* trustdb.c (validate_one_keyblock): Fix the trust signature
authorDavid Shaw <dshaw@jabberwocky.com>
Tue, 18 Nov 2008 17:15:07 +0000 (17:15 +0000)
committerDavid Shaw <dshaw@jabberwocky.com>
Tue, 18 Nov 2008 17:15:07 +0000 (17:15 +0000)
calculations so that we lower the trust depth of signatures to fit
within the current chain, rather than discarding any signature that
does not fit within the trust depth.

g10/ChangeLog
g10/trustdb.c

index 4393332..3747350 100644 (file)
@@ -1,3 +1,10 @@
+2008-11-18  David Shaw  <dshaw@jabberwocky.com>
+
+       * trustdb.c (validate_one_keyblock): Fix the trust signature
+       calculations so that we lower the trust depth of signatures to fit
+       within the current chain, rather than discarding any signature
+       that does not fit within the trust depth.
+
 2008-10-03  David Shaw  <dshaw@jabberwocky.com>
 
        * main.h, mainproc.c (check_sig_and_print),
index 10f82ef..5768459 100644 (file)
@@ -1,6 +1,6 @@
 /* trustdb.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- *               2007 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ *               2008 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1933,50 +1933,72 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
                     (uidnode && check_regexp(kr->trust_regexp,
                                            uidnode->pkt->pkt.user_id->name))))
             {
-             if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth)
-               log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n",
-                         uidnode->pkt->pkt.user_id->name,sig->trust_depth,
-                         kr->trust_depth);
-
              /* Are we part of a trust sig chain?  We always favor
                  the latest trust sig, rather than the greater or
                  lesser trust sig or value.  I could make a decent
                  argument for any of these cases, but this seems to be
                  what PGP does, and I'd like to be compatible. -dms */
-             if(opt.trust_model==TM_PGP && sig->trust_depth
-                && pk->trust_timestamp<=sig->timestamp
-                && (sig->trust_depth<=kr->trust_depth
-                    || kr->ownertrust==TRUST_ULTIMATE))
+             if(opt.trust_model==TM_PGP
+                && sig->trust_depth
+                && pk->trust_timestamp<=sig->timestamp)
                {
-                 /* If we got here, we know that:
-
-                    this is a trust sig.
-
-                    it's a newer trust sig than any previous trust
-                    sig on this key (not uid).
-
-                    it is legal in that it was either generated by an
-                    ultimate key, or a key that was part of a trust
-                    chain, and the depth does not violate the
-                    original trust sig.
-
-                    if there is a regexp attached, it matched
-                    successfully.
-                 */
-
-                 if(DBG_TRUST)
-                   log_debug("replacing trust value %d with %d and "
-                             "depth %d with %d\n",
-                             pk->trust_value,sig->trust_value,
-                             pk->trust_depth,sig->trust_depth);
-
-                 pk->trust_value=sig->trust_value;
-                 pk->trust_depth=sig->trust_depth-1;
-
-                 /* If the trust sig contains a regexp, record it
-                    on the pk for the next round. */
-                 if(sig->trust_regexp)
-                   pk->trust_regexp=sig->trust_regexp;
+                 byte depth;
+
+                 /* If the depth on the signature is less than the
+                    chain currently has, then use the signature depth
+                    so we don't increase the depth beyond what the
+                    signer wanted.  If the depth on the signature is
+                    more than the chain currently has, then use the
+                    chain depth so we use as much of the signature
+                    depth as the chain will permit.  An ultimately
+                    trusted signature can restart the depth to
+                    whatever level it likes. */
+
+                 if(sig->trust_depth<kr->trust_depth
+                    || kr->ownertrust==TRUST_ULTIMATE)
+                   depth=sig->trust_depth;
+                 else
+                   depth=kr->trust_depth;
+
+                 if(depth)
+                   {
+                     if(DBG_TRUST)
+                       log_debug("trust sig on %s, sig depth is %d,"
+                                 " kr depth is %d\n",
+                                 uidnode->pkt->pkt.user_id->name,
+                                 sig->trust_depth,
+                                 kr->trust_depth);
+
+                     /* If we got here, we know that:
+
+                        this is a trust sig.
+
+                        it's a newer trust sig than any previous trust
+                        sig on this key (not uid).
+
+                        it is legal in that it was either generated by an
+                        ultimate key, or a key that was part of a trust
+                        chain, and the depth does not violate the
+                        original trust sig.
+
+                        if there is a regexp attached, it matched
+                        successfully.
+                     */
+
+                     if(DBG_TRUST)
+                       log_debug("replacing trust value %d with %d and "
+                                 "depth %d with %d\n",
+                                 pk->trust_value,sig->trust_value,
+                                 pk->trust_depth,depth);
+
+                     pk->trust_value=sig->trust_value;
+                     pk->trust_depth=depth-1;
+
+                     /* If the trust sig contains a regexp, record it
+                        on the pk for the next round. */
+                     if(sig->trust_regexp)
+                       pk->trust_regexp=sig->trust_regexp;
+                   }
                }
 
               if (kr->ownertrust == TRUST_ULTIMATE)