gpg: Exclude expired trusted keys from the key validation process.

* g10/trustdb.c (copy_key_item): New. (validate_keys): Use a stripped down UTK list w/o expired keys. -- This patch makes sure that an expired trusted key is not used for trust computation. The test case is to delete a trusted key from the keyring, import a copy of that key which has already expired, check that a signed key is not anymore fully trusted and finally import a prolonged version of the trusted key and check that the signed key is now again fully trusted. GnuPG-bug-id: 7200
author: Werner Koch <wk@gnupg.org> 2024-09-25 15:15:51 +0200
committer: Werner Koch <wk@gnupg.org> 2024-09-25 15:21:55 +0200
commit: 19f2f00bfd30ca2389318d11047346a5ade95e75 (patch)
tree: 36a54be2f8bb64fd7b5cdf000faf177c5bbe66ed /g10/trustdb.c
parent: gpg: Validate the trustdb after the import of a trusted key. (diff)
download: gnupg2-19f2f00bfd30ca2389318d11047346a5ade95e75.tar.xz
gnupg2-19f2f00bfd30ca2389318d11047346a5ade95e75.zip
1 files changed, 47 insertions, 14 deletions
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 82735769d..9f159a5f6 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -142,6 +142,24 @@ new_key_item (void)
   return k;
 }
 
+static struct key_item *
+copy_key_item (struct key_item *k0)
+{
+  struct key_item *k;
+
+  k = xmalloc_clear (sizeof *k);
+  k->ownertrust = k0->ownertrust;
+  k->min_ownertrust = k0->min_ownertrust;
+  k->trust_depth = k0->trust_depth;
+  k->trust_value = k0->trust_value;
+  if (k0->trust_regexp)
+    k->trust_regexp = xstrdup (k0->trust_regexp);
+  k->kid[0] = k0->kid[0];
+  k->kid[1] = k0->kid[1];
+
+  return k;
+}
+
 static void
 release_key_items (struct key_item *k)
 {
@@ -2178,6 +2196,7 @@ validate_keys (ctrl_t ctrl, int interactive)
 {
   int rc = 0;
   int quit=0;
+  struct key_item *valid_utk_list = NULL;
   struct key_item *klist = NULL;
   struct key_item *k;
   struct key_array *keys = NULL;
@@ -2210,18 +2229,12 @@ validate_keys (ctrl_t ctrl, int interactive)
   /* Step 1 */
   /* Fixme: Instead of always building a UTK list, we could just build it
    * here when needed */
-  if (!utk_list)
-    {
-      if (!opt.quiet)
-        log_info (_("no ultimately trusted keys found\n"));
-      goto leave;
-    }
 
-  /* mark all UTKs as used and fully_trusted and set validity to
-     ultimate */
+  /* Mark all usable UTKs as used and fully_trusted and set validity
+   * to ultimate.  Create a list of these UTKs for further processing.  */
   for (k=utk_list; k; k = k->next)
     {
-      KBNODE keyblock;
+      kbnode_t keyblock;
       PKT_public_key *pk;
 
       keyblock = get_pubkeyblock (ctrl, k->kid);
@@ -2232,6 +2245,19 @@ validate_keys (ctrl_t ctrl, int interactive)
           continue;
         }
       pk = keyblock->pkt->pkt.public_key;
+      if (pk->has_expired)
+        {
+          log_error (_("Note: ultimately trusted key %s expired\n"),
+                     keystr(k->kid));
+          continue;
+        }
+
+      {
+        struct key_item *ki = copy_key_item (k);
+        ki->next = valid_utk_list;
+        valid_utk_list = ki;
+      }
+
       mark_keyblock_seen (used, keyblock);
       mark_keyblock_seen (full_trust, keyblock);
       for (node=keyblock; node; node = node->next)
@@ -2253,7 +2279,13 @@ validate_keys (ctrl_t ctrl, int interactive)
   if (opt.trust_model == TM_TOFU)
     goto leave;
 
-  klist = utk_list;
+  if (!valid_utk_list)
+    {
+      if (!opt.quiet)
+        log_info (_("no ultimately trusted keys found\n"));
+      goto leave;
+    }
+  klist = valid_utk_list;
 
   if (!opt.quiet)
     log_info ("marginals needed: %d  completes needed: %d  trust model: %s\n",
@@ -2326,7 +2358,7 @@ validate_keys (ctrl_t ctrl, int interactive)
 	  valids++;
         }
 
-      /* Step 4: Find all keys which are signed by a key in kdlist */
+      /* Step 4: Find all keys which are signed by a key in klist */
       keys = validate_key_list (ctrl, kdb, full_trust, klist,
 				start_time, &next_expire);
       if (!keys)
@@ -2352,8 +2384,8 @@ validate_keys (ctrl_t ctrl, int interactive)
                   depth, valids, key_count, ot_unknown, ot_undefined,
                   ot_never, ot_marginal, ot_full, ot_ultimate );
 
-      /* Step 8: Build a new kdlist from all fully valid keys in KEYS */
-      if (klist != utk_list)
+      /* Step 8: Build a new klist from all fully valid keys in KEYS */
+      if (klist != valid_utk_list)
         release_key_items (klist);
       klist = NULL;
       for (kar=keys; kar->keyblock; kar++)
@@ -2406,8 +2438,9 @@ validate_keys (ctrl_t ctrl, int interactive)
  leave:
   keydb_release (kdb);
   release_key_array (keys);
-  if (klist != utk_list)
+  if (klist != valid_utk_list)
     release_key_items (klist);
+  release_key_items (valid_utk_list);
   release_key_hash_table (full_trust);
   release_key_hash_table (used);
   if (!rc && !quit) /* mark trustDB as checked */
author	Werner Koch <wk@gnupg.org>	2024-09-25 15:15:51 +0200
committer	Werner Koch <wk@gnupg.org>	2024-09-25 15:21:55 +0200
commit	19f2f00bfd30ca2389318d11047346a5ade95e75 (patch)
tree	36a54be2f8bb64fd7b5cdf000faf177c5bbe66ed /g10/trustdb.c
parent	gpg: Validate the trustdb after the import of a trusted key. (diff)
download	gnupg2-19f2f00bfd30ca2389318d11047346a5ade95e75.tar.xz gnupg2-19f2f00bfd30ca2389318d11047346a5ade95e75.zip