gnupg/g10 (ChangeLog import.c kbnode.c keydb.h trustdb.c)

cvs user dshaw cvs at cvs.gnupg.org
Sat Jul 9 04:09:16 CEST 2005 

    Date: Saturday, July 9, 2005 @ 04:34:04
  Author: dshaw
    Path: /cvs/gnupg/gnupg/g10

Modified: ChangeLog import.c kbnode.c keydb.h trustdb.c

* trustdb.c (clean_uids_from_key): Don't keep a valid selfsig around
when compacting a uid.  There is no reason to make an attacker's job
easier - this way they only have a revocation which is useless in
bringing the uid back.

* keydb.h, kbnode.c (undelete_kbnode): Removed.  No longer needed.

* import.c (chk_self_sigs): Allow a uid revocation to be enough to
allow importing a particular uid (no self sig needed).  This allows
importing compacted uids.


-----------+
 ChangeLog |   13 +++++++++++++
 import.c  |   13 +++++++------
 kbnode.c  |    7 -------
 keydb.h   |    1 -
 trustdb.c |   12 ++++--------
 5 files changed, 24 insertions(+), 22 deletions(-)


Index: gnupg/g10/ChangeLog
diff -u gnupg/g10/ChangeLog:1.761 gnupg/g10/ChangeLog:1.762
--- gnupg/g10/ChangeLog:1.761	Mon Jun 20 19:32:09 2005
+++ gnupg/g10/ChangeLog	Sat Jul  9 04:34:04 2005
@@ -1,3 +1,16 @@
+2005-07-08  David Shaw  <dshaw at jabberwocky.com>
+
+	* trustdb.c (clean_uids_from_key): Don't keep a valid selfsig
+	around when compacting a uid.  There is no reason to make an
+	attacker's job easier - this way they only have a revocation which
+	is useless in bringing the uid back.
+
+	* keydb.h, kbnode.c (undelete_kbnode): Removed.  No longer needed.
+
+	* import.c (chk_self_sigs): Allow a uid revocation to be enough to
+	allow importing a particular uid (no self sig needed).  This
+	allows importing compacted uids.
+
 2005-06-20  David Shaw  <dshaw at jabberwocky.com>
 
 	* keygen.c (save_unprotected_key_to_card): Better fix for gcc4
Index: gnupg/g10/import.c
diff -u gnupg/g10/import.c:1.125 gnupg/g10/import.c:1.126
--- gnupg/g10/import.c:1.125	Tue Jun 14 05:55:19 2005
+++ gnupg/g10/import.c	Sat Jul  9 04:34:04 2005
@@ -1346,12 +1346,13 @@
 	sig = n->pkt->pkt.signature;
 	if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
 
-	  /* This just caches the sigs for later use.  That way we
-	     import a fully-cached key which speeds things up. */
-	  if(!opt.no_sig_cache)
-	    check_key_signature(keyblock,n,NULL);
+	    /* This just caches the sigs for later use.  That way we
+	       import a fully-cached key which speeds things up. */
+	    if(!opt.no_sig_cache)
+	      check_key_signature(keyblock,n,NULL);
 
-	    if( (sig->sig_class&~3) == 0x10 ) {
+	    if( IS_UID_SIG(sig) || IS_UID_REV(sig) )
+	      {
 		KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
 		if( !unode )
 		  {
@@ -1381,7 +1382,7 @@
 		  else
 		    unode->flag |= 1; /* mark that signature checked */
 		}
-	    }
+	      }
 	    else if( sig->sig_class == 0x18 ) {
 	      /* Note that this works based solely on the timestamps
 		 like the rest of gpg.  If the standard gets
Index: gnupg/g10/kbnode.c
diff -u gnupg/g10/kbnode.c:1.27 gnupg/g10/kbnode.c:1.28
--- gnupg/g10/kbnode.c:1.27	Fri Jun 10 04:52:41 2005
+++ gnupg/g10/kbnode.c	Sat Jul  9 04:34:04 2005
@@ -114,13 +114,6 @@
     node->private_flag |= 1;
 }
 
-void
-undelete_kbnode( KBNODE node )
-{
-    node->private_flag &= ~1;
-}
-
-
 /****************
  * Append NODE to ROOT.  ROOT must exist!
  */
Index: gnupg/g10/keydb.h
diff -u gnupg/g10/keydb.h:1.93 gnupg/g10/keydb.h:1.94
--- gnupg/g10/keydb.h:1.93	Fri Jun 10 04:52:41 2005
+++ gnupg/g10/keydb.h	Sat Jul  9 04:34:04 2005
@@ -293,7 +293,6 @@
 KBNODE clone_kbnode( KBNODE node );
 void release_kbnode( KBNODE n );
 void delete_kbnode( KBNODE node );
-void undelete_kbnode( KBNODE node );
 void add_kbnode( KBNODE root, KBNODE node );
 void insert_kbnode( KBNODE root, KBNODE node, int pkttype );
 void move_kbnode( KBNODE *root, KBNODE node, KBNODE where );
Index: gnupg/g10/trustdb.c
diff -u gnupg/g10/trustdb.c:1.146 gnupg/g10/trustdb.c:1.147
--- gnupg/g10/trustdb.c:1.146	Tue Jun 14 05:55:19 2005
+++ gnupg/g10/trustdb.c	Sat Jul  9 04:34:04 2005
@@ -1672,9 +1672,6 @@
 	{
 	  PKT_user_id *uid=node->pkt->pkt.user_id;
 
-	  if(signode && !signode->pkt->pkt.signature->flags.chosen_selfsig)
-	    undelete_kbnode(signode);
-
 	  sigdate=0;
 	  signode=NULL;
 
@@ -1687,7 +1684,6 @@
 	  else
 	    {
 	      delete_until_next=1;
-	      deleted++;
 
 	      if(noisy)
 		{
@@ -1724,13 +1720,13 @@
 	    }
 
 	  if(delete_until_next && !sig->flags.chosen_selfsig)
-	    delete_kbnode(node);
+	    {
+	      delete_kbnode(node);
+	      deleted++;
+	    }
 	}
     }
 
-  if(signode && !signode->pkt->pkt.signature->flags.chosen_selfsig)
-    undelete_kbnode(signode);
-
   return deleted;
 }

More information about the Gnupg-commits mailing list