[git] GnuPG - branch, master, updated. gnupg-2.1.15-226-g4c0389f
by Neal H. Walfield
cvs at cvs.gnupg.org
Thu Oct 13 12:48:01 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c (commit)
via e09166c77273f459c8f87cab9224f85808af2cba (commit)
via 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74 (commit)
via 2282c3b761413dfa894300e70084bbd58908c0b1 (commit)
from 3ad17e72fa81d18c95732ddcd4def244f52bb5b1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Oct 13 12:44:59 2016 +0200
g10: Be more careful when checking cross signatures.
* g10/tofu.c (cross_sigs): When checking cross signatures, only
consider the signatures on the specified user id.
* tests/openpgp/tofu.scm: Add test for the above.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/README: New file.
--
Signed-off-by: Neal H. Walfield
diff --git a/g10/tofu.c b/g10/tofu.c
index 8184c6f..dcee6e7 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1211,7 +1211,7 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set,
/* Return 1 if A signed B and B signed A. */
static int
-cross_sigs (kbnode_t a, kbnode_t b)
+cross_sigs (const char *email, kbnode_t a, kbnode_t b)
{
int i;
@@ -1240,12 +1240,36 @@ cross_sigs (kbnode_t a, kbnode_t b)
u32 *signer_kid = pk_main_keyid (signer_pk);
kbnode_t n;
+ int saw_email = 0;
+
/* Iterate over SIGNEE's keyblock and see if there is a valid
signature from SIGNER. */
for (n = signee; n; n = n->next)
{
PKT_signature *sig;
+ if (n->pkt->pkttype == PKT_USER_ID)
+ {
+ if (saw_email)
+ /* We're done: we've processed all signatures on the
+ user id. */
+ break;
+ else
+ {
+ /* See if this is the matching user id. */
+ PKT_user_id *user_id = n->pkt->pkt.user_id;
+ char *email2 = email_from_user_id (user_id->name);
+
+ if (strcmp (email, email2) == 0)
+ saw_email = 1;
+
+ xfree (email2);
+ }
+ }
+
+ if (! saw_email)
+ continue;
+
if (n->pkt->pkttype != PKT_SIGNATURE)
continue;
@@ -1974,7 +1998,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)
for (j = i + 1; j < conflict_set_count; j ++)
/* Be careful: we might not have a key block for a key. */
- if (kb_all[i] && kb_all[j] && cross_sigs (kb_all[i], kb_all[j]))
+ if (kb_all[i] && kb_all[j] && cross_sigs (email, kb_all[i], kb_all[j]))
die[j] = 1;
}
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index e514ddf..96f7abe 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -159,3 +159,76 @@
(checkpolicy "BC15C85A" "ask")
(checkpolicy "2183839A" "bad")
(checkpolicy "EE37CF96" "ask")
+
+
+
+;; Check that we detect the following attack:
+;;
+;; Alice and Bob each have a key and cross sign them. Bob then adds a
+;; new user id, "Alice". TOFU should now detect a conflict, because
+;; Alice only signed Bob's "Bob" user id.
+
+(display "Checking cross sigs...\n")
+(define GPG `(,(tool 'gpg) --no-permission-warning
+ --faked-system-time=1476304861))
+
+;; Carefully remove the TOFU db.
+(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
+
+(define DIR "tofu/cross-sigs")
+;; The test keys.
+(define KEYA "1938C3A0E4674B6C217AC0B987DB2814EC38277E")
+(define KEYB "DC463A16E42F03240D76E8BA8B48C6BD871C2247")
+
+(define (verify-messages)
+ (for-each
+ (lambda (key)
+ (for-each
+ (lambda (i)
+ (let ((fn (in-srcdir DIR (string-append key "-" i ".txt"))))
+ (call-check `(, at GPG --trust-model=tofu --verify ,fn))))
+ (list "1" "2")))
+ (list KEYA KEYB)))
+
+;; Import the public keys.
+(display " > Two keys. ")
+(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-1.gpg"))))
+(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-1.gpg"))))
+;; Make sure the tofu engine registers the keys.
+(verify-messages)
+(display "<\n")
+
+;; Since their is no conflict, the policy should be auto.
+(checkpolicy KEYA "auto")
+(checkpolicy KEYB "auto")
+
+;; Import the cross sigs.
+(display " > Adding cross signatures. ")
+(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYA "-2.gpg"))))
+(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-2.gpg"))))
+(verify-messages)
+(display "<\n")
+
+;; There is still no conflict, so the policy shouldn't have changed.
+(checkpolicy KEYA "auto")
+(checkpolicy KEYB "auto")
+
+;; Import the conflicting user id.
+(display " > Adding conflicting user id. ")
+(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-3.gpg"))))
+(call-check `(, at GPG --trust-model=tofu
+ --verify ,(in-srcdir DIR (string-append KEYB "-1.txt"))))
+(verify-messages)
+(display "<\n")
+
+(checkpolicy KEYA "ask")
+(checkpolicy KEYB "ask")
+
+;; Import Alice's signature on the conflicting user id.
+(display " > Adding cross signature on user id. ")
+(call-check `(, at GPG --import ,(in-srcdir DIR (string-append KEYB "-4.gpg"))))
+(verify-messages)
+(display "<\n")
+
+(checkpolicy KEYA "auto")
+(checkpolicy KEYB "auto")
diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg
new file mode 100644
index 0000000..e6becec
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt
new file mode 100644
index 0000000..92236be
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt differ
diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg
new file mode 100644
index 0000000..d26bd54
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt
new file mode 100644
index 0000000..b4013d3
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt differ
diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt
new file mode 100644
index 0000000..9b2d49d
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt differ
diff --git a/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg
new file mode 100644
index 0000000..1839e3a
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg
new file mode 100644
index 0000000..f706f70
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt
new file mode 100644
index 0000000..0bdc1fc
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg
new file mode 100644
index 0000000..0b2485f
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt
new file mode 100644
index 0000000..4d3aaaa
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg
new file mode 100644
index 0000000..eb2c435
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt
new file mode 100644
index 0000000..9b2d49d
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg
new file mode 100644
index 0000000..9c98ec1
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg
new file mode 100644
index 0000000..a87c61b
Binary files /dev/null and b/tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg differ
diff --git a/tests/openpgp/tofu/cross-sigs/README b/tests/openpgp/tofu/cross-sigs/README
new file mode 100644
index 0000000..439962b
--- /dev/null
+++ b/tests/openpgp/tofu/cross-sigs/README
@@ -0,0 +1,79 @@
+# How I generate the keys and messages to verify:
+
+# Generate and export two non-conflicting keys.
+gpg --quick-gen-key 'Spy Cow <spy at cow.com>'
+gpg --quick-gen-key 'Spy R. Cow <spy at cow.de>'
+
+KEYIDA=1938C3A0E4674B6C217AC0B987DB2814EC38277E
+KEYIDB=DC463A16E42F03240D76E8BA8B48C6BD871C2247
+
+for KEYID in $KEYIDA $KEYIDB
+do
+ gpg --export $KEYID > tofu-$KEYID.gpg
+ gpg --export-secret-keys $KEYID > tofu-$KEYID-secret.gpg
+done
+
+# Sign some data.
+echo foo | gpg --default-key $KEYIDA -s > tofu-$KEYIDA-1.txt
+echo foo | gpg --default-key $KEYIDB -s > tofu-$KEYIDB-1.txt
+
+# Again, but with an issuer.
+echo foo | gpg --default-key "<spy at cow.com>" -s > tofu-$KEYIDA-2.txt
+echo foo | gpg --default-key "<spy at cow.de>" -s > tofu-$KEYIDB-2.txt
+
+# Have A sign B and vice versa.
+gpg --default-key $KEYIDA --quick-sign $KEYIDB
+gpg --default-key $KEYIDB --quick-sign $KEYIDA
+
+gpg --export $KEYIDA > tofu-$KEYIDA-2.gpg
+gpg --export $KEYIDB > tofu-$KEYIDB-2.gpg
+
+# Cause A and B to conflict.
+gpg --quick-adduid $KEYIDB 'Spy R. Cow <spy at cow.com>'
+gpg --export $KEYIDB > tofu-$KEYIDB-3.gpg
+
+echo foo | gpg --default-key "<spy at cow.com>" -s > tofu-$KEYIDA-3.txt
+echo foo | gpg --default-key "<spy at cow.com>" -s > tofu-$KEYIDB-3.txt
+
+# Have A sign B's conflicting user id.
+gpg --default-key $KEYIDA --quick-sign $KEYIDB
+gpg --export $KEYIDB > tofu-$KEYIDB-4.gpg
+
+exit 0
+
+# In a new directory (so the keys are not ultimately trusted).
+
+D=~/neal/work/gpg/test
+echo 'trust-model tofu+pgp' > gpg.conf
+gpg --import $D/tofu-$KEYIDA.gpg
+gpg --import $D/tofu-$KEYIDB.gpg
+gpg -k
+
+gpg --verify $D/tofu-$KEYIDA-1.txt
+gpg --verify $D/tofu-$KEYIDB-1.txt
+# With an issuer.
+gpg --verify $D/tofu-$KEYIDA-2.txt
+gpg --verify $D/tofu-$KEYIDB-2.txt
+
+# Import the cross signatures.
+gpg --import $D/tofu-$KEYIDA-2.gpg
+gpg --import $D/tofu-$KEYIDB-2.gpg
+gpg -k
+
+gpg --verify $D/tofu-$KEYIDA-1.txt
+gpg --verify $D/tofu-$KEYIDB-1.txt
+# With an issuer.
+gpg --verify $D/tofu-$KEYIDA-2.txt
+gpg --verify $D/tofu-$KEYIDB-2.txt
+
+
+gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDA-3.txt | grep TRUST_UNDEFINED
+gpg --status-fd=1 --batch --verify $D/tofu-$KEYIDB-3.txt | grep TRUST_UNDEFINED
+
+# Import the conflicting user id.
+gpg --import $D/tofu-$KEYIDB-3.gpg
+gpg -k
+
+# Import the cross signature, which should remove the conflict.
+gpg --import $D/tofu-$KEYIDB-4.gpg
+gpg -k
commit e09166c77273f459c8f87cab9224f85808af2cba
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Oct 13 12:38:19 2016 +0200
g10: Still check if the key is an UTK or cross signed in batch mode.
* g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
bail immediately. Instead, check if the key in question is an
ultimately trusted key or cross signed.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index b9416d5..8184c6f 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2131,12 +2131,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
case TOFU_POLICY_ASK:
/* We need to ask the user what to do. Case #1 or #2 below. */
- if (! may_ask)
- {
- trust_level = TRUST_UNDEFINED;
- goto out;
- }
-
break;
case TOFU_POLICY_NONE:
@@ -2296,18 +2290,19 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
if (! may_ask)
{
- /* We can only get here in the third case (no saved policy) and
- * if there is a conflict. (If the policy was ask (cases #1 and
- * #2) and we weren't allowed to ask, we'd have already exited). */
- log_assert (policy == TOFU_POLICY_NONE);
-
- if (record_binding (dbs, fingerprint, email, user_id,
- TOFU_POLICY_ASK,
- conflict_set && conflict_set->next
- ? conflict_set->next->d : NULL,
- 0, now) != 0)
- log_error (_("error setting TOFU binding's trust level to %s\n"),
- "ask");
+ log_assert (policy == TOFU_POLICY_NONE || policy == TOFU_POLICY_ASK);
+ if (policy == TOFU_POLICY_NONE)
+ {
+ /* We get here in the third case (no saved policy) and if
+ * there is a conflict. */
+ if (record_binding (dbs, fingerprint, email, user_id,
+ TOFU_POLICY_ASK,
+ conflict_set && conflict_set->next
+ ? conflict_set->next->d : NULL,
+ 0, now) != 0)
+ log_error (_("error setting TOFU binding's trust level to %s\n"),
+ "ask");
+ }
trust_level = TRUST_UNDEFINED;
goto out;
commit 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Oct 13 12:32:03 2016 +0200
g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
* g10/tofu.c (get_policy): If an sqlite operation fails, map the error
code to GPG_ERR_GENERAL.
(ask_about_binding): Likewise.
(build_conflict_set): Likewise.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index d7f4e4c..b9416d5 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1082,6 +1082,7 @@ get_policy (tofu_dbs_t dbs, const char *fingerprint, const char *email,
log_error (_("error reading TOFU database: %s\n"), err);
print_further_info ("checking for existing bad bindings");
sqlite3_free (err);
+ rc = gpg_error (GPG_ERR_GENERAL);
goto out;
}
@@ -1404,6 +1405,7 @@ ask_about_binding (ctrl_t ctrl,
log_error (_("error gathering other user IDs: %s\n"), sqerr);
sqlite3_free (sqerr);
sqerr = NULL;
+ rc = gpg_error (GPG_ERR_GENERAL);
}
if (other_user_ids)
@@ -1481,7 +1483,10 @@ ask_about_binding (ctrl_t ctrl,
GPGSQL_ARG_STRING, iter->d,
GPGSQL_ARG_END);
if (rc)
- break;
+ {
+ rc = gpg_error (GPG_ERR_GENERAL);
+ break;
+ }
if (!stats || strcmp (iter->d, stats->fingerprint) != 0)
/* No stats for this binding. Add a dummy entry. */
@@ -1496,7 +1501,10 @@ ask_about_binding (ctrl_t ctrl,
GPGSQL_ARG_STRING, iter->d,
GPGSQL_ARG_END);
if (rc)
- break;
+ {
+ rc = gpg_error (GPG_ERR_GENERAL);
+ break;
+ }
#undef STATS_SQL
@@ -1803,6 +1811,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)
log_error (_("error reading TOFU database: %s\n"), sqerr);
print_further_info ("listing fingerprints");
sqlite3_free (sqerr);
+ rc = gpg_error (GPG_ERR_GENERAL);
return NULL;
}
@@ -2349,6 +2358,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
fingerprint, user_id);
sqlite3_free (sqerr);
sqerr = NULL;
+ rc = gpg_error (GPG_ERR_GENERAL);
}
else if (DBG_TRUST)
log_debug ("Set %s to conflict with %s\n",
@@ -2597,6 +2607,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
log_error (_("error reading TOFU database: %s\n"), err);
print_further_info ("getting signature statistics");
sqlite3_free (err);
+ rc = gpg_error (GPG_ERR_GENERAL);
goto out;
}
@@ -2629,6 +2640,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
log_error (_("error reading TOFU database: %s\n"), err);
print_further_info ("getting encryption statistics");
sqlite3_free (err);
+ rc = gpg_error (GPG_ERR_GENERAL);
goto out;
}
@@ -2927,6 +2939,7 @@ tofu_register_signature (ctrl_t ctrl,
log_error (_("error reading TOFU database: %s\n"), err);
print_further_info ("checking existence");
sqlite3_free (err);
+ rc = gpg_error (GPG_ERR_GENERAL);
}
else if (c > 1)
/* Duplicates! This should not happen. In particular,
@@ -2980,6 +2993,7 @@ tofu_register_signature (ctrl_t ctrl,
log_error (_("error updating TOFU database: %s\n"), err);
print_further_info ("insert signatures");
sqlite3_free (err);
+ rc = gpg_error (GPG_ERR_GENERAL);
}
}
@@ -3093,6 +3107,7 @@ tofu_register_encryption (ctrl_t ctrl,
log_error (_("error updating TOFU database: %s\n"), err);
print_further_info ("insert encryption");
sqlite3_free (err);
+ rc = gpg_error (GPG_ERR_GENERAL);
}
xfree (email);
commit 2282c3b761413dfa894300e70084bbd58908c0b1
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Oct 13 12:30:12 2016 +0200
tests: Remove support for deprecated functionality.
* tests/openpgp/tofu.scm: Don't remove tofu.d. It's deprecated.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/tests/openpgp/tofu.scm b/tests/openpgp/tofu.scm
index f4de1d8..e514ddf 100755
--- a/tests/openpgp/tofu.scm
+++ b/tests/openpgp/tofu.scm
@@ -99,7 +99,6 @@
;; Carefully remove the TOFU db.
(catch '() (unlink (string-append GNUPGHOME "/tofu.db")))
-(catch '() (unlink-recursively (string-append GNUPGHOME "/tofu.d")))
;; Verify a message. There should be no conflict and the trust
;; policy should be set to auto.
-----------------------------------------------------------------------
Summary of changes:
g10/tofu.c | 78 ++++++++++++++------
tests/openpgp/tofu.scm | 74 ++++++++++++++++++-
.../1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg | Bin 0 -> 1171 bytes
.../1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt | Bin 0 -> 321 bytes
.../1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg | Bin 0 -> 1458 bytes
.../1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt | Bin 0 -> 334 bytes
.../1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt | Bin 0 -> 334 bytes
...C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg | Bin 0 -> 2473 bytes
.../DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg | Bin 0 -> 1173 bytes
.../DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt | Bin 0 -> 321 bytes
.../DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg | Bin 0 -> 1460 bytes
.../DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt | Bin 0 -> 333 bytes
.../DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg | Bin 0 -> 1800 bytes
.../DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt | Bin 0 -> 334 bytes
.../DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg | Bin 0 -> 2087 bytes
...3A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg | Bin 0 -> 2475 bytes
tests/openpgp/tofu/cross-sigs/README | 79 +++++++++++++++++++++
17 files changed, 208 insertions(+), 23 deletions(-)
create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt
create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt
create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt
create mode 100644 tests/openpgp/tofu/cross-sigs/1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg
create mode 100644 tests/openpgp/tofu/cross-sigs/README
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list