[Pkg-gnupg-commit] [gnupg2] 96/124: gpg: Remove the use of the signature information from a KBX.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Apr 5 15:55:36 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit a6142dbdbc5783043deb847dc64998c421860941
Author: Werner Koch <wk at gnupg.org>
Date: Thu Mar 30 15:18:45 2017 +0200
gpg: Remove the use of the signature information from a KBX.
* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
(keyblock_cache_clear): Adjust for that removal.
(parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature
cache setting; this is now done in the parser.
(keydb_get_keyblock): Do not set SIGSTATUS.
(build_keyblock_image): Remove arg SIGSTATUS and simplify. Change
caller.
* kbx/keybox-blob.c: Explain that the signature information is not
anymore used.
(_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
callers.
* kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
and change callers.
* kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
--
This thing was too complicated and has been replaced by the new ring
trust packet code.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/keydb.c | 115 ++++------------------------------------------------
kbx/kbxutil.c | 3 +-
kbx/keybox-blob.c | 12 ++----
kbx/keybox-defs.h | 1 -
kbx/keybox-search.c | 23 +++--------
kbx/keybox-update.c | 11 ++---
kbx/keybox.h | 5 +--
7 files changed, 25 insertions(+), 145 deletions(-)
diff --git a/g10/keydb.c b/g10/keydb.c
index 67957f8..b255c3f 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -82,7 +82,6 @@ struct keyblock_cache {
enum keyblock_cache_states state;
byte fpr[MAX_FINGERPRINT_LEN];
iobuf_t iobuf; /* Image of the keyblock. */
- u32 *sigstatus;
int pk_no;
int uid_no;
/* Offset of the record in the keybox. */
@@ -248,8 +247,6 @@ static void
keyblock_cache_clear (struct keydb_handle *hd)
{
hd->keyblock_cache.state = KEYBLOCK_CACHE_EMPTY;
- xfree (hd->keyblock_cache.sigstatus);
- hd->keyblock_cache.sigstatus = NULL;
iobuf_close (hd->keyblock_cache.iobuf);
hd->keyblock_cache.iobuf = NULL;
hd->keyblock_cache.resource = -1;
@@ -1153,7 +1150,7 @@ keydb_pop_found_state (KEYDB_HANDLE hd)
static gpg_error_t
parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
- const u32 *sigstatus, kbnode_t *r_keyblock)
+ kbnode_t *r_keyblock)
{
gpg_error_t err;
struct parse_packet_ctx_s parsectx;
@@ -1161,7 +1158,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
kbnode_t keyblock = NULL;
kbnode_t node, *tail;
int in_cert, save_mode;
- u32 n_sigs;
int pk_count, uid_count;
*r_keyblock = NULL;
@@ -1173,7 +1169,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
init_parse_packet (&parsectx, iobuf);
save_mode = set_packet_list_mode (0);
in_cert = 0;
- n_sigs = 0;
tail = NULL;
pk_count = uid_count = 0;
while ((err = parse_packet (&parsectx, pkt)) != -1)
@@ -1233,36 +1228,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
}
in_cert = 1;
- if (pkt->pkttype == PKT_SIGNATURE && sigstatus)
- {
- PKT_signature *sig = pkt->pkt.signature;
-
- n_sigs++;
- if (n_sigs > sigstatus[0])
- {
- log_error ("parse_keyblock_image: "
- "more signatures than found in the meta data\n");
- err = gpg_error (GPG_ERR_INV_KEYRING);
- break;
-
- }
- if (sigstatus[n_sigs])
- {
- sig->flags.checked = 1;
- if (sigstatus[n_sigs] == 1 )
- ; /* missing key */
- else if (sigstatus[n_sigs] == 2 )
- ; /* bad signature */
- else if (sigstatus[n_sigs] < 0x10000000)
- ; /* bad flag */
- else
- {
- sig->flags.valid = 1;
- /* Fixme: Shall we set the expired flag here? */
- }
- }
- }
-
node = new_kbnode (pkt);
switch (pkt->pkttype)
@@ -1302,12 +1267,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no,
if (err == -1 && keyblock)
err = 0; /* Got the entire keyblock. */
- if (!err && sigstatus && n_sigs != sigstatus[0])
- {
- log_error ("parse_keyblock_image: signature count does not match\n");
- err = gpg_error (GPG_ERR_INV_KEYRING);
- }
-
if (err)
release_kbnode (keyblock);
else
@@ -1354,7 +1313,6 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
err = parse_keyblock_image (hd->keyblock_cache.iobuf,
hd->keyblock_cache.pk_no,
hd->keyblock_cache.uid_no,
- hd->keyblock_cache.sigstatus,
ret_kb);
if (err)
keyblock_cache_clear (hd);
@@ -1379,26 +1337,22 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
case KEYDB_RESOURCE_TYPE_KEYBOX:
{
iobuf_t iobuf;
- u32 *sigstatus;
int pk_no, uid_no;
err = keybox_get_keyblock (hd->active[hd->found].u.kb,
- &iobuf, &pk_no, &uid_no, &sigstatus);
+ &iobuf, &pk_no, &uid_no);
if (!err)
{
- err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus,
- ret_kb);
+ err = parse_keyblock_image (iobuf, pk_no, uid_no, ret_kb);
if (!err && hd->keyblock_cache.state == KEYBLOCK_CACHE_PREPARED)
{
hd->keyblock_cache.state = KEYBLOCK_CACHE_FILLED;
- hd->keyblock_cache.sigstatus = sigstatus;
hd->keyblock_cache.iobuf = iobuf;
hd->keyblock_cache.pk_no = pk_no;
hd->keyblock_cache.uid_no = uid_no;
}
else
{
- xfree (sigstatus);
iobuf_close (iobuf);
}
}
@@ -1417,39 +1371,18 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
/* Build a keyblock image from KEYBLOCK. Returns 0 on success and
- only then stores a new iobuf object at R_IOBUF and a signature
- status vecotor at R_SIGSTATUS. */
+ * only then stores a new iobuf object at R_IOBUF. */
static gpg_error_t
-build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf, u32 **r_sigstatus)
+build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf)
{
gpg_error_t err;
iobuf_t iobuf;
kbnode_t kbctx, node;
- u32 n_sigs;
- u32 *sigstatus;
*r_iobuf = NULL;
- if (r_sigstatus)
- *r_sigstatus = NULL;
-
- /* Allocate a vector for the signature cache. This is an array of
- u32 values with the first value giving the number of elements to
- follow and each element descriping the cache status of the
- signature. */
- if (r_sigstatus)
- {
- for (kbctx=NULL, n_sigs=0; (node = walk_kbnode (keyblock, &kbctx, 0));)
- if (node->pkt->pkttype == PKT_SIGNATURE)
- n_sigs++;
- sigstatus = xtrycalloc (1+n_sigs, sizeof *sigstatus);
- if (!sigstatus)
- return gpg_error_from_syserror ();
- }
- else
- sigstatus = NULL;
iobuf = iobuf_temp ();
- for (kbctx = NULL, n_sigs = 0; (node = walk_kbnode (keyblock, &kbctx, 0));)
+ for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
{
/* Make sure to use only packets valid on a keyblock. */
switch (node->pkt->pkttype)
@@ -1471,36 +1404,9 @@ build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf, u32 **r_sigstatus)
iobuf_close (iobuf);
return err;
}
-
- /* Build signature status vector. */
- if (node->pkt->pkttype == PKT_SIGNATURE)
- {
- PKT_signature *sig = node->pkt->pkt.signature;
-
- n_sigs++;
- /* Fixme: Detect the "missing key" status. */
- if (sig->flags.checked && sigstatus)
- {
- if (sig->flags.valid)
- {
- if (!sig->expiredate)
- sigstatus[n_sigs] = 0xffffffff;
- else if (sig->expiredate < 0x1000000)
- sigstatus[n_sigs] = 0x10000000;
- else
- sigstatus[n_sigs] = sig->expiredate;
- }
- else
- sigstatus[n_sigs] = 0x00000002; /* Bad signature. */
- }
- }
}
- if (sigstatus)
- sigstatus[0] = n_sigs;
*r_iobuf = iobuf;
- if (r_sigstatus)
- *r_sigstatus = sigstatus;
return 0;
}
@@ -1574,7 +1480,7 @@ keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb)
{
iobuf_t iobuf;
- err = build_keyblock_image (kb, &iobuf, NULL);
+ err = build_keyblock_image (kb, &iobuf);
if (!err)
{
err = keybox_update_keyblock (hd->active[hd->found].u.kb,
@@ -1641,16 +1547,13 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
included in the keybox code. Eventually we can change this
kludge to have the caller pass the image. */
iobuf_t iobuf;
- u32 *sigstatus;
- err = build_keyblock_image (kb, &iobuf, &sigstatus);
+ err = build_keyblock_image (kb, &iobuf);
if (!err)
{
err = keybox_insert_keyblock (hd->active[idx].u.kb,
iobuf_get_temp_buffer (iobuf),
- iobuf_get_temp_length (iobuf),
- sigstatus);
- xfree (sigstatus);
+ iobuf_get_temp_length (iobuf));
iobuf_close (iobuf);
}
}
diff --git a/kbx/kbxutil.c b/kbx/kbxutil.c
index 6094298..0889231 100644
--- a/kbx/kbxutil.c
+++ b/kbx/kbxutil.c
@@ -411,8 +411,7 @@ import_openpgp (const char *filename, int dryrun)
dump_openpgp_key (&info, p);
else
{
- err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed,
- NULL, 0);
+ err = _keybox_create_openpgp_blob (&blob, &info, p, nparsed, 0);
if (err)
{
fflush (stdout);
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index f3bdceb..82f1cfe 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -101,7 +101,9 @@
- u16 [NSIGS] Number of signatures
- u16 Size of signature information (4)
- NSIGS times:
- - u32 Expiration time of signature with some special values:
+ - u32 Expiration time of signature with some special values.
+ Since version 2.1.20 these special valuesare not anymore
+ used for OpenPGP:
- 0x00000000 = not checked
- 0x00000001 = missing key
- 0x00000002 = bad signature
@@ -705,7 +707,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
keybox_openpgp_info_t info,
const unsigned char *image,
size_t imagelen,
- u32 *sigstatus,
int as_ephemeral)
{
gpg_error_t err;
@@ -713,11 +714,6 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
*r_blob = NULL;
- /* If we have a signature status vector, check that the number of
- elements matches the actual number of signatures. */
- if (sigstatus && sigstatus[0] != info->nsigs)
- return gpg_error (GPG_ERR_INTERNAL);
-
blob = xtrycalloc (1, sizeof *blob);
if (!blob)
return gpg_error_from_syserror ();
@@ -756,7 +752,7 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
if (err)
goto leave;
pgp_create_uid_part (blob, info);
- pgp_create_sig_part (blob, sigstatus);
+ pgp_create_sig_part (blob, NULL);
init_membuf (&blob->bufbuf, 1024);
blob->buf = &blob->bufbuf;
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index d9c3d3a..b8b8377 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -155,7 +155,6 @@ gpg_error_t _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
keybox_openpgp_info_t info,
const unsigned char *image,
size_t imagelen,
- u32 *sigstatus,
int as_ephemeral);
#ifdef KEYBOX_WITH_X509
int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index cc114c6..56515d1 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -1048,23 +1048,20 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
/* Return the last found keyblock. Returns 0 on success and stores a
- new iobuf at R_IOBUF and a signature status vector at R_SIGSTATUS
- in that case. R_UID_NO and R_PK_NO are used to retun the number of
- the key or user id which was matched the search criteria; if not
- known they are set to 0. */
+ * new iobuf at R_IOBUF. R_UID_NO and R_PK_NO are used to retun the
+ * number of the key or user id which was matched the search criteria;
+ * if not known they are set to 0. */
gpg_error_t
keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
- int *r_pk_no, int *r_uid_no, u32 **r_sigstatus)
+ int *r_pk_no, int *r_uid_no)
{
gpg_error_t err;
- const unsigned char *buffer, *p;
+ const unsigned char *buffer;
size_t length;
size_t image_off, image_len;
size_t siginfo_off, siginfo_len;
- u32 *sigstatus, n, n_sigs, sigilen;
*r_iobuf = NULL;
- *r_sigstatus = NULL;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -1086,19 +1083,9 @@ keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
&siginfo_off, &siginfo_len);
if (err)
return err;
- n_sigs = get16 (buffer + siginfo_off);
- sigilen = get16 (buffer + siginfo_off + 2);
- p = buffer + siginfo_off + 4;
- sigstatus = xtrymalloc ((1+n_sigs) * sizeof *sigstatus);
- if (!sigstatus)
- return gpg_error_from_syserror ();
- sigstatus[0] = n_sigs;
- for (n=1; n <= n_sigs; n++, p += sigilen)
- sigstatus[n] = get32 (p);
*r_pk_no = hd->found.pk_no;
*r_uid_no = hd->found.uid_no;
- *r_sigstatus = sigstatus;
*r_iobuf = iobuf_temp_with_content (buffer+image_off, image_len);
return 0;
}
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index 31171de..0b0f56b 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -353,12 +353,9 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
}
-/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. SIGSTATUS is
- a vector describing the status of the signatures; its first element
- gives the number of following elements. */
+/* Insert the OpenPGP keyblock {IMAGE,IMAGELEN} into HD. */
gpg_error_t
-keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen,
- u32 *sigstatus)
+keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
{
gpg_error_t err;
const char *fname;
@@ -385,7 +382,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen,
return err;
assert (nparsed <= imagelen);
err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen,
- sigstatus, hd->ephemeral);
+ hd->ephemeral);
_keybox_destroy_openpgp_info (&info);
if (!err)
{
@@ -436,7 +433,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
return err;
assert (nparsed <= imagelen);
err = _keybox_create_openpgp_blob (&blob, &info, image, imagelen,
- NULL, hd->ephemeral);
+ hd->ephemeral);
_keybox_destroy_openpgp_info (&info);
/* Update the keyblock. */
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 5c2824a..29884b0 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -85,7 +85,7 @@ int _keybox_write_header_blob (FILE *fp, int openpgp_flag);
/*-- keybox-search.c --*/
gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
- int *r_uid_no, int *r_pk_no, u32 **sigstatus);
+ int *r_uid_no, int *r_pk_no);
#ifdef KEYBOX_WITH_X509
int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
#endif /*KEYBOX_WITH_X509*/
@@ -102,8 +102,7 @@ gpg_error_t keybox_seek (KEYBOX_HANDLE hd, off_t offset);
/*-- keybox-update.c --*/
gpg_error_t keybox_insert_keyblock (KEYBOX_HANDLE hd,
- const void *image, size_t imagelen,
- u32 *sigstatus);
+ const void *image, size_t imagelen);
gpg_error_t keybox_update_keyblock (KEYBOX_HANDLE hd,
const void *image, size_t imagelen);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list