diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/getkey.c | 7 | ||||
| -rw-r--r-- | g10/gpg.c | 14 | ||||
| -rw-r--r-- | g10/import.c | 1 | ||||
| -rw-r--r-- | g10/keyedit.c | 35 | ||||
| -rw-r--r-- | g10/keyedit.h | 1 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/pkclist.c | 6 |
7 files changed, 60 insertions, 5 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 1b37c597d..15905dc63 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -685,7 +685,7 @@ skip_unusable (void *opaque, u32 * keyid, int uid_no) pk = keyblock->pkt->pkt.public_key; /* Is the key revoked or expired? */ - if (pk->flags.revoked || pk->has_expired) + if (pk->flags.revoked || (pk->has_expired && !opt.ignore_expiration)) unusable = 1; /* Is the user ID in question revoked or expired? */ @@ -704,7 +704,8 @@ skip_unusable (void *opaque, u32 * keyid, int uid_no) if (uids_seen != uid_no) continue; - if (user_id->flags.revoked || user_id->flags.expired) + if (user_id->flags.revoked + || (user_id->flags.expired && !opt.ignore_expiration)) unusable = 1; break; @@ -3736,7 +3737,7 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, n_revoked_or_expired++; continue; } - if (pk->has_expired) + if (pk->has_expired && !opt.ignore_expiration) { if (DBG_LOOKUP) log_debug ("\tsubkey has expired\n"); @@ -68,6 +68,7 @@ #include "../common/shareddefs.h" #include "../common/compliance.h" #include "../common/comopt.h" +#include "../kbx/keybox.h" #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__) #define MY_O_BINARY O_BINARY @@ -233,6 +234,7 @@ enum cmd_and_opt_values oDebugIOLBF, oDebugSetIobufSize, oDebugAllowLargeChunks, + oDebugIgnoreExpiration, oStatusFD, oStatusFile, oAttributeFD, @@ -447,6 +449,7 @@ enum cmd_and_opt_values oCompatibilityFlags, oAddDesigRevoker, oAssertSigner, + oKbxBufferSize, oNoop }; @@ -605,7 +608,6 @@ static gpgrt_opt_t opts[] = { N_("|FILE|write server mode logs to FILE")), ARGPARSE_s_s (oLoggerFile, "logger-file", "@"), /* 1.4 compatibility. */ ARGPARSE_s_n (oLogTime, "log-time", "@"), - ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"), ARGPARSE_header ("Configuration", @@ -926,6 +928,9 @@ static gpgrt_opt_t opts[] = { /* Esoteric compatibility options. */ ARGPARSE_s_n (oRFC2440Text, "rfc2440-text", "@"), ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"), + ARGPARSE_p_u (oKbxBufferSize, "kbx-buffer-size", "@"), + ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"), + ARGPARSE_s_n (oDebugIgnoreExpiration, "debug-ignore-expiration", "@"), ARGPARSE_header (NULL, ""), /* Stop the header group. */ @@ -2848,6 +2853,10 @@ main (int argc, char **argv) allow_large_chunks = 1; break; + case oDebugIgnoreExpiration: + opt.ignore_expiration = 1; + break; + case oCompatibilityFlags: if (parse_compatibility_flags (pargs.r.ret_str, &opt.compat_flags, compatibility_flags)) @@ -3743,6 +3752,9 @@ main (int argc, char **argv) add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str); break; + case oKbxBufferSize: + keybox_set_buffersize (pargs.r.ret_ulong, 0); + break; case oNoop: break; diff --git a/g10/import.c b/g10/import.c index 5e44942e7..987fef3cd 100644 --- a/g10/import.c +++ b/g10/import.c @@ -2136,6 +2136,7 @@ import_one_real (ctrl_t ctrl, list_keyblock_direct (ctrl, keyblock, from_sk, 0, opt.fingerprint || opt.with_fingerprint, 1); es_fflush (es_stdout); + no_usable_encr_subkeys_warning (keyblock); } /* Write the keyblock to the output and do not actually import. */ diff --git a/g10/keyedit.c b/g10/keyedit.c index a91cc4447..4b767aed6 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1501,6 +1501,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, run_subkey_warnings = 0; if (!count_selected_keys (keyblock)) subkey_expire_warning (keyblock); + no_usable_encr_subkeys_warning (keyblock); } if (delseckey_list_warn) @@ -4258,6 +4259,40 @@ subkey_expire_warning (kbnode_t keyblock) } +/* Print a warning if all encryption (sub|primary)keys are expired. + * The warning is not printed if there is no encryption + * (sub|primary)key at all. This function is called after the expire + * data of the primary key has been changed. */ +void +no_usable_encr_subkeys_warning (kbnode_t keyblock) +{ + kbnode_t node; + PKT_public_key *pk; + int any_encr_key = 0; + + for (node = keyblock; node; node = node->next) + { + if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + pk = node->pkt->pkt.public_key; + if ((pk->pubkey_usage & PUBKEY_USAGE_ENC)) + { + any_encr_key = 1; + if (pk->flags.valid && !pk->has_expired && !pk->flags.revoked + && !pk->flags.disabled) + { + return; /* Key is usable for encryption */ + } + } + } + } + + if (any_encr_key && !opt.quiet) + log_info (_("WARNING: No valid encryption subkey left over.\n")); +} + + /* * Ask for a new user id, add the self-signature, and update the * keyblock. If UIDSTRING is not NULL the user ID is generated diff --git a/g10/keyedit.h b/g10/keyedit.h index 3ed0d0fea..abf7314af 100644 --- a/g10/keyedit.h +++ b/g10/keyedit.h @@ -63,5 +63,6 @@ int keyedit_print_one_sig (ctrl_t ctrl, estream_t fp, kbnode_t node, int *inv_sigs, int *no_key, int *oth_err, int is_selfsig, int print_without_key, int extended); +void no_usable_encr_subkeys_warning (kbnode_t keyblock); #endif /* GNUPG_G10_KEYEDIT_H */ diff --git a/g10/options.h b/g10/options.h index 9015e321f..914c24849 100644 --- a/g10/options.h +++ b/g10/options.h @@ -208,6 +208,7 @@ struct int ignore_valid_from; int ignore_crc_error; int ignore_mdc_error; + int ignore_expiration; int command_fd; const char *override_session_key; int show_session_key; diff --git a/g10/pkclist.c b/g10/pkclist.c index 2e8932b9c..42e124e9e 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -417,7 +417,11 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel ) if(trustlevel & TRUST_FLAG_REVOKED || trustlevel & TRUST_FLAG_SUB_REVOKED || (trustlevel & TRUST_MASK) == TRUST_EXPIRED) - BUG(); + { + if (opt.ignore_expiration) + return 0; + BUG (); + } if( opt.trust_model==TM_ALWAYS ) { |