[git] GnuPG - branch, master, updated. gnupg-2.1.15-108-g9799b5d
by Neal H. Walfield
cvs at cvs.gnupg.org
Wed Sep 14 15:31:40 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 9799b5d18f8fd29872b75c4d70d370af2b4e9a89 (commit)
via 05b2b13efd8ecea86d31af863cbf82c8b38dc94f (commit)
via ca91caabb5798f67c69ee96657c7cb402e7db0df (commit)
via 9d62b79e62ef2690e6522fe1621140fbfc10695c (commit)
via 8df8aa13c795e400324a782fbaea578c8f2a1398 (commit)
from f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9799b5d18f8fd29872b75c4d70d370af2b4e9a89
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Sep 14 15:21:14 2016 +0200
g10: Fix whitespace.
* g10/tofu.c (show_statistics): Fix whitespace.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index 5cc1c22..0cd3f12 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2756,7 +2756,7 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
" a message to this key and user id!\n"));
else if (encryption_count == 1)
log_info (_("Warning: you have only encrypted"
- " one message to this key and user id!\n"));
+ " one message to this key and user id!\n"));
/* Cf. write_stats_status */
if (sqrtu32 (encryption_count * encryption_count
commit 05b2b13efd8ecea86d31af863cbf82c8b38dc94f
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Sep 14 15:20:33 2016 +0200
g10: Correctly compute the euclidean distance.
* g10/tofu.c (write_stats_status): Correctly compute the euclidean
distance.
(show_statistics): Likewise.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index ed0d92c..5cc1c22 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2514,16 +2514,17 @@ write_stats_status (estream_t fp,
const char *validity;
unsigned long messages;
- /* Use the euclidean distance rather then the sum of the magnitudes
- to ensure a balance between verified signatures and encrypted
- messages. */
- messages = sqrtu32 (signature_count) + sqrtu32 (encryption_count);
+ /* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the
+ sum of the magnitudes (m = a + b) to ensure a balance between
+ verified signatures and encrypted messages. */
+ messages = sqrtu32 (signature_count * signature_count
+ + encryption_count * encryption_count);
if (messages < 1)
validity = "1"; /* Key without history. */
- else if (messages < sqrtu32 (2 * BASIC_TRUST_THRESHOLD))
+ else if (messages < 2 * BASIC_TRUST_THRESHOLD)
validity = "2"; /* Key with too little history. */
- else if (messages < sqrtu32 (2 * FULL_TRUST_THRESHOLD))
+ else if (messages < 2 * FULL_TRUST_THRESHOLD)
validity = "3"; /* Key with enough history for basic trust. */
else
validity = "4"; /* Key with a lot of history. */
@@ -2758,8 +2759,9 @@ show_statistics (tofu_dbs_t dbs, const char *fingerprint,
" one message to this key and user id!\n"));
/* Cf. write_stats_status */
- if (sqrtu32 (encryption_count) + sqrtu32 (signature_count)
- < sqrtu32 (2 * BASIC_TRUST_THRESHOLD))
+ if (sqrtu32 (encryption_count * encryption_count
+ + signature_count * signature_count)
+ < 2 * BASIC_TRUST_THRESHOLD)
show_warning = 1;
}
}
commit ca91caabb5798f67c69ee96657c7cb402e7db0df
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Sep 14 15:19:18 2016 +0200
g10: Change the default TOFU policy for UTKs to good.
* g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
good.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index 5c99b73..ed0d92c 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -2085,10 +2085,10 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
if (policy == TOFU_POLICY_NONE)
{
if (record_binding (dbs, fingerprint, email, user_id,
- TOFU_POLICY_AUTO, 0, now) != 0)
+ TOFU_POLICY_GOOD, 0, now) != 0)
{
log_error (_("error setting TOFU binding's trust level"
- " to %s\n"), "auto");
+ " to %s\n"), "good");
trust_level = _tofu_GET_TRUST_ERROR;
goto out;
}
commit 9d62b79e62ef2690e6522fe1621140fbfc10695c
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Sep 14 15:18:25 2016 +0200
g10: Add missing static qualifier.
* g10/tofu.c (cross_sigs): Add missing static qualifier.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index da11d40..5c99b73 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1213,7 +1213,7 @@ format_conflict_msg_part1 (int policy, strlist_t conflict_set,
/* Return 1 if A signed B and B signed A. */
-int
+static int
cross_sigs (kbnode_t a, kbnode_t b)
{
int i;
commit 8df8aa13c795e400324a782fbaea578c8f2a1398
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Sep 14 15:17:27 2016 +0200
g10: Default to the "good" TOFU policy for keys signed by a UTK.
* g10/tofu.c (signed_by_utk): New function.
(get_trust): If a key is signed by an ultimately trusted key, then
set any bindings to good.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index 7cf3fc7..da11d40 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1285,6 +1285,48 @@ cross_sigs (kbnode_t a, kbnode_t b)
return 1;
}
+/* Return whether the key was signed by an ultimately trusted key. */
+static int
+signed_by_utk (kbnode_t a)
+{
+ kbnode_t n;
+
+ for (n = a; n; n = n->next)
+ {
+ PKT_signature *sig;
+
+ if (n->pkt->pkttype != PKT_SIGNATURE)
+ continue;
+
+ sig = n->pkt->pkt.signature;
+
+ if (! (sig->sig_class == 0x10
+ || sig->sig_class == 0x11
+ || sig->sig_class == 0x12
+ || sig->sig_class == 0x13))
+ /* Not a signature over a user id. */
+ continue;
+
+ /* SIG is on SIGNEE's keyblock. If SIG was generated by the
+ signer, then it's a match. */
+ if (tdb_keyid_is_utk (sig->keyid))
+ {
+ /* Match! */
+ if (DBG_TRUST)
+ log_debug ("TOFU: %s is signed by an ultimately trusted key.\n",
+ pk_keyid_str (a->pkt->pkt.public_key));
+
+ return 1;
+ }
+ }
+
+ if (DBG_TRUST)
+ log_debug ("TOFU: %s is NOT signed by an ultimately trusted key.\n",
+ pk_keyid_str (a->pkt->pkt.public_key));
+
+ return 0;
+}
+
enum
{
@@ -2121,6 +2163,61 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
* In summary: POLICY is ask or none.
*/
+ /* Before continuing, see if the key is signed by an ultimately
+ trusted key. */
+ {
+ int fingerprint_raw_len = strlen (fingerprint) / 2;
+ char fingerprint_raw[fingerprint_raw_len];
+ int len = 0;
+ int is_signed_by_utk = 0;
+
+ if (fingerprint_raw_len != 20
+ || ((len = hex2bin (fingerprint,
+ fingerprint_raw, fingerprint_raw_len))
+ != strlen (fingerprint)))
+ {
+ if (DBG_TRUST)
+ log_debug ("TOFU: Bad fingerprint: %s (len: %zd, parsed: %d)\n",
+ fingerprint, strlen (fingerprint), len);
+ }
+ else
+ {
+ int lookup_err;
+ kbnode_t kb;
+
+ lookup_err = get_pubkey_byfprint (NULL, &kb,
+ fingerprint_raw,
+ fingerprint_raw_len);
+ if (lookup_err)
+ {
+ if (DBG_TRUST)
+ log_debug ("TOFU: Looking up %s: %s\n",
+ fingerprint, gpg_strerror (lookup_err));
+ }
+ else
+ {
+ is_signed_by_utk = signed_by_utk (kb);
+ release_kbnode (kb);
+ }
+ }
+
+ if (is_signed_by_utk)
+ {
+ if (record_binding (dbs, fingerprint, email, user_id,
+ TOFU_POLICY_GOOD, 0, now) != 0)
+ {
+ log_error (_("error setting TOFU binding's trust level"
+ " to %s\n"), "good");
+ trust_level = _tofu_GET_TRUST_ERROR;
+ }
+ else
+ trust_level = TRUST_FULLY;
+
+ goto out;
+ }
+ }
+
+
/* Look for conflicts. This is needed in all 3 cases. */
conflict_set = build_conflict_set (dbs, fingerprint, email);
conflict_set_count = strlist_length (conflict_set);
-----------------------------------------------------------------------
Summary of changes:
g10/tofu.c | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 111 insertions(+), 12 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list