diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 12 | ||||
| -rw-r--r-- | g10/free-packet.c | 2 | ||||
| -rw-r--r-- | g10/gpg.c | 2 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/revoke.c | 46 |
5 files changed, 56 insertions, 8 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 3fed50a21..ca5d8d8bb 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,12 @@ +2005-11-19 David Shaw <[email protected]> + + * free-packet.c (copy_secret_key): Copy secret key into secure + memory since we may unprotect it. + + * main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local + user support so users can use -u with --desig-revoke. This + bypasses the interactive walk over the revocation keys. + 2005-11-17 David Shaw <[email protected]> * keyedit.c (keyedit_menu, menu_clean): Simplify clean options to @@ -16,7 +25,8 @@ * armor.c (parse_header_line): A fussy bit of 2440: header lines are delimited with a colon-space pair. Therefore a line such as - "Comment: " is actually legal, albeit not particularly useful. + "Comment: " (with a trailing space) is actually legal, albeit not + particularly useful. 2005-11-11 David Shaw <[email protected]> diff --git a/g10/free-packet.c b/g10/free-packet.c index 01ab543dd..be49bb5e4 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -285,7 +285,7 @@ copy_secret_key( PKT_secret_key *d, PKT_secret_key *s ) int n, i; if( !d ) - d = xmalloc(sizeof *d); + d = xmalloc_secure(sizeof *d); else release_secret_key_parts (d); memcpy( d, s, sizeof *d ); @@ -3417,7 +3417,7 @@ main (int argc, char **argv ) if( argc != 1 ) wrong_args("--desig-revoke user-id"); username = make_username(*argv); - gen_desig_revoke( username ); + gen_desig_revoke( username, locusr ); xfree( username ); break; diff --git a/g10/main.h b/g10/main.h index 9eda7c51d..b9b6f400d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -237,7 +237,7 @@ int enarmor_file( const char *fname ); /*-- revoke.c --*/ struct revocation_reason_info; int gen_revoke( const char *uname ); -int gen_desig_revoke( const char *uname ); +int gen_desig_revoke( const char *uname, STRLIST locusr); int revocation_reason_build_cb( PKT_signature *sig, void *opaque ); struct revocation_reason_info * ask_revocation_reason( int key_rev, int cert_rev, int hint ); diff --git a/g10/revoke.c b/g10/revoke.c index f5860f409..c2deefa83 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -197,7 +197,7 @@ export_minimal_pk(IOBUF out,KBNODE keyblock, * Generate a revocation certificate for UNAME via a designated revoker */ int -gen_desig_revoke( const char *uname ) +gen_desig_revoke( const char *uname, STRLIST locusr ) { int rc = 0; armor_filter_context_t afx; @@ -211,6 +211,7 @@ gen_desig_revoke( const char *uname ) KBNODE keyblock=NULL,node; u32 keyid[2]; int i,any=0; + SK_LIST sk_list=NULL; if( opt.batch ) { @@ -246,6 +247,13 @@ gen_desig_revoke( const char *uname ) keyid_from_pk(pk,keyid); + if(locusr) + { + rc=build_sk_list(locusr,&sk_list,0,PUBKEY_USAGE_CERT); + if(rc) + goto leave; + } + /* Are we a designated revoker for this key? */ if(!pk->revkey && pk->numrevkeys) @@ -253,12 +261,39 @@ gen_desig_revoke( const char *uname ) for(i=0;i<pk->numrevkeys;i++) { + SK_LIST list; + if(sk) free_secret_key(sk); - sk=xmalloc_clear(sizeof(*sk)); + if(sk_list) + { + for(list=sk_list;list;list=list->next) + { + byte fpr[MAX_FINGERPRINT_LEN]; + size_t fprlen; + + fingerprint_from_sk(list->sk,fpr,&fprlen); + + /* Don't get involved with keys that don't have 160 + bit fingerprints */ + if(fprlen!=20) + continue; - rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN); + if(memcmp(fpr,pk->revkey[i].fpr,20)==0) + break; + } + + if(list) + sk=copy_secret_key(NULL,list->sk); + else + continue; + } + else + { + sk=xmalloc_secure_clear(sizeof(*sk)); + rc=get_seckey_byfprint(sk,pk->revkey[i].fpr,MAX_FINGERPRINT_LEN); + } /* We have the revocation key */ if(!rc) @@ -297,7 +332,8 @@ gen_desig_revoke( const char *uname ) goto leave; afx.what = 1; - afx.hdrlines = "Comment: A designated revocation certificate should follow\n"; + afx.hdrlines = "Comment: A designated revocation certificate" + " should follow\n"; iobuf_push_filter( out, armor_filter, &afx ); /* create it */ @@ -384,6 +420,8 @@ gen_desig_revoke( const char *uname ) if( sig ) free_seckey_enc( sig ); + release_sk_list(sk_list); + if( rc ) iobuf_cancel(out); else |