
- /* At this point, if 12 is set, the signing key was unavailable.
- If 9 or 10 is set, it's superseded. Otherwise, it's
- invalid. */
+ /* At this point, if NF_NOKEY is set, the signing key was
+ * unavailable. If NF_CONSIDER or NF_PROCESSED is set, it's
+ * superseded. Otherwise, it's invalid. */
if (noisy)
log_info ("removing signature from key %s on user ID \"%s\": %s\n",
keystr (node->pkt->pkt.signature->keyid),
uidnode->pkt->pkt.user_id->name,
- node->flag&(1<<12)? "key unavailable":
- node->flag&(1<<9)? "signature superseded"
- /* */ :"invalid signature" );
+ node->flag&(1<<NF_NOKEY)? "key unavailable":
+ node->flag&(1<<NF_CONSIDER)? "signature superseded"
+ /* */ : "invalid signature" );
delete_kbnode (node);
deleted++;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 07:55:13 +0000