LCOV - code coverage report
Current view: top level - g10 - getkey.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 934 1523 61.3 %
Date: 2016-09-12 13:01:59 Functions: 41 51 80.4 %

          Line data    Source code
       1             : /* getkey.c -  Get a key from the database
       2             :  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
       3             :  *               2007, 2008, 2010  Free Software Foundation, Inc.
       4             :  * Copyright (C) 2015, 2016 g10 Code GmbH
       5             :  *
       6             :  * This file is part of GnuPG.
       7             :  *
       8             :  * GnuPG is free software; you can redistribute it and/or modify
       9             :  * it under the terms of the GNU General Public License as published by
      10             :  * the Free Software Foundation; either version 3 of the License, or
      11             :  * (at your option) any later version.
      12             :  *
      13             :  * GnuPG is distributed in the hope that it will be useful,
      14             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :  * GNU General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU General Public License
      19             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      20             :  */
      21             : 
      22             : #include <config.h>
      23             : #include <stdio.h>
      24             : #include <stdlib.h>
      25             : #include <string.h>
      26             : #include <ctype.h>
      27             : 
      28             : #include "gpg.h"
      29             : #include "util.h"
      30             : #include "packet.h"
      31             : #include "iobuf.h"
      32             : #include "keydb.h"
      33             : #include "options.h"
      34             : #include "main.h"
      35             : #include "trustdb.h"
      36             : #include "i18n.h"
      37             : #include "keyserver-internal.h"
      38             : #include "call-agent.h"
      39             : #include "host2net.h"
      40             : #include "mbox-util.h"
      41             : #include "status.h"
      42             : 
      43             : #define MAX_PK_CACHE_ENTRIES   PK_UID_CACHE_SIZE
      44             : #define MAX_UID_CACHE_ENTRIES  PK_UID_CACHE_SIZE
      45             : 
      46             : #if MAX_PK_CACHE_ENTRIES < 2
      47             : #error We need the cache for key creation
      48             : #endif
      49             : 
      50             : /* Flags values returned by the lookup code.  Note that the values are
      51             :  * directly used by the KEY_CONSIDERED status line.  */
      52             : #define LOOKUP_NOT_SELECTED        (1<<0)
      53             : #define LOOKUP_ALL_SUBKEYS_EXPIRED (1<<1)  /* or revoked */
      54             : 
      55             : 
      56             : /* A context object used by the lookup functions.  */
      57             : struct getkey_ctx_s
      58             : {
      59             :   /* Part of the search criteria: whether the search is an exact
      60             :      search or not.  A search that is exact requires that a key or
      61             :      subkey meet all of the specified criteria.  A search that is not
      62             :      exact allows selecting a different key or subkey from the
      63             :      keyblock that matched the critera.  Further, an exact search
      64             :      returns the key or subkey that matched whereas a non-exact search
      65             :      typically returns the primary key.  See finish_lookup for
      66             :      details.  */
      67             :   int exact;
      68             : 
      69             :   /* Part of the search criteria: Whether the caller only wants keys
      70             :      with an available secret key.  This is used by getkey_next to get
      71             :      the next result with the same initial criteria.  */
      72             :   int want_secret;
      73             : 
      74             :   /* Part of the search criteria: The type of the requested key.  A
      75             :      mask of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.
      76             :      If non-zero, then for a key to match, it must implement one of
      77             :      the required uses.  */
      78             :   int req_usage;
      79             : 
      80             :   /* The database handle.  */
      81             :   KEYDB_HANDLE kr_handle;
      82             : 
      83             :   /* Whether we should call xfree() on the context when the context is
      84             :      released using getkey_end()).  */
      85             :   int not_allocated;
      86             : 
      87             :   /* This variable is used as backing store for strings which have
      88             :      their address used in ITEMS.  */
      89             :   strlist_t extra_list;
      90             : 
      91             :   /* Part of the search criteria: The low-level search specification
      92             :      as passed to keydb_search.  */
      93             :   int nitems;
      94             :   /* This must be the last element in the structure.  When we allocate
      95             :      the structure, we allocate it so that ITEMS can hold NITEMS.  */
      96             :   KEYDB_SEARCH_DESC items[1];
      97             : };
      98             : 
      99             : #if 0
     100             : static struct
     101             : {
     102             :   int any;
     103             :   int okay_count;
     104             :   int nokey_count;
     105             :   int error_count;
     106             : } lkup_stats[21];
     107             : #endif
     108             : 
     109             : typedef struct keyid_list
     110             : {
     111             :   struct keyid_list *next;
     112             :   char fpr[MAX_FINGERPRINT_LEN];
     113             :   u32 keyid[2];
     114             : } *keyid_list_t;
     115             : 
     116             : 
     117             : #if MAX_PK_CACHE_ENTRIES
     118             : typedef struct pk_cache_entry
     119             : {
     120             :   struct pk_cache_entry *next;
     121             :   u32 keyid[2];
     122             :   PKT_public_key *pk;
     123             : } *pk_cache_entry_t;
     124             : static pk_cache_entry_t pk_cache;
     125             : static int pk_cache_entries;    /* Number of entries in pk cache.  */
     126             : static int pk_cache_disabled;
     127             : #endif
     128             : 
     129             : #if MAX_UID_CACHE_ENTRIES < 5
     130             : #error we really need the userid cache
     131             : #endif
     132             : typedef struct user_id_db
     133             : {
     134             :   struct user_id_db *next;
     135             :   keyid_list_t keyids;
     136             :   int len;
     137             :   char name[1];
     138             : } *user_id_db_t;
     139             : static user_id_db_t user_id_db;
     140             : static int uid_cache_entries;   /* Number of entries in uid cache. */
     141             : 
     142             : static void merge_selfsigs (kbnode_t keyblock);
     143             : static int lookup (getkey_ctx_t ctx,
     144             :                    kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
     145             :                    int want_secret);
     146             : static kbnode_t finish_lookup (kbnode_t keyblock,
     147             :                                unsigned int req_usage, int want_exact,
     148             :                                unsigned int *r_flags);
     149             : static void print_status_key_considered (kbnode_t keyblock, unsigned int flags);
     150             : 
     151             : 
     152             : #if 0
     153             : static void
     154             : print_stats ()
     155             : {
     156             :   int i;
     157             :   for (i = 0; i < DIM (lkup_stats); i++)
     158             :     {
     159             :       if (lkup_stats[i].any)
     160             :         es_fprintf (es_stderr,
     161             :                  "lookup stats: mode=%-2d  ok=%-6d  nokey=%-6d  err=%-6d\n",
     162             :                  i,
     163             :                  lkup_stats[i].okay_count,
     164             :                  lkup_stats[i].nokey_count, lkup_stats[i].error_count);
     165             :     }
     166             : }
     167             : #endif
     168             : 
     169             : 
     170             : /* Cache a copy of a public key in the public key cache.  PK is not
     171             :  * cached if caching is disabled (via getkey_disable_caches), if
     172             :  * PK->FLAGS.DONT_CACHE is set, we don't know how to derive a key id
     173             :  * from the public key (e.g., unsupported algorithm), or a key with
     174             :  * the key id is already in the cache.
     175             :  *
     176             :  * The public key packet is copied into the cache using
     177             :  * copy_public_key.  Thus, any secret parts are not copied, for
     178             :  * instance.
     179             :  *
     180             :  * This cache is filled by get_pubkey and is read by get_pubkey and
     181             :  * get_pubkey_fast.  */
     182             : void
     183         677 : cache_public_key (PKT_public_key * pk)
     184             : {
     185             : #if MAX_PK_CACHE_ENTRIES
     186             :   pk_cache_entry_t ce, ce2;
     187             :   u32 keyid[2];
     188             : 
     189         677 :   if (pk_cache_disabled)
     190           3 :     return;
     191             : 
     192         677 :   if (pk->flags.dont_cache)
     193           0 :     return;
     194             : 
     195         677 :   if (is_ELGAMAL (pk->pubkey_algo)
     196         445 :       || pk->pubkey_algo == PUBKEY_ALGO_DSA
     197         108 :       || pk->pubkey_algo == PUBKEY_ALGO_ECDSA
     198          60 :       || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
     199          58 :       || pk->pubkey_algo == PUBKEY_ALGO_ECDH
     200          34 :       || is_RSA (pk->pubkey_algo))
     201             :     {
     202         677 :       keyid_from_pk (pk, keyid);
     203             :     }
     204             :   else
     205           0 :     return; /* Don't know how to get the keyid.  */
     206             : 
     207         715 :   for (ce = pk_cache; ce; ce = ce->next)
     208          41 :     if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
     209             :       {
     210           3 :         if (DBG_CACHE)
     211           0 :           log_debug ("cache_public_key: already in cache\n");
     212           3 :         return;
     213             :       }
     214             : 
     215         674 :   if (pk_cache_entries >= MAX_PK_CACHE_ENTRIES)
     216             :     {
     217             :       int n;
     218             : 
     219             :       /* Remove the last 50% of the entries.  */
     220           0 :       for (ce = pk_cache, n = 0; ce && n < pk_cache_entries/2; n++)
     221           0 :         ce = ce->next;
     222           0 :       if (ce && ce != pk_cache && ce->next)
     223             :         {
     224           0 :           ce2 = ce->next;
     225           0 :           ce->next = NULL;
     226           0 :           ce = ce2;
     227           0 :           for (; ce; ce = ce2)
     228             :             {
     229           0 :               ce2 = ce->next;
     230           0 :               free_public_key (ce->pk);
     231           0 :               xfree (ce);
     232           0 :               pk_cache_entries--;
     233             :             }
     234             :         }
     235           0 :       log_assert (pk_cache_entries < MAX_PK_CACHE_ENTRIES);
     236             :     }
     237         674 :   pk_cache_entries++;
     238         674 :   ce = xmalloc (sizeof *ce);
     239         674 :   ce->next = pk_cache;
     240         674 :   pk_cache = ce;
     241         674 :   ce->pk = copy_public_key (NULL, pk);
     242         674 :   ce->keyid[0] = keyid[0];
     243         674 :   ce->keyid[1] = keyid[1];
     244             : #endif
     245             : }
     246             : 
     247             : 
     248             : /* Return a const utf-8 string with the text "[User ID not found]".
     249             :    This function is required so that we don't need to switch gettext's
     250             :    encoding temporary.  */
     251             : static const char *
     252           3 : user_id_not_found_utf8 (void)
     253             : {
     254             :   static char *text;
     255             : 
     256           3 :   if (!text)
     257           2 :     text = native_to_utf8 (_("[User ID not found]"));
     258           3 :   return text;
     259             : }
     260             : 
     261             : 
     262             : 
     263             : /* Return the user ID from the given keyblock.
     264             :  * We use the primary uid flag which has been set by the merge_selfsigs
     265             :  * function.  The returned value is only valid as long as the given
     266             :  * keyblock is not changed.  */
     267             : static const char *
     268         932 : get_primary_uid (KBNODE keyblock, size_t * uidlen)
     269             : {
     270             :   KBNODE k;
     271             :   const char *s;
     272             : 
     273        2657 :   for (k = keyblock; k; k = k->next)
     274             :     {
     275        2657 :       if (k->pkt->pkttype == PKT_USER_ID
     276        1310 :           && !k->pkt->pkt.user_id->attrib_data
     277        1310 :           && k->pkt->pkt.user_id->is_primary)
     278             :         {
     279         932 :           *uidlen = k->pkt->pkt.user_id->len;
     280         932 :           return k->pkt->pkt.user_id->name;
     281             :         }
     282             :     }
     283           0 :   s = user_id_not_found_utf8 ();
     284           0 :   *uidlen = strlen (s);
     285           0 :   return s;
     286             : }
     287             : 
     288             : 
     289             : static void
     290        1206 : release_keyid_list (keyid_list_t k)
     291             : {
     292        2412 :   while (k)
     293             :     {
     294           0 :       keyid_list_t k2 = k->next;
     295           0 :       xfree (k);
     296           0 :       k = k2;
     297             :     }
     298        1206 : }
     299             : 
     300             : /****************
     301             :  * Store the association of keyid and userid
     302             :  * Feed only public keys to this function.
     303             :  */
     304             : static void
     305        2138 : cache_user_id (KBNODE keyblock)
     306             : {
     307             :   user_id_db_t r;
     308             :   const char *uid;
     309             :   size_t uidlen;
     310        2138 :   keyid_list_t keyids = NULL;
     311             :   KBNODE k;
     312             : 
     313        7880 :   for (k = keyblock; k; k = k->next)
     314             :     {
     315        6948 :       if (k->pkt->pkttype == PKT_PUBLIC_KEY
     316        4810 :           || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     317             :         {
     318        3150 :           keyid_list_t a = xmalloc_clear (sizeof *a);
     319             :           /* Hmmm: For a long list of keyids it might be an advantage
     320             :            * to append the keys.  */
     321        3150 :           fingerprint_from_pk (k->pkt->pkt.public_key, a->fpr, NULL);
     322        3150 :           keyid_from_pk (k->pkt->pkt.public_key, a->keyid);
     323             :           /* First check for duplicates.  */
     324        4781 :           for (r = user_id_db; r; r = r->next)
     325             :             {
     326             :               keyid_list_t b;
     327             : 
     328        7299 :               for (b = r->keyids; b; b = b->next)
     329             :                 {
     330        5668 :                   if (!memcmp (b->fpr, a->fpr, MAX_FINGERPRINT_LEN))
     331             :                     {
     332        1206 :                       if (DBG_CACHE)
     333           0 :                         log_debug ("cache_user_id: already in cache\n");
     334        1206 :                       release_keyid_list (keyids);
     335        1206 :                       xfree (a);
     336        1206 :                       return;
     337             :                     }
     338             :                 }
     339             :             }
     340             :           /* Now put it into the cache.  */
     341        1944 :           a->next = keyids;
     342        1944 :           keyids = a;
     343             :         }
     344             :     }
     345         932 :   if (!keyids)
     346           0 :     BUG (); /* No key no fun.  */
     347             : 
     348             : 
     349         932 :   uid = get_primary_uid (keyblock, &uidlen);
     350             : 
     351         932 :   if (uid_cache_entries >= MAX_UID_CACHE_ENTRIES)
     352             :     {
     353             :       /* fixme: use another algorithm to free some cache slots */
     354           0 :       r = user_id_db;
     355           0 :       user_id_db = r->next;
     356           0 :       release_keyid_list (r->keyids);
     357           0 :       xfree (r);
     358           0 :       uid_cache_entries--;
     359             :     }
     360         932 :   r = xmalloc (sizeof *r + uidlen - 1);
     361         932 :   r->keyids = keyids;
     362         932 :   r->len = uidlen;
     363         932 :   memcpy (r->name, uid, r->len);
     364         932 :   r->next = user_id_db;
     365         932 :   user_id_db = r;
     366         932 :   uid_cache_entries++;
     367             : }
     368             : 
     369             : 
     370             : /* Disable and drop the public key cache (which is filled by
     371             :    cache_public_key and get_pubkey).  Note: there is currently no way
     372             :    to reenable this cache.  */
     373             : void
     374          29 : getkey_disable_caches ()
     375             : {
     376             : #if MAX_PK_CACHE_ENTRIES
     377             :   {
     378             :     pk_cache_entry_t ce, ce2;
     379             : 
     380          29 :     for (ce = pk_cache; ce; ce = ce2)
     381             :       {
     382           0 :         ce2 = ce->next;
     383           0 :         free_public_key (ce->pk);
     384           0 :         xfree (ce);
     385             :       }
     386          29 :     pk_cache_disabled = 1;
     387          29 :     pk_cache_entries = 0;
     388          29 :     pk_cache = NULL;
     389             :   }
     390             : #endif
     391             :   /* fixme: disable user id cache ? */
     392          29 : }
     393             : 
     394             : 
     395             : void
     396           0 : pubkey_free (pubkey_t key)
     397             : {
     398           0 :   if (key)
     399             :     {
     400           0 :       xfree (key->pk);
     401           0 :       release_kbnode (key->keyblock);
     402           0 :       xfree (key);
     403             :     }
     404           0 : }
     405             : 
     406             : void
     407           0 : pubkeys_free (pubkey_t keys)
     408             : {
     409           0 :   while (keys)
     410             :     {
     411           0 :       pubkey_t next = keys->next;
     412           0 :       pubkey_free (keys);
     413           0 :       keys = next;
     414             :     }
     415           0 : }
     416             : 
     417             : /* Returns all keys that match the search specfication SEARCH_TERMS.
     418             : 
     419             :    This function also checks for and warns about duplicate entries in
     420             :    the keydb, which can occur if the user has configured multiple
     421             :    keyrings or keyboxes or if a keyring or keybox was corrupted.
     422             : 
     423             :    Note: SEARCH_TERMS will not be expanded (i.e., it may not be a
     424             :    group).
     425             : 
     426             :    USE is the operation for which the key is required.  It must be
     427             :    either PUBKEY_USAGE_ENC, PUBKEY_USAGE_SIG, PUBKEY_USAGE_CERT or
     428             :    PUBKEY_USAGE_AUTH.
     429             : 
     430             :    XXX: Currently, only PUBKEY_USAGE_ENC and PUBKEY_USAGE_SIG are
     431             :    implemented.
     432             : 
     433             :    INCLUDE_UNUSABLE indicates whether disabled keys are allowed.
     434             :    (Recipients specified with --encrypt-to and --hidden-encrypt-to may
     435             :    be disabled.  It is possible to edit disabled keys.)
     436             : 
     437             :    SOURCE is the context in which SEARCH_TERMS was specified, e.g.,
     438             :    "--encrypt-to", etc.  If this function is called interactively,
     439             :    then this should be NULL.
     440             : 
     441             :    If WARN_POSSIBLY_AMBIGUOUS is set, then emits a warning if the user
     442             :    does not specify a long key id or a fingerprint.
     443             : 
     444             :    The results are placed in *KEYS.  *KEYS must be NULL!  */
     445             : gpg_error_t
     446           0 : get_pubkeys (ctrl_t ctrl,
     447             :              char *search_terms, int use, int include_unusable, char *source,
     448             :              int warn_possibly_ambiguous,
     449             :              pubkey_t *r_keys)
     450             : {
     451             :   /* We show a warning when a key appears multiple times in the DB.
     452             :      This can happen for two reasons:
     453             : 
     454             :        - The user has configured multiple keyrings or keyboxes.
     455             : 
     456             :        - The keyring or keybox has been corrupted in some way, e.g., a
     457             :          bug or a random process changing them.
     458             : 
     459             :      For each duplicate, we only want to show the key once.  Hence,
     460             :      this list.  */
     461             :   static strlist_t key_dups;
     462             : 
     463             :   /* USE transformed to a string.  */
     464             :   char *use_str;
     465             : 
     466             :   gpg_error_t err;
     467             : 
     468             :   KEYDB_SEARCH_DESC desc;
     469             : 
     470             :   GETKEY_CTX ctx;
     471           0 :   pubkey_t results = NULL;
     472             :   pubkey_t r;
     473             : 
     474             :   int count;
     475             : 
     476             :   char fingerprint[2 * MAX_FINGERPRINT_LEN + 1];
     477             : 
     478           0 :   if (DBG_LOOKUP)
     479             :     {
     480           0 :       log_debug ("\n");
     481           0 :       log_debug ("%s: Checking %s=%s\n",
     482             :                  __func__, source ? source : "user input", search_terms);
     483             :     }
     484             : 
     485           0 :   if (*r_keys)
     486           0 :     log_bug ("%s: KEYS should be NULL!\n", __func__);
     487             : 
     488           0 :   switch (use)
     489             :     {
     490           0 :     case PUBKEY_USAGE_ENC: use_str = "encrypt"; break;
     491           0 :     case PUBKEY_USAGE_SIG: use_str = "sign"; break;
     492           0 :     case PUBKEY_USAGE_CERT: use_str = "cetify"; break;
     493           0 :     case PUBKEY_USAGE_AUTH: use_str = "authentication"; break;
     494           0 :     default: log_bug ("%s: Bad value for USE (%d)\n", __func__, use);
     495             :     }
     496             : 
     497           0 :   if (use == PUBKEY_USAGE_CERT || use == PUBKEY_USAGE_AUTH)
     498           0 :     log_bug ("%s: use=%s is unimplemented.\n", __func__, use_str);
     499             : 
     500           0 :   err = classify_user_id (search_terms, &desc, 1);
     501           0 :   if (err)
     502             :     {
     503           0 :       log_info (_("key \"%s\" not found: %s\n"),
     504             :                 search_terms, gpg_strerror (err));
     505           0 :       if (!opt.quiet && source)
     506           0 :         log_info (_("(check argument of option '%s')\n"), source);
     507           0 :       goto out;
     508             :     }
     509             : 
     510           0 :   if (warn_possibly_ambiguous
     511           0 :       && ! (desc.mode == KEYDB_SEARCH_MODE_LONG_KID
     512           0 :             || desc.mode == KEYDB_SEARCH_MODE_FPR16
     513           0 :             || desc.mode == KEYDB_SEARCH_MODE_FPR20
     514           0 :             || desc.mode == KEYDB_SEARCH_MODE_FPR))
     515             :     {
     516           0 :       log_info (_("Warning: '%s' should be a long key ID or a fingerprint\n"),
     517             :                 search_terms);
     518           0 :       if (!opt.quiet && source)
     519           0 :         log_info (_("(check argument of option '%s')\n"), source);
     520             :     }
     521             : 
     522             :   /* Gather all of the results.  */
     523           0 :   ctx = NULL;
     524           0 :   count = 0;
     525             :   do
     526             :     {
     527           0 :       PKT_public_key *pk = xmalloc_clear (sizeof *pk);
     528             :       KBNODE kb;
     529           0 :       pk->req_usage = use;
     530             : 
     531           0 :       if (! ctx)
     532           0 :         err = get_pubkey_byname (ctrl, &ctx, pk, search_terms, &kb, NULL,
     533             :                                  include_unusable, 1);
     534             :       else
     535           0 :         err = getkey_next (ctx, pk, &kb);
     536             : 
     537           0 :       if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     538             :         /* No more results.   */
     539             :         {
     540           0 :           xfree (pk);
     541           0 :           break;
     542             :         }
     543           0 :       else if (err)
     544             :         /* An error (other than "not found").  */
     545             :         {
     546           0 :           log_error (_("error looking up: %s\n"),
     547             :                      gpg_strerror (err));
     548           0 :           xfree (pk);
     549           0 :           break;
     550             :         }
     551             : 
     552             :       /* Another result!  */
     553           0 :       count ++;
     554             : 
     555           0 :       r = xmalloc_clear (sizeof (*r));
     556           0 :       r->pk = pk;
     557           0 :       r->keyblock = kb;
     558           0 :       r->next = results;
     559           0 :       results = r;
     560             :     }
     561           0 :   while (ctx);
     562           0 :   getkey_end (ctx);
     563             : 
     564           0 :   if (DBG_LOOKUP)
     565             :     {
     566           0 :       log_debug ("%s resulted in %d matches.\n", search_terms, count);
     567           0 :       for (r = results; r; r = r->next)
     568           0 :         log_debug ("  %s\n",
     569           0 :                    hexfingerprint (r->keyblock->pkt->pkt.public_key,
     570             :                                    fingerprint, sizeof (fingerprint)));
     571             :     }
     572             : 
     573           0 :   if (! results && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     574             :     /* No match.  */
     575             :     {
     576           0 :       if (DBG_LOOKUP)
     577           0 :         log_debug ("%s: '%s' not found.\n", __func__, search_terms);
     578             : 
     579           0 :       log_info (_("key \"%s\" not found\n"), search_terms);
     580           0 :       if (!opt.quiet && source)
     581           0 :         log_info (_("(check argument of option '%s')\n"), source);
     582             : 
     583           0 :       goto out;
     584             :     }
     585           0 :   else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     586             :     /* No more matches.  */
     587             :     ;
     588           0 :   else if (err)
     589             :     /* Some other error.  An error message was already printed
     590             :        out.  Free RESULTS and continue.  */
     591           0 :     goto out;
     592             : 
     593             :   /* Check for duplicates.  */
     594           0 :   if (DBG_LOOKUP)
     595           0 :     log_debug ("%s: Checking results of %s='%s' for dups\n",
     596             :                __func__, source ? source : "user input", search_terms);
     597           0 :   count = 0;
     598           0 :   for (r = results; r; r = r->next)
     599             :     {
     600             :       pubkey_t *prevp;
     601             :       pubkey_t next;
     602             :       pubkey_t r2;
     603           0 :       int dups = 0;
     604             : 
     605           0 :       prevp = &r->next;
     606           0 :       next = r->next;
     607           0 :       while ((r2 = next))
     608             :         {
     609           0 :           if (cmp_public_keys (r->keyblock->pkt->pkt.public_key,
     610           0 :                                r2->keyblock->pkt->pkt.public_key) != 0)
     611             :             /* Not a dup.  */
     612             :             {
     613           0 :               prevp = &r2->next;
     614           0 :               next = r2->next;
     615           0 :               continue;
     616             :             }
     617             : 
     618           0 :           dups ++;
     619           0 :           count ++;
     620             : 
     621             :           /* Remove R2 from the list.  */
     622           0 :           *prevp = r2->next;
     623           0 :           release_kbnode (r2->keyblock);
     624           0 :           next = r2->next;
     625           0 :           xfree (r2);
     626             :         }
     627             : 
     628           0 :       if (dups)
     629             :         {
     630           0 :           hexfingerprint (r->keyblock->pkt->pkt.public_key,
     631             :                           fingerprint, sizeof fingerprint);
     632           0 :           if (! strlist_find (key_dups, fingerprint))
     633             :             {
     634             :               char fingerprint_formatted[MAX_FORMATTED_FINGERPRINT_LEN + 1];
     635             : 
     636           0 :               log_info (_("Warning: %s appears in the keyring %d times\n"),
     637             :                         format_hexfingerprint (fingerprint,
     638             :                                                fingerprint_formatted,
     639             :                                                sizeof fingerprint_formatted),
     640             :                         1 + dups);
     641           0 :               add_to_strlist (&key_dups, fingerprint);
     642             :             }
     643             :         }
     644             :     }
     645             : 
     646           0 :   if (DBG_LOOKUP && count)
     647             :     {
     648           0 :       log_debug ("After removing %d dups:\n", count);
     649           0 :       for (r = results, count = 0; r; r = r->next)
     650           0 :         log_debug ("  %d: %s\n",
     651             :                    count,
     652           0 :                    hexfingerprint (r->keyblock->pkt->pkt.public_key,
     653             :                                    fingerprint, sizeof fingerprint));
     654             :     }
     655             : 
     656             :  out:
     657           0 :   if (err)
     658           0 :     pubkeys_free (results);
     659             :   else
     660           0 :     *r_keys = results;
     661             : 
     662           0 :   return err;
     663             : }
     664             : 
     665             : 
     666             : static void
     667        1319 : pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
     668             : {
     669        1319 :   kbnode_t a = found_key ? found_key : keyblock;
     670             : 
     671        1319 :   log_assert (a->pkt->pkttype == PKT_PUBLIC_KEY
     672             :               || a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
     673             : 
     674        1319 :   copy_public_key (pk, a->pkt->pkt.public_key);
     675        1319 : }
     676             : 
     677             : 
     678             : /* Return the public key with the key id KEYID and store it at PK.
     679             :  * The resources in *PK should be released using
     680             :  * release_public_key_parts().  This function also stores a copy of
     681             :  * the public key in the user id cache (see cache_public_key).
     682             :  *
     683             :  * If PK is NULL, this function just stores the public key in the
     684             :  * cache and returns the usual return code.
     685             :  *
     686             :  * PK->REQ_USAGE (which is a mask of PUBKEY_USAGE_SIG,
     687             :  * PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT) is passed through to the
     688             :  * lookup function.  If this is non-zero, only keys with the specified
     689             :  * usage will be returned.  As such, it is essential that
     690             :  * PK->REQ_USAGE be correctly initialized!
     691             :  *
     692             :  * Returns 0 on success, GPG_ERR_NO_PUBKEY if there is no public key
     693             :  * with the specified key id, or another error code if an error
     694             :  * occurs.
     695             :  *
     696             :  * If the data was not read from the cache, then the self-signed data
     697             :  * has definitely been merged into the public key using
     698             :  * merge_selfsigs.  */
     699             : int
     700         846 : get_pubkey (PKT_public_key * pk, u32 * keyid)
     701             : {
     702         846 :   int internal = 0;
     703         846 :   int rc = 0;
     704             : 
     705             : #if MAX_PK_CACHE_ENTRIES
     706         846 :   if (pk)
     707             :     {
     708             :       /* Try to get it from the cache.  We don't do this when pk is
     709             :          NULL as it does not guarantee that the user IDs are
     710             :          cached. */
     711             :       pk_cache_entry_t ce;
     712         876 :       for (ce = pk_cache; ce; ce = ce->next)
     713             :         {
     714         203 :           if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
     715             :             /* XXX: We don't check PK->REQ_USAGE here, but if we don't
     716             :                read from the cache, we do check it!  */
     717             :             {
     718         165 :               copy_public_key (pk, ce->pk);
     719         165 :               return 0;
     720             :             }
     721             :         }
     722             :     }
     723             : #endif
     724             :   /* More init stuff.  */
     725         681 :   if (!pk)
     726             :     {
     727           8 :       pk = xmalloc_clear (sizeof *pk);
     728           8 :       internal++;
     729             :     }
     730             : 
     731             : 
     732             :   /* Do a lookup.  */
     733             :   {
     734             :     struct getkey_ctx_s ctx;
     735         681 :     KBNODE kb = NULL;
     736         681 :     KBNODE found_key = NULL;
     737         681 :     memset (&ctx, 0, sizeof ctx);
     738         681 :     ctx.exact = 1; /* Use the key ID exactly as given.  */
     739         681 :     ctx.not_allocated = 1;
     740         681 :     ctx.kr_handle = keydb_new ();
     741         681 :     if (!ctx.kr_handle)
     742             :       {
     743           0 :         rc = gpg_error_from_syserror ();
     744           0 :         goto leave;
     745             :       }
     746         681 :     ctx.nitems = 1;
     747         681 :     ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
     748         681 :     ctx.items[0].u.kid[0] = keyid[0];
     749         681 :     ctx.items[0].u.kid[1] = keyid[1];
     750         681 :     ctx.req_usage = pk->req_usage;
     751         681 :     rc = lookup (&ctx, &kb, &found_key, 0);
     752         681 :     if (!rc)
     753             :       {
     754         674 :         pk_from_block (pk, kb, found_key);
     755             :       }
     756         681 :     getkey_end (&ctx);
     757         681 :     release_kbnode (kb);
     758             :   }
     759         681 :   if (!rc)
     760         674 :     goto leave;
     761             : 
     762           7 :   rc = GPG_ERR_NO_PUBKEY;
     763             : 
     764             : leave:
     765         681 :   if (!rc)
     766         674 :     cache_public_key (pk);
     767         681 :   if (internal)
     768           8 :     free_public_key (pk);
     769         681 :   return rc;
     770             : }
     771             : 
     772             : 
     773             : /* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
     774             :  * account nor does it merge in the self-signed data.  This function
     775             :  * also only considers primary keys.  It is intended to be used as a
     776             :  * quick check of the key to avoid recursion.  It should only be used
     777             :  * in very certain cases.  Like get_pubkey and unlike any of the other
     778             :  * lookup functions, this function also consults the user id cache
     779             :  * (see cache_public_key).
     780             :  *
     781             :  * Return the public key in *PK.  The resources in *PK should be
     782             :  * released using release_public_key_parts().  */
     783             : int
     784           3 : get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
     785             : {
     786           3 :   int rc = 0;
     787             :   KEYDB_HANDLE hd;
     788             :   KBNODE keyblock;
     789             :   u32 pkid[2];
     790             : 
     791           3 :   log_assert (pk);
     792             : #if MAX_PK_CACHE_ENTRIES
     793             :   {
     794             :     /* Try to get it from the cache */
     795             :     pk_cache_entry_t ce;
     796             : 
     797           3 :     for (ce = pk_cache; ce; ce = ce->next)
     798             :       {
     799           0 :         if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1]
     800             :             /* Only consider primary keys.  */
     801           0 :             && ce->pk->keyid[0] == ce->pk->main_keyid[0]
     802           0 :             && ce->pk->keyid[1] == ce->pk->main_keyid[1])
     803             :           {
     804           0 :             if (pk)
     805           0 :               copy_public_key (pk, ce->pk);
     806           0 :             return 0;
     807             :           }
     808             :       }
     809             :   }
     810             : #endif
     811             : 
     812           3 :   hd = keydb_new ();
     813           3 :   if (!hd)
     814           0 :     return gpg_error_from_syserror ();
     815           3 :   rc = keydb_search_kid (hd, keyid);
     816           3 :   if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
     817             :     {
     818           3 :       keydb_release (hd);
     819           3 :       return GPG_ERR_NO_PUBKEY;
     820             :     }
     821           0 :   rc = keydb_get_keyblock (hd, &keyblock);
     822           0 :   keydb_release (hd);
     823           0 :   if (rc)
     824             :     {
     825           0 :       log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
     826           0 :       return GPG_ERR_NO_PUBKEY;
     827             :     }
     828             : 
     829           0 :   log_assert (keyblock && keyblock->pkt
     830             :               && keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
     831             : 
     832             :   /* We return the primary key.  If KEYID matched a subkey, then we
     833             :      return an error.  */
     834           0 :   keyid_from_pk (keyblock->pkt->pkt.public_key, pkid);
     835           0 :   if (keyid[0] == pkid[0] && keyid[1] == pkid[1])
     836           0 :     copy_public_key (pk, keyblock->pkt->pkt.public_key);
     837             :   else
     838           0 :     rc = GPG_ERR_NO_PUBKEY;
     839             : 
     840           0 :   release_kbnode (keyblock);
     841             : 
     842             :   /* Not caching key here since it won't have all of the fields
     843             :      properly set. */
     844             : 
     845           0 :   return rc;
     846             : }
     847             : 
     848             : 
     849             : /* Return the key block for the key with key id KEYID or NULL, if an
     850             :  * error occurs.  Use release_kbnode() to release the key block.
     851             :  *
     852             :  * The self-signed data has already been merged into the public key
     853             :  * using merge_selfsigs.  */
     854             : kbnode_t
     855         693 : get_pubkeyblock (u32 * keyid)
     856             : {
     857             :   struct getkey_ctx_s ctx;
     858         693 :   int rc = 0;
     859         693 :   KBNODE keyblock = NULL;
     860             : 
     861         693 :   memset (&ctx, 0, sizeof ctx);
     862             :   /* No need to set exact here because we want the entire block.  */
     863         693 :   ctx.not_allocated = 1;
     864         693 :   ctx.kr_handle = keydb_new ();
     865         693 :   if (!ctx.kr_handle)
     866           0 :     return NULL;
     867         693 :   ctx.nitems = 1;
     868         693 :   ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
     869         693 :   ctx.items[0].u.kid[0] = keyid[0];
     870         693 :   ctx.items[0].u.kid[1] = keyid[1];
     871         693 :   rc = lookup (&ctx, &keyblock, NULL, 0);
     872         693 :   getkey_end (&ctx);
     873             : 
     874         693 :   return rc ? NULL : keyblock;
     875             : }
     876             : 
     877             : 
     878             : /* Return the public key with the key id KEYID iff the secret key is
     879             :  * available and store it at PK.  The resources should be released
     880             :  * using release_public_key_parts().
     881             :  *
     882             :  * Unlike other lookup functions, PK may not be NULL.  PK->REQ_USAGE
     883             :  * is passed through to the lookup function and is a mask of
     884             :  * PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.  Thus, it
     885             :  * must be valid!  If this is non-zero, only keys with the specified
     886             :  * usage will be returned.
     887             :  *
     888             :  * Returns 0 on success.  If a public key with the specified key id is
     889             :  * not found or a secret key is not available for that public key, an
     890             :  * error code is returned.  Note: this function ignores legacy keys.
     891             :  * An error code is also return if an error occurs.
     892             :  *
     893             :  * The self-signed data has already been merged into the public key
     894             :  * using merge_selfsigs.  */
     895             : gpg_error_t
     896         259 : get_seckey (PKT_public_key *pk, u32 *keyid)
     897             : {
     898             :   gpg_error_t err;
     899             :   struct getkey_ctx_s ctx;
     900         259 :   kbnode_t keyblock = NULL;
     901         259 :   kbnode_t found_key = NULL;
     902             : 
     903         259 :   memset (&ctx, 0, sizeof ctx);
     904         259 :   ctx.exact = 1; /* Use the key ID exactly as given.  */
     905         259 :   ctx.not_allocated = 1;
     906         259 :   ctx.kr_handle = keydb_new ();
     907         259 :   if (!ctx.kr_handle)
     908           0 :     return gpg_error_from_syserror ();
     909         259 :   ctx.nitems = 1;
     910         259 :   ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
     911         259 :   ctx.items[0].u.kid[0] = keyid[0];
     912         259 :   ctx.items[0].u.kid[1] = keyid[1];
     913         259 :   ctx.req_usage = pk->req_usage;
     914         259 :   err = lookup (&ctx, &keyblock, &found_key, 1);
     915         259 :   if (!err)
     916             :     {
     917         259 :       pk_from_block (pk, keyblock, found_key);
     918             :     }
     919         259 :   getkey_end (&ctx);
     920         259 :   release_kbnode (keyblock);
     921             : 
     922         259 :   if (!err)
     923             :     {
     924         259 :       err = agent_probe_secret_key (/*ctrl*/NULL, pk);
     925         259 :       if (err)
     926           0 :         release_public_key_parts (pk);
     927             :     }
     928             : 
     929         259 :   return err;
     930             : }
     931             : 
     932             : 
     933             : /* Skip unusable keys.  A key is unusable if it is revoked, expired or
     934             :    disabled or if the selected user id is revoked or expired.  */
     935             : static int
     936         210 : skip_unusable (void *dummy, u32 * keyid, int uid_no)
     937             : {
     938         210 :   int unusable = 0;
     939             :   KBNODE keyblock;
     940             :   PKT_public_key *pk;
     941             : 
     942             :   (void) dummy;
     943             : 
     944         210 :   keyblock = get_pubkeyblock (keyid);
     945         210 :   if (!keyblock)
     946             :     {
     947           0 :       log_error ("error checking usability status of %s\n", keystr (keyid));
     948           0 :       goto leave;
     949             :     }
     950             : 
     951         210 :   pk = keyblock->pkt->pkt.public_key;
     952             : 
     953             :   /* Is the key revoked or expired?  */
     954         210 :   if (pk->flags.revoked || pk->has_expired)
     955           0 :     unusable = 1;
     956             : 
     957             :   /* Is the user ID in question revoked or expired? */
     958         210 :   if (!unusable && uid_no)
     959             :     {
     960             :       KBNODE node;
     961         125 :       int uids_seen = 0;
     962             : 
     963         250 :       for (node = keyblock; node; node = node->next)
     964             :         {
     965         250 :           if (node->pkt->pkttype == PKT_USER_ID)
     966             :             {
     967         125 :               PKT_user_id *user_id = node->pkt->pkt.user_id;
     968             : 
     969         125 :               uids_seen ++;
     970         125 :               if (uids_seen != uid_no)
     971           0 :                 continue;
     972             : 
     973         125 :               if (user_id->is_revoked || user_id->is_expired)
     974           0 :                 unusable = 1;
     975             : 
     976         125 :               break;
     977             :             }
     978             :         }
     979             : 
     980             :       /* If UID_NO is non-zero, then the keyblock better have at least
     981             :          that many UIDs.  */
     982         125 :       log_assert (uids_seen == uid_no);
     983             :     }
     984             : 
     985         210 :   if (!unusable)
     986         210 :     unusable = pk_is_disabled (pk);
     987             : 
     988             : leave:
     989         210 :   release_kbnode (keyblock);
     990         210 :   return unusable;
     991             : }
     992             : 
     993             : 
     994             : /* Search for keys matching some criteria.
     995             : 
     996             :    If RETCTX is not NULL, then the constructed context is returned in
     997             :    *RETCTX so that getpubkey_next can be used to get subsequent
     998             :    results.  In this case, getkey_end() must be used to free the
     999             :    search context.  If RETCTX is not NULL, then RET_KDBHD must be
    1000             :    NULL.
    1001             : 
    1002             :    If NAMELIST is not NULL, then a search query is constructed using
    1003             :    classify_user_id on each of the strings in the list.  (Recall: the
    1004             :    database does an OR of the terms, not an AND.)  If NAMELIST is
    1005             :    NULL, then all results are returned.
    1006             : 
    1007             :    If PK is not NULL, the public key of the first result is returned
    1008             :    in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    1009             :    set, it is used to filter the search results.  See the
    1010             :    documentation for finish_lookup to understand exactly how this is
    1011             :    used.  Note: The self-signed data has already been merged into the
    1012             :    public key using merge_selfsigs.  Free *PK by calling
    1013             :    release_public_key_parts (or, if PK was allocated using xfree, you
    1014             :    can use free_public_key, which calls release_public_key_parts(PK)
    1015             :    and then xfree(PK)).
    1016             : 
    1017             :    If WANT_SECRET is set, then only keys with an available secret key
    1018             :    (either locally or via key registered on a smartcard) are returned.
    1019             : 
    1020             :    If INCLUDE_UNUSABLE is set, then unusable keys (see the
    1021             :    documentation for skip_unusable for an exact definition) are
    1022             :    skipped unless they are looked up by key id or by fingerprint.
    1023             : 
    1024             :    If RET_KB is not NULL, the keyblock is returned in *RET_KB.  This
    1025             :    should be freed using release_kbnode().
    1026             : 
    1027             :    If RET_KDBHD is not NULL, then the new database handle used to
    1028             :    conduct the search is returned in *RET_KDBHD.  This can be used to
    1029             :    get subsequent results using keydb_search_next.  Note: in this
    1030             :    case, no advanced filtering is done for subsequent results (e.g.,
    1031             :    WANT_SECRET and PK->REQ_USAGE are not respected).
    1032             : 
    1033             :    This function returns 0 on success.  Otherwise, an error code is
    1034             :    returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    1035             :    (if want_secret is set) is returned if the key is not found.  */
    1036             : static int
    1037         438 : key_byname (GETKEY_CTX *retctx, strlist_t namelist,
    1038             :             PKT_public_key *pk,
    1039             :             int want_secret, int include_unusable,
    1040             :             KBNODE * ret_kb, KEYDB_HANDLE * ret_kdbhd)
    1041             : {
    1042         438 :   int rc = 0;
    1043             :   int n;
    1044             :   strlist_t r;
    1045             :   GETKEY_CTX ctx;
    1046         438 :   KBNODE help_kb = NULL;
    1047         438 :   KBNODE found_key = NULL;
    1048             : 
    1049         438 :   if (retctx)
    1050             :     {
    1051             :       /* Reset the returned context in case of error.  */
    1052          58 :       log_assert (!ret_kdbhd); /* Not allowed because the handle is stored
    1053             :                                   in the context.  */
    1054          58 :       *retctx = NULL;
    1055             :     }
    1056         438 :   if (ret_kdbhd)
    1057           0 :     *ret_kdbhd = NULL;
    1058             : 
    1059         438 :   if (!namelist)
    1060             :     /* No search terms: iterate over the whole DB.  */
    1061             :     {
    1062          85 :       ctx = xmalloc_clear (sizeof *ctx);
    1063          85 :       ctx->nitems = 1;
    1064          85 :       ctx->items[0].mode = KEYDB_SEARCH_MODE_FIRST;
    1065          85 :       if (!include_unusable)
    1066          85 :         ctx->items[0].skipfnc = skip_unusable;
    1067             :     }
    1068             :   else
    1069             :     {
    1070             :       /* Build the search context.  */
    1071         709 :       for (n = 0, r = namelist; r; r = r->next)
    1072         356 :         n++;
    1073             : 
    1074             :       /* CTX has space for a single search term at the end.  Thus, we
    1075             :          need to allocate sizeof *CTX plus (n - 1) sizeof
    1076             :          CTX->ITEMS.  */
    1077         353 :       ctx = xmalloc_clear (sizeof *ctx + (n - 1) * sizeof ctx->items);
    1078         353 :       ctx->nitems = n;
    1079             : 
    1080         709 :       for (n = 0, r = namelist; r; r = r->next, n++)
    1081             :         {
    1082             :           gpg_error_t err;
    1083             : 
    1084         356 :           err = classify_user_id (r->d, &ctx->items[n], 1);
    1085             : 
    1086         356 :           if (ctx->items[n].exact)
    1087           3 :             ctx->exact = 1;
    1088         356 :           if (err)
    1089             :             {
    1090           0 :               xfree (ctx);
    1091           0 :               return gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
    1092             :             }
    1093         356 :           if (!include_unusable
    1094         249 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
    1095         125 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_LONG_KID
    1096         125 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR16
    1097         125 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR20
    1098         125 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR)
    1099         125 :             ctx->items[n].skipfnc = skip_unusable;
    1100             :         }
    1101             :     }
    1102             : 
    1103         438 :   ctx->want_secret = want_secret;
    1104         438 :   ctx->kr_handle = keydb_new ();
    1105         438 :   if (!ctx->kr_handle)
    1106             :     {
    1107           0 :       rc = gpg_error_from_syserror ();
    1108           0 :       getkey_end (ctx);
    1109           0 :       return rc;
    1110             :     }
    1111             : 
    1112         438 :   if (!ret_kb)
    1113         380 :     ret_kb = &help_kb;
    1114             : 
    1115         438 :   if (pk)
    1116             :     {
    1117         380 :       ctx->req_usage = pk->req_usage;
    1118             :     }
    1119             : 
    1120         438 :   rc = lookup (ctx, ret_kb, &found_key, want_secret);
    1121         438 :   if (!rc && pk)
    1122             :     {
    1123         380 :       pk_from_block (pk, *ret_kb, found_key);
    1124             :     }
    1125             : 
    1126         438 :   release_kbnode (help_kb);
    1127             : 
    1128         438 :   if (retctx) /* Caller wants the context.  */
    1129          58 :     *retctx = ctx;
    1130             :   else
    1131             :     {
    1132         380 :       if (ret_kdbhd)
    1133             :         {
    1134           0 :           *ret_kdbhd = ctx->kr_handle;
    1135           0 :           ctx->kr_handle = NULL;
    1136             :         }
    1137         380 :       getkey_end (ctx);
    1138             :     }
    1139             : 
    1140         438 :   return rc;
    1141             : }
    1142             : 
    1143             : 
    1144             : /* Find a public key identified by NAME.
    1145             :  *
    1146             :  * If name appears to be a valid valid RFC822 mailbox (i.e., email
    1147             :  * address) and auto key lookup is enabled (no_akl == 0), then the
    1148             :  * specified auto key lookup methods (--auto-key-lookup) are used to
    1149             :  * import the key into the local keyring.  Otherwise, just the local
    1150             :  * keyring is consulted.
    1151             :  *
    1152             :  * If RETCTX is not NULL, then the constructed context is returned in
    1153             :  * *RETCTX so that getpubkey_next can be used to get subsequent
    1154             :  * results.  In this case, getkey_end() must be used to free the
    1155             :  * search context.  If RETCTX is not NULL, then RET_KDBHD must be
    1156             :  * NULL.
    1157             :  *
    1158             :  * If PK is not NULL, the public key of the first result is returned
    1159             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  PK->REQ_USAGE is
    1160             :  * passed through to the lookup function and is a mask of
    1161             :  * PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.  If this
    1162             :  * is non-zero, only keys with the specified usage will be returned.
    1163             :  * Note: The self-signed data has already been merged into the public
    1164             :  * key using merge_selfsigs.  Free *PK by calling
    1165             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1166             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1167             :  * and then xfree(PK)).
    1168             :  *
    1169             :  * NAME is a string, which is turned into a search query using
    1170             :  * classify_user_id.
    1171             :  *
    1172             :  * If RET_KEYBLOCK is not NULL, the keyblock is returned in
    1173             :  * *RET_KEYBLOCK.  This should be freed using release_kbnode().
    1174             :  *
    1175             :  * If RET_KDBHD is not NULL, then the new database handle used to
    1176             :  * conduct the search is returned in *RET_KDBHD.  This can be used to
    1177             :  * get subsequent results using keydb_search_next or to modify the
    1178             :  * returned record.  Note: in this case, no advanced filtering is done
    1179             :  * for subsequent results (e.g., PK->REQ_USAGE is not respected).
    1180             :  * Unlike RETCTX, this is always returned.
    1181             :  *
    1182             :  * If INCLUDE_UNUSABLE is set, then unusable keys (see the
    1183             :  * documentation for skip_unusable for an exact definition) are
    1184             :  * skipped unless they are looked up by key id or by fingerprint.
    1185             :  *
    1186             :  * If NO_AKL is set, then the auto key locate functionality is
    1187             :  * disabled and only the local key ring is considered.  Note: the
    1188             :  * local key ring is consulted even if local is not in the
    1189             :  * --auto-key-locate option list!
    1190             :  *
    1191             :  * This function returns 0 on success.  Otherwise, an error code is
    1192             :  * returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    1193             :  * (if want_secret is set) is returned if the key is not found.  */
    1194             : int
    1195         249 : get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
    1196             :                    const char *name, KBNODE * ret_keyblock,
    1197             :                    KEYDB_HANDLE * ret_kdbhd, int include_unusable, int no_akl)
    1198             : {
    1199             :   int rc;
    1200         249 :   strlist_t namelist = NULL;
    1201             :   struct akl *akl;
    1202             :   int is_mbox;
    1203         249 :   int nodefault = 0;
    1204         249 :   int anylocalfirst = 0;
    1205             : 
    1206         249 :   if (retctx)
    1207           0 :     *retctx = NULL;
    1208             : 
    1209             :   /* Does NAME appear to be a mailbox (mail address)?  */
    1210         249 :   is_mbox = is_valid_mailbox (name);
    1211             : 
    1212             :   /* The auto-key-locate feature works as follows: there are a number
    1213             :      of methods to look up keys.  By default, the local keyring is
    1214             :      tried first.  Then, each method listed in the --auto-key-locate is
    1215             :      tried in the order it appears.
    1216             : 
    1217             :      This can be changed as follows:
    1218             : 
    1219             :        - if nodefault appears anywhere in the list of options, then
    1220             :          the local keyring is not tried first, or,
    1221             : 
    1222             :        - if local appears anywhere in the list of options, then the
    1223             :          local keyring is not tried first, but in the order in which
    1224             :          it was listed in the --auto-key-locate option.
    1225             : 
    1226             :      Note: we only save the search context in RETCTX if the local
    1227             :      method is the first method tried (either explicitly or
    1228             :      implicitly).  */
    1229         249 :   if (!no_akl)
    1230             :     /* auto-key-locate is enabled.  */
    1231             :     {
    1232             :       /* nodefault is true if "nodefault" or "local" appear.  */
    1233         244 :       for (akl = opt.auto_key_locate; akl; akl = akl->next)
    1234           0 :         if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
    1235             :           {
    1236           0 :             nodefault = 1;
    1237           0 :             break;
    1238             :           }
    1239             :       /* anylocalfirst is true if "local" appears before any other
    1240             :          search methods (except "nodefault").  */
    1241         244 :       for (akl = opt.auto_key_locate; akl; akl = akl->next)
    1242           0 :         if (akl->type != AKL_NODEFAULT)
    1243             :           {
    1244           0 :             if (akl->type == AKL_LOCAL)
    1245           0 :               anylocalfirst = 1;
    1246           0 :             break;
    1247             :           }
    1248             :     }
    1249             : 
    1250         249 :   if (!nodefault)
    1251             :     /* "nodefault" didn't occur.  Thus, "local" is implicitly the
    1252             :        first method to try.  */
    1253         249 :     anylocalfirst = 1;
    1254             : 
    1255         249 :   if (nodefault && is_mbox)
    1256             :     /* Either "nodefault" or "local" (explicitly) appeared in the auto
    1257             :        key locate list and NAME appears to be an email address.  Don't
    1258             :        try the local keyring.  */
    1259             :     {
    1260           0 :       rc = GPG_ERR_NO_PUBKEY;
    1261             :     }
    1262             :   else
    1263             :     /* Either "nodefault" and "local" don't appear in the auto key
    1264             :        locate list (in which case we try the local keyring first) or
    1265             :        NAME does not appear to be an email address (in which case we
    1266             :        only try the local keyring).  In this case, lookup NAME in the
    1267             :        local keyring.  */
    1268             :     {
    1269         249 :       add_to_strlist (&namelist, name);
    1270         249 :       rc = key_byname (retctx, namelist, pk, 0,
    1271             :                        include_unusable, ret_keyblock, ret_kdbhd);
    1272             :     }
    1273             : 
    1274             :   /* If the requested name resembles a valid mailbox and automatic
    1275             :      retrieval has been enabled, we try to import the key. */
    1276         249 :   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && !no_akl && is_mbox)
    1277             :     /* NAME wasn't present in the local keyring (or we didn't try the
    1278             :        local keyring).  Since the auto key locate feature is enabled
    1279             :        and NAME appears to be an email address, try the auto locate
    1280             :        feature.  */
    1281             :     {
    1282           0 :       for (akl = opt.auto_key_locate; akl; akl = akl->next)
    1283             :         {
    1284           0 :           unsigned char *fpr = NULL;
    1285             :           size_t fpr_len;
    1286           0 :           int did_akl_local = 0;
    1287           0 :           int no_fingerprint = 0;
    1288           0 :           const char *mechanism = "?";
    1289             : 
    1290           0 :           switch (akl->type)
    1291             :             {
    1292             :             case AKL_NODEFAULT:
    1293             :               /* This is a dummy mechanism.  */
    1294           0 :               mechanism = "None";
    1295           0 :               rc = GPG_ERR_NO_PUBKEY;
    1296           0 :               break;
    1297             : 
    1298             :             case AKL_LOCAL:
    1299           0 :               mechanism = "Local";
    1300           0 :               did_akl_local = 1;
    1301           0 :               if (retctx)
    1302             :                 {
    1303           0 :                   getkey_end (*retctx);
    1304           0 :                   *retctx = NULL;
    1305             :                 }
    1306           0 :               add_to_strlist (&namelist, name);
    1307           0 :               rc = key_byname (anylocalfirst ? retctx : NULL,
    1308             :                                namelist, pk, 0,
    1309             :                                include_unusable, ret_keyblock, ret_kdbhd);
    1310           0 :               break;
    1311             : 
    1312             :             case AKL_CERT:
    1313           0 :               mechanism = "DNS CERT";
    1314           0 :               glo_ctrl.in_auto_key_retrieve++;
    1315           0 :               rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
    1316           0 :               glo_ctrl.in_auto_key_retrieve--;
    1317           0 :               break;
    1318             : 
    1319             :             case AKL_PKA:
    1320           0 :               mechanism = "PKA";
    1321           0 :               glo_ctrl.in_auto_key_retrieve++;
    1322           0 :               rc = keyserver_import_pka (ctrl, name, &fpr, &fpr_len);
    1323           0 :               glo_ctrl.in_auto_key_retrieve--;
    1324           0 :               break;
    1325             : 
    1326             :             case AKL_DANE:
    1327           0 :               mechanism = "DANE";
    1328           0 :               glo_ctrl.in_auto_key_retrieve++;
    1329           0 :               rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
    1330           0 :               glo_ctrl.in_auto_key_retrieve--;
    1331           0 :               break;
    1332             : 
    1333             :             case AKL_WKD:
    1334           0 :               mechanism = "WKD";
    1335           0 :               glo_ctrl.in_auto_key_retrieve++;
    1336           0 :               rc = keyserver_import_wkd (ctrl, name, &fpr, &fpr_len);
    1337           0 :               glo_ctrl.in_auto_key_retrieve--;
    1338           0 :               break;
    1339             : 
    1340             :             case AKL_LDAP:
    1341           0 :               mechanism = "LDAP";
    1342           0 :               glo_ctrl.in_auto_key_retrieve++;
    1343           0 :               rc = keyserver_import_ldap (ctrl, name, &fpr, &fpr_len);
    1344           0 :               glo_ctrl.in_auto_key_retrieve--;
    1345           0 :               break;
    1346             : 
    1347             :             case AKL_KEYSERVER:
    1348             :               /* Strictly speaking, we don't need to only use a valid
    1349             :                  mailbox for the getname search, but it helps cut down
    1350             :                  on the problem of searching for something like "john"
    1351             :                  and getting a whole lot of keys back. */
    1352           0 :               if (keyserver_any_configured (ctrl))
    1353             :                 {
    1354           0 :                   mechanism = "keyserver";
    1355           0 :                   glo_ctrl.in_auto_key_retrieve++;
    1356           0 :                   rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
    1357             :                                               opt.keyserver);
    1358           0 :                   glo_ctrl.in_auto_key_retrieve--;
    1359             :                 }
    1360             :               else
    1361             :                 {
    1362           0 :                   mechanism = "Unconfigured keyserver";
    1363           0 :                   rc = GPG_ERR_NO_PUBKEY;
    1364             :                 }
    1365           0 :               break;
    1366             : 
    1367             :             case AKL_SPEC:
    1368             :               {
    1369             :                 struct keyserver_spec *keyserver;
    1370             : 
    1371           0 :                 mechanism = akl->spec->uri;
    1372           0 :                 keyserver = keyserver_match (akl->spec);
    1373           0 :                 glo_ctrl.in_auto_key_retrieve++;
    1374           0 :                 rc = keyserver_import_name (ctrl,
    1375             :                                             name, &fpr, &fpr_len, keyserver);
    1376           0 :                 glo_ctrl.in_auto_key_retrieve--;
    1377             :               }
    1378           0 :               break;
    1379             :             }
    1380             : 
    1381             :           /* Use the fingerprint of the key that we actually fetched.
    1382             :              This helps prevent problems where the key that we fetched
    1383             :              doesn't have the same name that we used to fetch it.  In
    1384             :              the case of CERT and PKA, this is an actual security
    1385             :              requirement as the URL might point to a key put in by an
    1386             :              attacker.  By forcing the use of the fingerprint, we
    1387             :              won't use the attacker's key here. */
    1388           0 :           if (!rc && fpr)
    1389           0 :             {
    1390             :               char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
    1391             : 
    1392           0 :               log_assert (fpr_len <= MAX_FINGERPRINT_LEN);
    1393             : 
    1394           0 :               free_strlist (namelist);
    1395           0 :               namelist = NULL;
    1396             : 
    1397           0 :               bin2hex (fpr, fpr_len, fpr_string);
    1398             : 
    1399           0 :               if (opt.verbose)
    1400           0 :                 log_info ("auto-key-locate found fingerprint %s\n",
    1401             :                           fpr_string);
    1402             : 
    1403           0 :               add_to_strlist (&namelist, fpr_string);
    1404             :             }
    1405           0 :           else if (!rc && !fpr && !did_akl_local)
    1406             :             { /* The acquisition method said no failure occurred, but
    1407             :                  it didn't return a fingerprint.  That's a failure.  */
    1408           0 :               no_fingerprint = 1;
    1409           0 :               rc = GPG_ERR_NO_PUBKEY;
    1410             :             }
    1411           0 :           xfree (fpr);
    1412           0 :           fpr = NULL;
    1413             : 
    1414           0 :           if (!rc && !did_akl_local)
    1415             :             { /* There was no error and we didn't do a local lookup.
    1416             :                  This means that we imported a key into the local
    1417             :                  keyring.  Try to read the imported key from the
    1418             :                  keyring.  */
    1419           0 :               if (retctx)
    1420             :                 {
    1421           0 :                   getkey_end (*retctx);
    1422           0 :                   *retctx = NULL;
    1423             :                 }
    1424           0 :               rc = key_byname (anylocalfirst ? retctx : NULL,
    1425             :                                namelist, pk, 0,
    1426             :                                include_unusable, ret_keyblock, ret_kdbhd);
    1427             :             }
    1428           0 :           if (!rc)
    1429             :             {
    1430             :               /* Key found.  */
    1431           0 :               log_info (_("automatically retrieved '%s' via %s\n"),
    1432             :                         name, mechanism);
    1433           0 :               break;
    1434             :             }
    1435           0 :           if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY
    1436           0 :               || opt.verbose || no_fingerprint)
    1437           0 :             log_info (_("error retrieving '%s' via %s: %s\n"),
    1438             :                       name, mechanism,
    1439           0 :                       no_fingerprint ? _("No fingerprint") : gpg_strerror (rc));
    1440             :         }
    1441             :     }
    1442             : 
    1443             : 
    1444         249 :   if (rc && retctx)
    1445             :     {
    1446           0 :       getkey_end (*retctx);
    1447           0 :       *retctx = NULL;
    1448             :     }
    1449             : 
    1450         249 :   if (retctx && *retctx)
    1451             :     {
    1452           0 :       log_assert (!(*retctx)->extra_list);
    1453           0 :       (*retctx)->extra_list = namelist;
    1454             :     }
    1455             :   else
    1456         249 :     free_strlist (namelist);
    1457             : 
    1458         249 :   return rc;
    1459             : }
    1460             : 
    1461             : 
    1462             : /* Get a public key from a file.
    1463             :  *
    1464             :  * PK is the buffer to store the key.  The caller needs to make sure
    1465             :  * that PK->REQ_USAGE is valid.  PK->REQ_USAGE is passed through to
    1466             :  * the lookup function and is a mask of PUBKEY_USAGE_SIG,
    1467             :  * PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.  If this is non-zero, only
    1468             :  * keys with the specified usage will be returned.
    1469             :  *
    1470             :  * FNAME is the file name.  That file should contain exactly one
    1471             :  * keyblock.
    1472             :  *
    1473             :  * This function returns 0 on success.  Otherwise, an error code is
    1474             :  * returned.  In particular, GPG_ERR_NO_PUBKEY is returned if the key
    1475             :  * is not found.
    1476             :  *
    1477             :  * The self-signed data has already been merged into the public key
    1478             :  * using merge_selfsigs.  The caller must release the content of PK by
    1479             :  * calling release_public_key_parts (or, if PK was malloced, using
    1480             :  * free_public_key).
    1481             :  */
    1482             : gpg_error_t
    1483           6 : get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
    1484             : {
    1485             :   gpg_error_t err;
    1486             :   kbnode_t keyblock;
    1487             :   kbnode_t found_key;
    1488             :   unsigned int infoflags;
    1489             : 
    1490           6 :   err = read_key_from_file (ctrl, fname, &keyblock);
    1491           6 :   if (!err)
    1492             :     {
    1493             :       /* Warning: node flag bits 0 and 1 should be preserved by
    1494             :        * merge_selfsigs.  FIXME: Check whether this still holds. */
    1495           6 :       merge_selfsigs (keyblock);
    1496           6 :       found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags);
    1497           6 :       print_status_key_considered (keyblock, infoflags);
    1498           6 :       if (found_key)
    1499           6 :         pk_from_block (pk, keyblock, found_key);
    1500             :       else
    1501           0 :         err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
    1502             :     }
    1503             : 
    1504           6 :   release_kbnode (keyblock);
    1505           6 :   return err;
    1506             : }
    1507             : 
    1508             : 
    1509             : /* Lookup a key with the specified fingerprint.
    1510             :  *
    1511             :  * If PK is not NULL, the public key of the first result is returned
    1512             :  * in *PK.  Note: this function does an exact search and thus the
    1513             :  * returned public key may be a subkey rather than the primary key.
    1514             :  * Note: The self-signed data has already been merged into the public
    1515             :  * key using merge_selfsigs.  Free *PK by calling
    1516             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1517             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1518             :  * and then xfree(PK)).
    1519             :  *
    1520             :  * If PK->REQ_USAGE is set, it is used to filter the search results.
    1521             :  * (Thus, if PK is not NULL, PK->REQ_USAGE must be valid!!!)  See the
    1522             :  * documentation for finish_lookup to understand exactly how this is
    1523             :  * used.
    1524             :  *
    1525             :  * If R_KEYBLOCK is not NULL, then the first result's keyblock is
    1526             :  * returned in *R_KEYBLOCK.  This should be freed using
    1527             :  * release_kbnode().
    1528             :  *
    1529             :  * FPRINT is a byte array whose contents is the fingerprint to use as
    1530             :  * the search term.  FPRINT_LEN specifies the length of the
    1531             :  * fingerprint (in bytes).  Currently, only 16 and 20-byte
    1532             :  * fingerprints are supported.
    1533             :  *
    1534             :  * FIXME: We should replace this with the _byname function.  This can
    1535             :  * be done by creating a userID conforming to the unified fingerprint
    1536             :  * style.  */
    1537             : int
    1538          67 : get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
    1539             :                      const byte * fprint, size_t fprint_len)
    1540             : {
    1541             :   int rc;
    1542             : 
    1543          67 :   if (r_keyblock)
    1544           0 :     *r_keyblock = NULL;
    1545             : 
    1546          67 :   if (fprint_len == 20 || fprint_len == 16)
    1547          67 :     {
    1548             :       struct getkey_ctx_s ctx;
    1549          67 :       KBNODE kb = NULL;
    1550          67 :       KBNODE found_key = NULL;
    1551             : 
    1552          67 :       memset (&ctx, 0, sizeof ctx);
    1553          67 :       ctx.exact = 1;
    1554          67 :       ctx.not_allocated = 1;
    1555          67 :       ctx.kr_handle = keydb_new ();
    1556          67 :       if (!ctx.kr_handle)
    1557           0 :         return gpg_error_from_syserror ();
    1558             : 
    1559          67 :       ctx.nitems = 1;
    1560          67 :       ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
    1561             :         : KEYDB_SEARCH_MODE_FPR20;
    1562          67 :       memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
    1563          67 :       rc = lookup (&ctx, &kb, &found_key, 0);
    1564          67 :       if (!rc && pk)
    1565           0 :         pk_from_block (pk, kb, found_key);
    1566          67 :       if (!rc && r_keyblock)
    1567             :         {
    1568           0 :           *r_keyblock = kb;
    1569           0 :           kb = NULL;
    1570             :         }
    1571          67 :       release_kbnode (kb);
    1572          67 :       getkey_end (&ctx);
    1573             :     }
    1574             :   else
    1575           0 :     rc = GPG_ERR_GENERAL; /* Oops */
    1576          67 :   return rc;
    1577             : }
    1578             : 
    1579             : 
    1580             : /* This function is similar to get_pubkey_byfprint, but it doesn't
    1581             :  * merge the self-signed data into the public key and subkeys or into
    1582             :  * the user ids.  It also doesn't add the key to the user id cache.
    1583             :  * Further, this function ignores PK->REQ_USAGE.
    1584             :  *
    1585             :  * This function is intended to avoid recursion and, as such, should
    1586             :  * only be used in very specific situations.
    1587             :  *
    1588             :  * Like get_pubkey_byfprint, PK may be NULL.  In that case, this
    1589             :  * function effectively just checks for the existence of the key.  */
    1590             : int
    1591         103 : get_pubkey_byfprint_fast (PKT_public_key * pk,
    1592             :                           const byte * fprint, size_t fprint_len)
    1593             : {
    1594         103 :   int rc = 0;
    1595             :   KEYDB_HANDLE hd;
    1596             :   KBNODE keyblock;
    1597             :   byte fprbuf[MAX_FINGERPRINT_LEN];
    1598             :   int i;
    1599             : 
    1600        2163 :   for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
    1601        2060 :     fprbuf[i] = fprint[i];
    1602         206 :   while (i < MAX_FINGERPRINT_LEN)
    1603           0 :     fprbuf[i++] = 0;
    1604             : 
    1605         103 :   hd = keydb_new ();
    1606         103 :   if (!hd)
    1607           0 :     return gpg_error_from_syserror ();
    1608             : 
    1609         103 :   rc = keydb_search_fpr (hd, fprbuf);
    1610         103 :   if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
    1611             :     {
    1612          63 :       keydb_release (hd);
    1613          63 :       return GPG_ERR_NO_PUBKEY;
    1614             :     }
    1615          40 :   rc = keydb_get_keyblock (hd, &keyblock);
    1616          40 :   keydb_release (hd);
    1617          40 :   if (rc)
    1618             :     {
    1619           0 :       log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
    1620           0 :       return GPG_ERR_NO_PUBKEY;
    1621             :     }
    1622             : 
    1623          40 :   log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
    1624             :               || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
    1625          40 :   if (pk)
    1626          40 :     copy_public_key (pk, keyblock->pkt->pkt.public_key);
    1627          40 :   release_kbnode (keyblock);
    1628             : 
    1629             :   /* Not caching key here since it won't have all of the fields
    1630             :      properly set. */
    1631             : 
    1632          40 :   return 0;
    1633             : }
    1634             : 
    1635             : const char *
    1636          95 : parse_def_secret_key (ctrl_t ctrl)
    1637             : {
    1638          95 :   KEYDB_HANDLE hd = NULL;
    1639             :   strlist_t t;
    1640             :   static int warned;
    1641             : 
    1642          95 :   for (t = opt.def_secret_key; t; t = t->next)
    1643             :     {
    1644             :       gpg_error_t err;
    1645             :       KEYDB_SEARCH_DESC desc;
    1646             :       KBNODE kb;
    1647             :       KBNODE node;
    1648             : 
    1649          10 :       err = classify_user_id (t->d, &desc, 1);
    1650          10 :       if (err)
    1651             :         {
    1652           0 :           log_error (_("secret key \"%s\" not found: %s\n"),
    1653           0 :                      t->d, gpg_strerror (err));
    1654           0 :           if (!opt.quiet)
    1655           0 :             log_info (_("(check argument of option '%s')\n"), "--default-key");
    1656           0 :           continue;
    1657             :         }
    1658             : 
    1659          10 :       if (! hd)
    1660             :         {
    1661          10 :           hd = keydb_new ();
    1662          10 :           if (!hd)
    1663           0 :             return NULL;
    1664             :         }
    1665             :       else
    1666           0 :         keydb_search_reset (hd);
    1667             : 
    1668             : 
    1669          10 :       err = keydb_search (hd, &desc, 1, NULL);
    1670          10 :       if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
    1671           0 :         continue;
    1672             : 
    1673          10 :       if (err)
    1674             :         {
    1675           0 :           log_error (_("key \"%s\" not found: %s\n"), t->d, gpg_strerror (err));
    1676           0 :           t = NULL;
    1677          10 :           break;
    1678             :         }
    1679             : 
    1680          10 :       err = keydb_get_keyblock (hd, &kb);
    1681          10 :       if (err)
    1682             :         {
    1683           0 :           log_error (_("error reading keyblock: %s\n"),
    1684             :                      gpg_strerror (err));
    1685           0 :           continue;
    1686             :         }
    1687             : 
    1688          10 :       merge_selfsigs (kb);
    1689             : 
    1690          10 :       err = gpg_error (GPG_ERR_NO_SECKEY);
    1691          10 :       node = kb;
    1692             :       do
    1693             :         {
    1694          10 :           PKT_public_key *pk = node->pkt->pkt.public_key;
    1695             : 
    1696             :           /* Check that the key has the signing capability.  */
    1697          10 :           if (! (pk->pubkey_usage & PUBKEY_USAGE_SIG))
    1698           0 :             continue;
    1699             : 
    1700             :           /* Check if the key is valid.  */
    1701          10 :           if (pk->flags.revoked)
    1702             :             {
    1703           0 :               if (DBG_LOOKUP)
    1704           0 :                 log_debug ("not using %s as default key, %s",
    1705             :                            keystr_from_pk (pk), "revoked");
    1706           0 :               continue;
    1707             :             }
    1708          10 :           if (pk->has_expired)
    1709             :             {
    1710           0 :               if (DBG_LOOKUP)
    1711           0 :                 log_debug ("not using %s as default key, %s",
    1712             :                            keystr_from_pk (pk), "expired");
    1713           0 :               continue;
    1714             :             }
    1715          10 :           if (pk_is_disabled (pk))
    1716             :             {
    1717           0 :               if (DBG_LOOKUP)
    1718           0 :                 log_debug ("not using %s as default key, %s",
    1719             :                            keystr_from_pk (pk), "disabled");
    1720           0 :               continue;
    1721             :             }
    1722             : 
    1723          10 :           err = agent_probe_secret_key (ctrl, pk);
    1724          10 :           if (! err)
    1725             :             /* This is a valid key.  */
    1726          10 :             break;
    1727             :         }
    1728           0 :       while ((node = find_next_kbnode (node, PKT_PUBLIC_SUBKEY)));
    1729             : 
    1730          10 :       release_kbnode (kb);
    1731          10 :       if (err)
    1732             :         {
    1733           0 :           if (! warned && ! opt.quiet)
    1734             :             {
    1735           0 :               log_info (_("Warning: not using '%s' as default key: %s\n"),
    1736           0 :                         t->d, gpg_strerror (GPG_ERR_NO_SECKEY));
    1737           0 :               print_reported_error (err, GPG_ERR_NO_SECKEY);
    1738             :             }
    1739             :         }
    1740             :       else
    1741             :         {
    1742          10 :           if (! warned && ! opt.quiet)
    1743          10 :             log_info (_("using \"%s\" as default secret key for signing\n"),
    1744          10 :                       t->d);
    1745          10 :           break;
    1746             :         }
    1747             :     }
    1748             : 
    1749          95 :   if (! warned && opt.def_secret_key && ! t)
    1750           0 :     log_info (_("all values passed to '%s' ignored\n"),
    1751             :               "--default-key");
    1752             : 
    1753          95 :   warned = 1;
    1754             : 
    1755          95 :   if (hd)
    1756          10 :     keydb_release (hd);
    1757             : 
    1758          95 :   if (t)
    1759          10 :     return t->d;
    1760          85 :   return NULL;
    1761             : }
    1762             : 
    1763             : 
    1764             : /* Look up a secret key.
    1765             :  *
    1766             :  * If PK is not NULL, the public key of the first result is returned
    1767             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    1768             :  * set, it is used to filter the search results.  See the
    1769             :  * documentation for finish_lookup to understand exactly how this is
    1770             :  * used.  Note: The self-signed data has already been merged into the
    1771             :  * public key using merge_selfsigs.  Free *PK by calling
    1772             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1773             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1774             :  * and then xfree(PK)).
    1775             :  *
    1776             :  * If --default-key was set, then the specified key is looked up.  (In
    1777             :  * this case, the default key is returned even if it is considered
    1778             :  * unusable.  See the documentation for skip_unusable for exactly what
    1779             :  * this means.)
    1780             :  *
    1781             :  * Otherwise, this initiates a DB scan that returns all keys that are
    1782             :  * usable (see previous paragraph for exactly what usable means) and
    1783             :  * for which a secret key is available.
    1784             :  *
    1785             :  * This function returns the first match.  Additional results can be
    1786             :  * returned using getkey_next.  */
    1787             : gpg_error_t
    1788           0 : get_seckey_default (ctrl_t ctrl, PKT_public_key *pk)
    1789             : {
    1790             :   gpg_error_t err;
    1791           0 :   strlist_t namelist = NULL;
    1792           0 :   int include_unusable = 1;
    1793             : 
    1794             : 
    1795           0 :   const char *def_secret_key = parse_def_secret_key (ctrl);
    1796           0 :   if (def_secret_key)
    1797           0 :     add_to_strlist (&namelist, def_secret_key);
    1798             :   else
    1799           0 :     include_unusable = 0;
    1800             : 
    1801           0 :   err = key_byname (NULL, namelist, pk, 1, include_unusable, NULL, NULL);
    1802             : 
    1803           0 :   free_strlist (namelist);
    1804             : 
    1805           0 :   return err;
    1806             : }
    1807             : 
    1808             : 
    1809             : 
    1810             : /* Search for keys matching some criteria.
    1811             :  *
    1812             :  * If RETCTX is not NULL, then the constructed context is returned in
    1813             :  * *RETCTX so that getpubkey_next can be used to get subsequent
    1814             :  * results.  In this case, getkey_end() must be used to free the
    1815             :  * search context.  If RETCTX is not NULL, then RET_KDBHD must be
    1816             :  * NULL.
    1817             :  *
    1818             :  * If PK is not NULL, the public key of the first result is returned
    1819             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    1820             :  * set, it is used to filter the search results.  See the
    1821             :  * documentation for finish_lookup to understand exactly how this is
    1822             :  * used.  Note: The self-signed data has already been merged into the
    1823             :  * public key using merge_selfsigs.  Free *PK by calling
    1824             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1825             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1826             :  * and then xfree(PK)).
    1827             :  *
    1828             :  * If NAMES is not NULL, then a search query is constructed using
    1829             :  * classify_user_id on each of the strings in the list.  (Recall: the
    1830             :  * database does an OR of the terms, not an AND.)  If NAMES is
    1831             :  * NULL, then all results are returned.
    1832             :  *
    1833             :  * If WANT_SECRET is set, then only keys with an available secret key
    1834             :  * (either locally or via key registered on a smartcard) are returned.
    1835             :  *
    1836             :  * This function does not skip unusable keys (see the documentation
    1837             :  * for skip_unusable for an exact definition).
    1838             :  *
    1839             :  * If RET_KEYBLOCK is not NULL, the keyblock is returned in
    1840             :  * *RET_KEYBLOCK.  This should be freed using release_kbnode().
    1841             :  *
    1842             :  * This function returns 0 on success.  Otherwise, an error code is
    1843             :  * returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    1844             :  * (if want_secret is set) is returned if the key is not found.  */
    1845             : gpg_error_t
    1846          58 : getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
    1847             :                 strlist_t names, int want_secret, kbnode_t *ret_keyblock)
    1848             : {
    1849          58 :   return key_byname (retctx, names, pk, want_secret, 1,
    1850             :                      ret_keyblock, NULL);
    1851             : }
    1852             : 
    1853             : 
    1854             : /* Search for one key matching some criteria.
    1855             :  *
    1856             :  * If RETCTX is not NULL, then the constructed context is returned in
    1857             :  * *RETCTX so that getpubkey_next can be used to get subsequent
    1858             :  * results.  In this case, getkey_end() must be used to free the
    1859             :  * search context.  If RETCTX is not NULL, then RET_KDBHD must be
    1860             :  * NULL.
    1861             :  *
    1862             :  * If PK is not NULL, the public key of the first result is returned
    1863             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    1864             :  * set, it is used to filter the search results.  See the
    1865             :  * documentation for finish_lookup to understand exactly how this is
    1866             :  * used.  Note: The self-signed data has already been merged into the
    1867             :  * public key using merge_selfsigs.  Free *PK by calling
    1868             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1869             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1870             :  * and then xfree(PK)).
    1871             :  *
    1872             :  * If NAME is not NULL, then a search query is constructed using
    1873             :  * classify_user_id on the string.  In this case, even unusable keys
    1874             :  * (see the documentation for skip_unusable for an exact definition of
    1875             :  * unusable) are returned.  Otherwise, if --default-key was set, then
    1876             :  * that key is returned (even if it is unusable).  If neither of these
    1877             :  * conditions holds, then the first usable key is returned.
    1878             :  *
    1879             :  * If WANT_SECRET is set, then only keys with an available secret key
    1880             :  * (either locally or via key registered on a smartcard) are returned.
    1881             :  *
    1882             :  * This function does not skip unusable keys (see the documentation
    1883             :  * for skip_unusable for an exact definition).
    1884             :  *
    1885             :  * If RET_KEYBLOCK is not NULL, the keyblock is returned in
    1886             :  * *RET_KEYBLOCK.  This should be freed using release_kbnode().
    1887             :  *
    1888             :  * This function returns 0 on success.  Otherwise, an error code is
    1889             :  * returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    1890             :  * (if want_secret is set) is returned if the key is not found.
    1891             :  *
    1892             :  * FIXME: We also have the get_pubkey_byname function which has a
    1893             :  * different semantic.  Should be merged with this one.  */
    1894             : gpg_error_t
    1895         131 : getkey_byname (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
    1896             :                const char *name, int want_secret, kbnode_t *ret_keyblock)
    1897             : {
    1898             :   gpg_error_t err;
    1899         131 :   strlist_t namelist = NULL;
    1900         131 :   int with_unusable = 1;
    1901         131 :   const char *def_secret_key = NULL;
    1902             : 
    1903         131 :   if (want_secret && !name)
    1904          90 :     def_secret_key = parse_def_secret_key (ctrl);
    1905             : 
    1906         131 :   if (want_secret && !name && def_secret_key)
    1907           5 :     add_to_strlist (&namelist, def_secret_key);
    1908         126 :   else if (name)
    1909          41 :     add_to_strlist (&namelist, name);
    1910             :   else
    1911          85 :     with_unusable = 0;
    1912             : 
    1913         131 :   err = key_byname (retctx, namelist, pk, want_secret, with_unusable,
    1914             :                     ret_keyblock, NULL);
    1915             : 
    1916             :   /* FIXME: Check that we really return GPG_ERR_NO_SECKEY if
    1917             :      WANT_SECRET has been used.  */
    1918             : 
    1919         131 :   free_strlist (namelist);
    1920             : 
    1921         131 :   return err;
    1922             : }
    1923             : 
    1924             : 
    1925             : /* Return the next search result.
    1926             :  *
    1927             :  * If PK is not NULL, the public key of the next result is returned in
    1928             :  * *PK.  Note: The self-signed data has already been merged into the
    1929             :  * public key using merge_selfsigs.  Free *PK by calling
    1930             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1931             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1932             :  * and then xfree(PK)).
    1933             :  *
    1934             :  * RET_KEYBLOCK can be given as NULL; if it is not NULL it the entire
    1935             :  * found keyblock wis retruned hich must be released with
    1936             :  * release_kbnode.  If the function returns an error NULL is stored at
    1937             :  * RET_KEYBLOCK.
    1938             :  *
    1939             :  * The self-signed data has already been merged into the public key
    1940             :  * using merge_selfsigs.  */
    1941             : gpg_error_t
    1942          59 : getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
    1943             : {
    1944             :   int rc; /* Fixme:  Make sure this is proper gpg_error */
    1945          59 :   KBNODE found_key = NULL;
    1946             : 
    1947             :   /* We need to disable the caching so that for an exact key search we
    1948             :      won't get the result back from the cache and thus end up in an
    1949             :      endless loop.  The endless loop can occur, because the cache is
    1950             :      used without respecting the current file pointer!  */
    1951          59 :   keydb_disable_caching (ctx->kr_handle);
    1952             : 
    1953          59 :   rc = lookup (ctx, ret_keyblock, &found_key, ctx->want_secret);
    1954          59 :   if (!rc && pk && ret_keyblock)
    1955           0 :     pk_from_block (pk, *ret_keyblock, found_key);
    1956             : 
    1957          59 :   return rc;
    1958             : }
    1959             : 
    1960             : 
    1961             : /* Release any resources used by a key listing context.  This must be
    1962             :  * called on the context returned by, e.g., getkey_byname.  */
    1963             : void
    1964        2138 : getkey_end (getkey_ctx_t ctx)
    1965             : {
    1966        2138 :   if (ctx)
    1967             :     {
    1968        2138 :       keydb_release (ctx->kr_handle);
    1969        2138 :       free_strlist (ctx->extra_list);
    1970        2138 :       if (!ctx->not_allocated)
    1971         438 :         xfree (ctx);
    1972             :     }
    1973        2138 : }
    1974             : 
    1975             : 
    1976             : 
    1977             : /************************************************
    1978             :  ************* Merging stuff ********************
    1979             :  ************************************************/
    1980             : 
    1981             : /* Set the mainkey_id fields for all keys in KEYBLOCK.  This is
    1982             :  * usually done by merge_selfsigs but at some places we only need the
    1983             :  * main_kid not a full merge.  The function also guarantees that all
    1984             :  * pk->keyids are computed.  */
    1985             : void
    1986           7 : setup_main_keyids (kbnode_t keyblock)
    1987             : {
    1988             :   u32 kid[2], mainkid[2];
    1989             :   kbnode_t kbctx, node;
    1990             :   PKT_public_key *pk;
    1991             : 
    1992           7 :   if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
    1993           0 :     BUG ();
    1994           7 :   pk = keyblock->pkt->pkt.public_key;
    1995             : 
    1996           7 :   keyid_from_pk (pk, mainkid);
    1997          51 :   for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
    1998             :     {
    1999          67 :       if (!(node->pkt->pkttype == PKT_PUBLIC_KEY
    2000          30 :             || node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
    2001          25 :         continue;
    2002          12 :       pk = node->pkt->pkt.public_key;
    2003          12 :       keyid_from_pk (pk, kid); /* Make sure pk->keyid is set.  */
    2004          12 :       if (!pk->main_keyid[0] && !pk->main_keyid[1])
    2005             :         {
    2006          12 :           pk->main_keyid[0] = mainkid[0];
    2007          12 :           pk->main_keyid[1] = mainkid[1];
    2008             :         }
    2009             :     }
    2010           7 : }
    2011             : 
    2012             : 
    2013             : /* KEYBLOCK corresponds to a public key block.  This function merges
    2014             :  * much of the information from the self-signed data into the public
    2015             :  * key, public subkey and user id data structures.  If you use the
    2016             :  * high-level search API (e.g., get_pubkey) for looking up key blocks,
    2017             :  * then you don't need to call this function.  This function is
    2018             :  * useful, however, if you change the keyblock, e.g., by adding or
    2019             :  * removing a self-signed data packet.  */
    2020             : void
    2021          45 : merge_keys_and_selfsig (KBNODE keyblock)
    2022             : {
    2023          45 :   if (!keyblock)
    2024             :     ;
    2025          45 :   else if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
    2026          45 :     merge_selfsigs (keyblock);
    2027             :   else
    2028           0 :     log_debug ("FIXME: merging secret key blocks is not anymore available\n");
    2029          45 : }
    2030             : 
    2031             : 
    2032             : static int
    2033        5274 : parse_key_usage (PKT_signature * sig)
    2034             : {
    2035        5274 :   int key_usage = 0;
    2036             :   const byte *p;
    2037             :   size_t n;
    2038             :   byte flags;
    2039             : 
    2040        5274 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n);
    2041        5274 :   if (p && n)
    2042             :     {
    2043             :       /* First octet of the keyflags.  */
    2044        2648 :       flags = *p;
    2045             : 
    2046        2648 :       if (flags & 1)
    2047             :         {
    2048        1254 :           key_usage |= PUBKEY_USAGE_CERT;
    2049        1254 :           flags &= ~1;
    2050             :         }
    2051             : 
    2052        2648 :       if (flags & 2)
    2053             :         {
    2054        1380 :           key_usage |= PUBKEY_USAGE_SIG;
    2055        1380 :           flags &= ~2;
    2056             :         }
    2057             : 
    2058             :       /* We do not distinguish between encrypting communications and
    2059             :          encrypting storage. */
    2060        2648 :       if (flags & (0x04 | 0x08))
    2061             :         {
    2062        1275 :           key_usage |= PUBKEY_USAGE_ENC;
    2063        1275 :           flags &= ~(0x04 | 0x08);
    2064             :         }
    2065             : 
    2066        2648 :       if (flags & 0x20)
    2067             :         {
    2068           1 :           key_usage |= PUBKEY_USAGE_AUTH;
    2069           1 :           flags &= ~0x20;
    2070             :         }
    2071             : 
    2072        2648 :       if (flags)
    2073           0 :         key_usage |= PUBKEY_USAGE_UNKNOWN;
    2074             : 
    2075        5296 :       if (!key_usage)
    2076           0 :         key_usage |= PUBKEY_USAGE_NONE;
    2077             :     }
    2078        2626 :   else if (p) /* Key flags of length zero.  */
    2079           0 :     key_usage |= PUBKEY_USAGE_NONE;
    2080             : 
    2081             :   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
    2082             :      capability that we do not handle.  This serves to distinguish
    2083             :      between a zero key usage which we handle as the default
    2084             :      capabilities for that algorithm, and a usage that we do not
    2085             :      handle.  Likewise we use PUBKEY_USAGE_NONE to indicate that
    2086             :      key_flags have been given but they do not specify any usage.  */
    2087             : 
    2088        5274 :   return key_usage;
    2089             : }
    2090             : 
    2091             : 
    2092             : /* Apply information from SIGNODE (which is the valid self-signature
    2093             :  * associated with that UID) to the UIDNODE:
    2094             :  * - weather the UID has been revoked
    2095             :  * - assumed creation date of the UID
    2096             :  * - temporary store the keyflags here
    2097             :  * - temporary store the key expiration time here
    2098             :  * - mark whether the primary user ID flag hat been set.
    2099             :  * - store the preferences
    2100             :  */
    2101             : static void
    2102        2942 : fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
    2103             : {
    2104        2942 :   PKT_user_id *uid = uidnode->pkt->pkt.user_id;
    2105        2942 :   PKT_signature *sig = signode->pkt->pkt.signature;
    2106             :   const byte *p, *sym, *hash, *zip;
    2107             :   size_t n, nsym, nhash, nzip;
    2108             : 
    2109        2942 :   sig->flags.chosen_selfsig = 1;/* We chose this one. */
    2110        2942 :   uid->created = 0;          /* Not created == invalid. */
    2111        2942 :   if (IS_UID_REV (sig))
    2112             :     {
    2113           0 :       uid->is_revoked = 1;
    2114           0 :       return; /* Has been revoked.  */
    2115             :     }
    2116             :   else
    2117        2942 :     uid->is_revoked = 0;
    2118             : 
    2119        2942 :   uid->expiredate = sig->expiredate;
    2120             : 
    2121        2942 :   if (sig->flags.expired)
    2122             :     {
    2123           0 :       uid->is_expired = 1;
    2124           0 :       return; /* Has expired.  */
    2125             :     }
    2126             :   else
    2127        2942 :     uid->is_expired = 0;
    2128             : 
    2129        2942 :   uid->created = sig->timestamp; /* This one is okay. */
    2130        2942 :   uid->selfsigversion = sig->version;
    2131             :   /* If we got this far, it's not expired :) */
    2132        2942 :   uid->is_expired = 0;
    2133             : 
    2134             :   /* Store the key flags in the helper variable for later processing.  */
    2135        2942 :   uid->help_key_usage = parse_key_usage (sig);
    2136             : 
    2137             :   /* Ditto for the key expiration.  */
    2138        2942 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
    2139        2942 :   if (p && buf32_to_u32 (p))
    2140         124 :     uid->help_key_expire = keycreated + buf32_to_u32 (p);
    2141             :   else
    2142        2818 :     uid->help_key_expire = 0;
    2143             : 
    2144             :   /* Set the primary user ID flag - we will later wipe out some
    2145             :    * of them to only have one in our keyblock.  */
    2146        2942 :   uid->is_primary = 0;
    2147        2942 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
    2148        2942 :   if (p && *p)
    2149         135 :     uid->is_primary = 2;
    2150             : 
    2151             :   /* We could also query this from the unhashed area if it is not in
    2152             :    * the hased area and then later try to decide which is the better
    2153             :    * there should be no security problem with this.
    2154             :    * For now we only look at the hashed one.  */
    2155             : 
    2156             :   /* Now build the preferences list.  These must come from the
    2157             :      hashed section so nobody can modify the ciphers a key is
    2158             :      willing to accept.  */
    2159        2942 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM, &n);
    2160        2942 :   sym = p;
    2161        2942 :   nsym = p ? n : 0;
    2162        2942 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH, &n);
    2163        2942 :   hash = p;
    2164        2942 :   nhash = p ? n : 0;
    2165        2942 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR, &n);
    2166        2942 :   zip = p;
    2167        2942 :   nzip = p ? n : 0;
    2168        2942 :   if (uid->prefs)
    2169          17 :     xfree (uid->prefs);
    2170        2942 :   n = nsym + nhash + nzip;
    2171        2942 :   if (!n)
    2172           0 :     uid->prefs = NULL;
    2173             :   else
    2174             :     {
    2175        2942 :       uid->prefs = xmalloc (sizeof (*uid->prefs) * (n + 1));
    2176        2942 :       n = 0;
    2177       13467 :       for (; nsym; nsym--, n++)
    2178             :         {
    2179       10525 :           uid->prefs[n].type = PREFTYPE_SYM;
    2180       10525 :           uid->prefs[n].value = *sym++;
    2181             :         }
    2182        8738 :       for (; nhash; nhash--, n++)
    2183             :         {
    2184        5796 :           uid->prefs[n].type = PREFTYPE_HASH;
    2185        5796 :           uid->prefs[n].value = *hash++;
    2186             :         }
    2187        7930 :       for (; nzip; nzip--, n++)
    2188             :         {
    2189        4988 :           uid->prefs[n].type = PREFTYPE_ZIP;
    2190        4988 :           uid->prefs[n].value = *zip++;
    2191             :         }
    2192        2942 :       uid->prefs[n].type = PREFTYPE_NONE; /* End of list marker  */
    2193        2942 :       uid->prefs[n].value = 0;
    2194             :     }
    2195             : 
    2196             :   /* See whether we have the MDC feature.  */
    2197        2942 :   uid->flags.mdc = 0;
    2198        2942 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
    2199        2942 :   if (p && n && (p[0] & 0x01))
    2200        1261 :     uid->flags.mdc = 1;
    2201             : 
    2202             :   /* And the keyserver modify flag.  */
    2203        2942 :   uid->flags.ks_modify = 1;
    2204        2942 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
    2205        2942 :   if (p && n && (p[0] & 0x80))
    2206        2286 :     uid->flags.ks_modify = 0;
    2207             : }
    2208             : 
    2209             : static void
    2210           0 : sig_to_revoke_info (PKT_signature * sig, struct revoke_info *rinfo)
    2211             : {
    2212           0 :   rinfo->date = sig->timestamp;
    2213           0 :   rinfo->algo = sig->pubkey_algo;
    2214           0 :   rinfo->keyid[0] = sig->keyid[0];
    2215           0 :   rinfo->keyid[1] = sig->keyid[1];
    2216           0 : }
    2217             : 
    2218             : 
    2219             : /* Given a keyblock, parse the key block and extract various pieces of
    2220             :    information and save them with the primary key packet and the user
    2221             :    id packets.  For instance, some information is stored in signature
    2222             :    packets.  We find the latest such valid packet (since the user can
    2223             :    change that information) and copy its contents into the
    2224             :    PKT_public_key.
    2225             : 
    2226             :    Note that R_REVOKED may be set to 0, 1 or 2.
    2227             : 
    2228             :    This function fills in the following fields in the primary key's
    2229             :    keyblock:
    2230             : 
    2231             :      main_keyid          (computed)
    2232             :      revkey / numrevkeys (derived from self signed key data)
    2233             :      flags.valid         (whether we have at least 1 self-sig)
    2234             :      flags.maybe_revoked (whether a designed revoked the key, but
    2235             :                           we are missing the key to check the sig)
    2236             :      selfsigversion      (highest version of any valid self-sig)
    2237             :      pubkey_usage        (derived from most recent self-sig or most
    2238             :                           recent user id)
    2239             :      has_expired         (various sources)
    2240             :      expiredate          (various sources)
    2241             : 
    2242             :   See the documentation for fixup_uidnode for how the user id packets
    2243             :   are modified.  In addition to that the primary user id's is_primary
    2244             :   field is set to 1 and the other user id's is_primary are set to
    2245             :   0.  */
    2246             : static void
    2247        2193 : merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
    2248             :                      struct revoke_info *rinfo)
    2249             : {
    2250        2193 :   PKT_public_key *pk = NULL;
    2251             :   KBNODE k;
    2252             :   u32 kid[2];
    2253             :   u32 sigdate, uiddate, uiddate2;
    2254             :   KBNODE signode, uidnode, uidnode2;
    2255        2193 :   u32 curtime = make_timestamp ();
    2256        2193 :   unsigned int key_usage = 0;
    2257        2193 :   u32 keytimestamp = 0;
    2258        2193 :   u32 key_expire = 0;
    2259        2193 :   int key_expire_seen = 0;
    2260        2193 :   byte sigversion = 0;
    2261             : 
    2262        2193 :   *r_revoked = 0;
    2263        2193 :   memset (rinfo, 0, sizeof (*rinfo));
    2264             : 
    2265             :   /* Section 11.1 of RFC 4880 determines the order of packets within a
    2266             :      message.  There are three sections, which must occur in the
    2267             :      following order: the public key, the user ids and user attributes
    2268             :      and the subkeys.  Within each section, each primary packet (e.g.,
    2269             :      a user id packet) is followed by one or more signature packets,
    2270             :      which modify that packet.  */
    2271             : 
    2272             :   /* According to Section 11.1 of RFC 4880, the public key must be the
    2273             :      first packet.  */
    2274        2193 :   if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
    2275             :     /* parse_keyblock_image ensures that the first packet is the
    2276             :        public key.  */
    2277           0 :     BUG ();
    2278        2193 :   pk = keyblock->pkt->pkt.public_key;
    2279        2193 :   keytimestamp = pk->timestamp;
    2280             : 
    2281        2193 :   keyid_from_pk (pk, kid);
    2282        2193 :   pk->main_keyid[0] = kid[0];
    2283        2193 :   pk->main_keyid[1] = kid[1];
    2284             : 
    2285        2193 :   if (pk->version < 4)
    2286             :     {
    2287             :       /* Before v4 the key packet itself contains the expiration date
    2288             :        * and there was no way to change it, so we start with the one
    2289             :        * from the key packet.  */
    2290           0 :       key_expire = pk->max_expiredate;
    2291           0 :       key_expire_seen = 1;
    2292             :     }
    2293             : 
    2294             :   /* First pass:
    2295             : 
    2296             :       - Find the latest direct key self-signature.  We assume that the
    2297             :         newest one overrides all others.
    2298             : 
    2299             :       - Determine whether the key has been revoked.
    2300             : 
    2301             :       - Gather all revocation keys (unlike other data, we don't just
    2302             :         take them from the latest self-signed packet).
    2303             : 
    2304             :       - Determine max (sig[...]->version).
    2305             :    */
    2306             : 
    2307             :   /* Reset this in case this key was already merged. */
    2308        2193 :   xfree (pk->revkey);
    2309        2193 :   pk->revkey = NULL;
    2310        2193 :   pk->numrevkeys = 0;
    2311             : 
    2312        2193 :   signode = NULL;
    2313        2193 :   sigdate = 0; /* Helper variable to find the latest signature.  */
    2314             : 
    2315             :   /* According to Section 11.1 of RFC 4880, the public key comes first
    2316             :      and is immediately followed by any signature packets that modify
    2317             :      it.  */
    2318        6581 :   for (k = keyblock;
    2319        4388 :        k && k->pkt->pkttype != PKT_USER_ID
    2320        2195 :          && k->pkt->pkttype != PKT_ATTRIBUTE
    2321        2195 :          && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2322        2195 :        k = k->next)
    2323             :     {
    2324        2195 :       if (k->pkt->pkttype == PKT_SIGNATURE)
    2325             :         {
    2326           2 :           PKT_signature *sig = k->pkt->pkt.signature;
    2327           2 :           if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
    2328             :             /* Self sig.  */
    2329             :             {
    2330           2 :               if (check_key_signature (keyblock, k, NULL))
    2331             :                 ; /* Signature did not verify.  */
    2332           2 :               else if (IS_KEY_REV (sig))
    2333             :                 {
    2334             :                   /* Key has been revoked - there is no way to
    2335             :                    * override such a revocation, so we theoretically
    2336             :                    * can stop now.  We should not cope with expiration
    2337             :                    * times for revocations here because we have to
    2338             :                    * assume that an attacker can generate all kinds of
    2339             :                    * signatures.  However due to the fact that the key
    2340             :                    * has been revoked it does not harm either and by
    2341             :                    * continuing we gather some more info on that
    2342             :                    * key.  */
    2343           0 :                   *r_revoked = 1;
    2344           0 :                   sig_to_revoke_info (sig, rinfo);
    2345             :                 }
    2346           2 :               else if (IS_KEY_SIG (sig))
    2347             :                 {
    2348             :                   /* Add the indicated revocations keys from all
    2349             :                      signatures not just the latest.  We do this
    2350             :                      because you need multiple 1F sigs to properly
    2351             :                      handle revocation keys (PGP does it this way, and
    2352             :                      a revocation key could be sensitive and hence in
    2353             :                      a different signature). */
    2354           2 :                   if (sig->revkey)
    2355             :                     {
    2356             :                       int i;
    2357             : 
    2358           2 :                       pk->revkey =
    2359           2 :                         xrealloc (pk->revkey, sizeof (struct revocation_key) *
    2360             :                                   (pk->numrevkeys + sig->numrevkeys));
    2361             : 
    2362           4 :                       for (i = 0; i < sig->numrevkeys; i++)
    2363           4 :                         memcpy (&pk->revkey[pk->numrevkeys++],
    2364           4 :                                 &sig->revkey[i],
    2365             :                                 sizeof (struct revocation_key));
    2366             :                     }
    2367             : 
    2368           2 :                   if (sig->timestamp >= sigdate)
    2369             :                     /* This is the latest signature so far.  */
    2370             :                     {
    2371           2 :                       if (sig->flags.expired)
    2372             :                         ; /* Signature has expired - ignore it.  */
    2373             :                       else
    2374             :                         {
    2375           2 :                           sigdate = sig->timestamp;
    2376           2 :                           signode = k;
    2377           2 :                           if (sig->version > sigversion)
    2378           2 :                             sigversion = sig->version;
    2379             : 
    2380             :                         }
    2381             :                     }
    2382             :                 }
    2383             :             }
    2384             :         }
    2385             :     }
    2386             : 
    2387             :   /* Remove dupes from the revocation keys.  */
    2388        2193 :   if (pk->revkey)
    2389             :     {
    2390           2 :       int i, j, x, changed = 0;
    2391             : 
    2392           4 :       for (i = 0; i < pk->numrevkeys; i++)
    2393             :         {
    2394           2 :           for (j = i + 1; j < pk->numrevkeys; j++)
    2395             :             {
    2396           0 :               if (memcmp (&pk->revkey[i], &pk->revkey[j],
    2397             :                           sizeof (struct revocation_key)) == 0)
    2398             :                 {
    2399             :                   /* remove j */
    2400             : 
    2401           0 :                   for (x = j; x < pk->numrevkeys - 1; x++)
    2402           0 :                     pk->revkey[x] = pk->revkey[x + 1];
    2403             : 
    2404           0 :                   pk->numrevkeys--;
    2405           0 :                   j--;
    2406           0 :                   changed = 1;
    2407             :                 }
    2408             :             }
    2409             :         }
    2410             : 
    2411           2 :       if (changed)
    2412           0 :         pk->revkey = xrealloc (pk->revkey,
    2413             :                                pk->numrevkeys *
    2414             :                                sizeof (struct revocation_key));
    2415             :     }
    2416             : 
    2417        2193 :   if (signode)
    2418             :     /* SIGNODE is the 1F signature packet with the latest creation
    2419             :        time.  Extract some information from it.  */
    2420             :     {
    2421             :       /* Some information from a direct key signature take precedence
    2422             :        * over the same information given in UID sigs.  */
    2423           2 :       PKT_signature *sig = signode->pkt->pkt.signature;
    2424             :       const byte *p;
    2425             : 
    2426           2 :       key_usage = parse_key_usage (sig);
    2427             : 
    2428           2 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
    2429           2 :       if (p && buf32_to_u32 (p))
    2430             :         {
    2431           0 :           key_expire = keytimestamp + buf32_to_u32 (p);
    2432           0 :           key_expire_seen = 1;
    2433             :         }
    2434             : 
    2435             :       /* Mark that key as valid: One direct key signature should
    2436             :        * render a key as valid.  */
    2437           2 :       pk->flags.valid = 1;
    2438             :     }
    2439             : 
    2440             :   /* Pass 1.5: Look for key revocation signatures that were not made
    2441             :      by the key (i.e. did a revocation key issue a revocation for
    2442             :      us?).  Only bother to do this if there is a revocation key in the
    2443             :      first place and we're not revoked already.  */
    2444             : 
    2445        2193 :   if (!*r_revoked && pk->revkey)
    2446           6 :     for (k = keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next)
    2447             :       {
    2448           4 :         if (k->pkt->pkttype == PKT_SIGNATURE)
    2449             :           {
    2450           2 :             PKT_signature *sig = k->pkt->pkt.signature;
    2451             : 
    2452           2 :             if (IS_KEY_REV (sig) &&
    2453           0 :                 (sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1]))
    2454             :               {
    2455           0 :                 int rc = check_revocation_keys (pk, sig);
    2456           0 :                 if (rc == 0)
    2457             :                   {
    2458           0 :                     *r_revoked = 2;
    2459           0 :                     sig_to_revoke_info (sig, rinfo);
    2460             :                     /* Don't continue checking since we can't be any
    2461             :                        more revoked than this.  */
    2462           0 :                     break;
    2463             :                   }
    2464           0 :                 else if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
    2465           0 :                   pk->flags.maybe_revoked = 1;
    2466             : 
    2467             :                 /* A failure here means the sig did not verify, was
    2468             :                    not issued by a revocation key, or a revocation
    2469             :                    key loop was broken.  If a revocation key isn't
    2470             :                    findable, however, the key might be revoked and
    2471             :                    we don't know it.  */
    2472             : 
    2473             :                 /* TODO: In the future handle subkey and cert
    2474             :                    revocations?  PGP doesn't, but it's in 2440. */
    2475             :               }
    2476             :           }
    2477             :       }
    2478             : 
    2479             :   /* Second pass: Look at the self-signature of all user IDs.  */
    2480             : 
    2481             :   /* According to RFC 4880 section 11.1, user id and attribute packets
    2482             :      are in the second section, after the public key packet and before
    2483             :      the subkey packets.  */
    2484        2193 :   signode = uidnode = NULL;
    2485        2193 :   sigdate = 0; /* Helper variable to find the latest signature in one UID. */
    2486       10463 :   for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
    2487             :     {
    2488        8270 :       if (k->pkt->pkttype == PKT_USER_ID || k->pkt->pkttype == PKT_ATTRIBUTE)
    2489             :         /* New user id packet.  */
    2490             :         {
    2491        2951 :           if (uidnode && signode)
    2492             :             /* Apply the data from the most recent self-signed packet
    2493             :                to the preceding user id packet.  */
    2494             :             {
    2495         756 :               fixup_uidnode (uidnode, signode, keytimestamp);
    2496         756 :               pk->flags.valid = 1;
    2497             :             }
    2498             :           /* Clear SIGNODE.  The only relevant self-signed data for
    2499             :              UIDNODE follows it.  */
    2500        2951 :           if (k->pkt->pkttype == PKT_USER_ID)
    2501        2951 :             uidnode = k;
    2502             :           else
    2503           0 :             uidnode = NULL;
    2504        2951 :           signode = NULL;
    2505        2951 :           sigdate = 0;
    2506             :         }
    2507        5319 :       else if (k->pkt->pkttype == PKT_SIGNATURE && uidnode)
    2508             :         {
    2509        3124 :           PKT_signature *sig = k->pkt->pkt.signature;
    2510        3124 :           if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
    2511             :             {
    2512        2985 :               if (check_key_signature (keyblock, k, NULL))
    2513             :                 ;               /* signature did not verify */
    2514        2985 :               else if ((IS_UID_SIG (sig) || IS_UID_REV (sig))
    2515        2985 :                        && sig->timestamp >= sigdate)
    2516             :                 {
    2517             :                   /* Note: we allow invalidation of cert revocations
    2518             :                    * by a newer signature.  An attacker can't use this
    2519             :                    * because a key should be revoked with a key revocation.
    2520             :                    * The reason why we have to allow for that is that at
    2521             :                    * one time an email address may become invalid but later
    2522             :                    * the same email address may become valid again (hired,
    2523             :                    * fired, hired again).  */
    2524             : 
    2525        2984 :                   sigdate = sig->timestamp;
    2526        2984 :                   signode = k;
    2527        2984 :                   signode->pkt->pkt.signature->flags.chosen_selfsig = 0;
    2528        2984 :                   if (sig->version > sigversion)
    2529        2184 :                     sigversion = sig->version;
    2530             :                 }
    2531             :             }
    2532             :         }
    2533             :     }
    2534        2193 :   if (uidnode && signode)
    2535             :     {
    2536        2186 :       fixup_uidnode (uidnode, signode, keytimestamp);
    2537        2186 :       pk->flags.valid = 1;
    2538             :     }
    2539             : 
    2540             :   /* If the key isn't valid yet, and we have
    2541             :      --allow-non-selfsigned-uid set, then force it valid. */
    2542        2193 :   if (!pk->flags.valid && opt.allow_non_selfsigned_uid)
    2543             :     {
    2544           4 :       if (opt.verbose)
    2545           0 :         log_info (_("Invalid key %s made valid by"
    2546             :                     " --allow-non-selfsigned-uid\n"), keystr_from_pk (pk));
    2547           4 :       pk->flags.valid = 1;
    2548             :     }
    2549             : 
    2550             :   /* The key STILL isn't valid, so try and find an ultimately
    2551             :      trusted signature. */
    2552        2193 :   if (!pk->flags.valid)
    2553             :     {
    2554           1 :       uidnode = NULL;
    2555             : 
    2556           9 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2557           7 :            k = k->next)
    2558             :         {
    2559           7 :           if (k->pkt->pkttype == PKT_USER_ID)
    2560           3 :             uidnode = k;
    2561           4 :           else if (k->pkt->pkttype == PKT_SIGNATURE && uidnode)
    2562             :             {
    2563           3 :               PKT_signature *sig = k->pkt->pkt.signature;
    2564             : 
    2565           3 :               if (sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1])
    2566             :                 {
    2567             :                   PKT_public_key *ultimate_pk;
    2568             : 
    2569           3 :                   ultimate_pk = xmalloc_clear (sizeof (*ultimate_pk));
    2570             : 
    2571             :                   /* We don't want to use the full get_pubkey to
    2572             :                      avoid infinite recursion in certain cases.
    2573             :                      There is no reason to check that an ultimately
    2574             :                      trusted key is still valid - if it has been
    2575             :                      revoked the user should also remove the
    2576             :                      ultimate trust flag.  */
    2577           3 :                   if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0
    2578           0 :                       && check_key_signature2 (keyblock, k, ultimate_pk,
    2579             :                                                NULL, NULL, NULL, NULL) == 0
    2580           0 :                       && get_ownertrust (ultimate_pk) == TRUST_ULTIMATE)
    2581             :                     {
    2582           0 :                       free_public_key (ultimate_pk);
    2583           0 :                       pk->flags.valid = 1;
    2584           0 :                       break;
    2585             :                     }
    2586             : 
    2587           3 :                   free_public_key (ultimate_pk);
    2588             :                 }
    2589             :             }
    2590             :         }
    2591             :     }
    2592             : 
    2593             :   /* Record the highest selfsig version so we know if this is a v3
    2594             :      key through and through, or a v3 key with a v4 selfsig
    2595             :      somewhere.  This is useful in a few places to know if the key
    2596             :      must be treated as PGP2-style or OpenPGP-style.  Note that a
    2597             :      selfsig revocation with a higher version number will also raise
    2598             :      this value.  This is okay since such a revocation must be
    2599             :      issued by the user (i.e. it cannot be issued by someone else to
    2600             :      modify the key behavior.) */
    2601             : 
    2602        2193 :   pk->selfsigversion = sigversion;
    2603             : 
    2604             :   /* Now that we had a look at all user IDs we can now get some information
    2605             :    * from those user IDs.
    2606             :    */
    2607             : 
    2608        2193 :   if (!key_usage)
    2609             :     {
    2610             :       /* Find the latest user ID with key flags set. */
    2611        2193 :       uiddate = 0; /* Helper to find the latest user ID.  */
    2612       12656 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2613        8270 :            k = k->next)
    2614             :         {
    2615        8270 :           if (k->pkt->pkttype == PKT_USER_ID)
    2616             :             {
    2617        2951 :               PKT_user_id *uid = k->pkt->pkt.user_id;
    2618        2951 :               if (uid->help_key_usage && uid->created > uiddate)
    2619             :                 {
    2620        1251 :                   key_usage = uid->help_key_usage;
    2621        1251 :                   uiddate = uid->created;
    2622             :                 }
    2623             :             }
    2624             :         }
    2625             :     }
    2626        2193 :   if (!key_usage)
    2627             :     {
    2628             :       /* No key flags at all: get it from the algo.  */
    2629         942 :       key_usage = openpgp_pk_algo_usage (pk->pubkey_algo);
    2630             :     }
    2631             :   else
    2632             :     {
    2633             :       /* Check that the usage matches the usage as given by the algo.  */
    2634        1251 :       int x = openpgp_pk_algo_usage (pk->pubkey_algo);
    2635        1251 :       if (x) /* Mask it down to the actual allowed usage.  */
    2636        1251 :         key_usage &= x;
    2637             :     }
    2638             : 
    2639             :   /* Whatever happens, it's a primary key, so it can certify. */
    2640        2193 :   pk->pubkey_usage = key_usage | PUBKEY_USAGE_CERT;
    2641             : 
    2642        2193 :   if (!key_expire_seen)
    2643             :     {
    2644             :       /* Find the latest valid user ID with a key expiration set
    2645             :        * Note, that this may be a different one from the above because
    2646             :        * some user IDs may have no expiration date set.  */
    2647        2193 :       uiddate = 0;
    2648       12656 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2649        8270 :            k = k->next)
    2650             :         {
    2651        8270 :           if (k->pkt->pkttype == PKT_USER_ID)
    2652             :             {
    2653        2951 :               PKT_user_id *uid = k->pkt->pkt.user_id;
    2654        2951 :               if (uid->help_key_expire && uid->created > uiddate)
    2655             :                 {
    2656         124 :                   key_expire = uid->help_key_expire;
    2657         124 :                   uiddate = uid->created;
    2658             :                 }
    2659             :             }
    2660             :         }
    2661             :     }
    2662             : 
    2663             :   /* Currently only v3 keys have a maximum expiration date, but I'll
    2664             :      bet v5 keys get this feature again. */
    2665        2193 :   if (key_expire == 0
    2666         124 :       || (pk->max_expiredate && key_expire > pk->max_expiredate))
    2667        2069 :     key_expire = pk->max_expiredate;
    2668             : 
    2669        2193 :   pk->has_expired = key_expire >= curtime ? 0 : key_expire;
    2670        2193 :   pk->expiredate = key_expire;
    2671             : 
    2672             :   /* Fixme: we should see how to get rid of the expiretime fields  but
    2673             :    * this needs changes at other places too. */
    2674             : 
    2675             :   /* And now find the real primary user ID and delete all others.  */
    2676        2193 :   uiddate = uiddate2 = 0;
    2677        2193 :   uidnode = uidnode2 = NULL;
    2678       10463 :   for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
    2679             :     {
    2680        8270 :       if (k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data)
    2681             :         {
    2682        2951 :           PKT_user_id *uid = k->pkt->pkt.user_id;
    2683        2951 :           if (uid->is_primary)
    2684             :             {
    2685         137 :               if (uid->created > uiddate)
    2686             :                 {
    2687         135 :                   uiddate = uid->created;
    2688         135 :                   uidnode = k;
    2689             :                 }
    2690           2 :               else if (uid->created == uiddate && uidnode)
    2691             :                 {
    2692             :                   /* The dates are equal, so we need to do a
    2693             :                      different (and arbitrary) comparison.  This
    2694             :                      should rarely, if ever, happen.  It's good to
    2695             :                      try and guarantee that two different GnuPG
    2696             :                      users with two different keyrings at least pick
    2697             :                      the same primary. */
    2698           0 :                   if (cmp_user_ids (uid, uidnode->pkt->pkt.user_id) > 0)
    2699           0 :                     uidnode = k;
    2700             :                 }
    2701             :             }
    2702             :           else
    2703             :             {
    2704        2814 :               if (uid->created > uiddate2)
    2705             :                 {
    2706        2804 :                   uiddate2 = uid->created;
    2707        2804 :                   uidnode2 = k;
    2708             :                 }
    2709          10 :               else if (uid->created == uiddate2 && uidnode2)
    2710             :                 {
    2711           2 :                   if (cmp_user_ids (uid, uidnode2->pkt->pkt.user_id) > 0)
    2712           2 :                     uidnode2 = k;
    2713             :                 }
    2714             :             }
    2715             :         }
    2716             :     }
    2717        2193 :   if (uidnode)
    2718             :     {
    2719         762 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2720         492 :            k = k->next)
    2721             :         {
    2722         628 :           if (k->pkt->pkttype == PKT_USER_ID &&
    2723         136 :               !k->pkt->pkt.user_id->attrib_data)
    2724             :             {
    2725         136 :               PKT_user_id *uid = k->pkt->pkt.user_id;
    2726         136 :               if (k != uidnode)
    2727           1 :                 uid->is_primary = 0;
    2728             :             }
    2729             :         }
    2730             :     }
    2731        2058 :   else if (uidnode2)
    2732             :     {
    2733             :       /* None is flagged primary - use the latest user ID we have,
    2734             :          and disambiguate with the arbitrary packet comparison. */
    2735        2051 :       uidnode2->pkt->pkt.user_id->is_primary = 1;
    2736             :     }
    2737             :   else
    2738             :     {
    2739             :       /* None of our uids were self-signed, so pick the one that
    2740             :          sorts first to be the primary.  This is the best we can do
    2741             :          here since there are no self sigs to date the uids. */
    2742             : 
    2743           7 :       uidnode = NULL;
    2744             : 
    2745          33 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2746          19 :            k = k->next)
    2747             :         {
    2748          19 :           if (k->pkt->pkttype == PKT_USER_ID
    2749           9 :               && !k->pkt->pkt.user_id->attrib_data)
    2750             :             {
    2751           9 :               if (!uidnode)
    2752             :                 {
    2753           7 :                   uidnode = k;
    2754           7 :                   uidnode->pkt->pkt.user_id->is_primary = 1;
    2755           7 :                   continue;
    2756             :                 }
    2757             :               else
    2758             :                 {
    2759           2 :                   if (cmp_user_ids (k->pkt->pkt.user_id,
    2760           2 :                                     uidnode->pkt->pkt.user_id) > 0)
    2761             :                     {
    2762           0 :                       uidnode->pkt->pkt.user_id->is_primary = 0;
    2763           0 :                       uidnode = k;
    2764           0 :                       uidnode->pkt->pkt.user_id->is_primary = 1;
    2765             :                     }
    2766             :                   else
    2767           2 :                     k->pkt->pkt.user_id->is_primary = 0;       /* just to be
    2768             :                                                                    safe */
    2769             :                 }
    2770             :             }
    2771             :         }
    2772             :     }
    2773        2193 : }
    2774             : 
    2775             : /* Convert a buffer to a signature.  Useful for 0x19 embedded sigs.
    2776             :    Caller must free the signature when they are done. */
    2777             : static PKT_signature *
    2778         126 : buf_to_sig (const byte * buf, size_t len)
    2779             : {
    2780         126 :   PKT_signature *sig = xmalloc_clear (sizeof (PKT_signature));
    2781         126 :   IOBUF iobuf = iobuf_temp_with_content (buf, len);
    2782         126 :   int save_mode = set_packet_list_mode (0);
    2783             : 
    2784         126 :   if (parse_signature (iobuf, PKT_SIGNATURE, len, sig) != 0)
    2785             :     {
    2786           0 :       xfree (sig);
    2787           0 :       sig = NULL;
    2788             :     }
    2789             : 
    2790         126 :   set_packet_list_mode (save_mode);
    2791         126 :   iobuf_close (iobuf);
    2792             : 
    2793         126 :   return sig;
    2794             : }
    2795             : 
    2796             : /* Use the self-signed data to fill in various fields in subkeys.
    2797             : 
    2798             :    KEYBLOCK is the whole keyblock.  SUBNODE is the subkey to fill in.
    2799             : 
    2800             :    Sets the following fields on the subkey:
    2801             : 
    2802             :      main_keyid
    2803             :      flags.valid        if the subkey has a valid self-sig binding
    2804             :      flags.revoked
    2805             :      flags.backsig
    2806             :      pubkey_usage
    2807             :      has_expired
    2808             :      expired_date
    2809             : 
    2810             :    On this subkey's most revent valid self-signed packet, the
    2811             :    following field is set:
    2812             : 
    2813             :      flags.chosen_selfsig
    2814             :   */
    2815             : static void
    2816        2331 : merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
    2817             : {
    2818        2331 :   PKT_public_key *mainpk = NULL, *subpk = NULL;
    2819             :   PKT_signature *sig;
    2820             :   KBNODE k;
    2821             :   u32 mainkid[2];
    2822        2331 :   u32 sigdate = 0;
    2823             :   KBNODE signode;
    2824        2331 :   u32 curtime = make_timestamp ();
    2825        2331 :   unsigned int key_usage = 0;
    2826        2331 :   u32 keytimestamp = 0;
    2827        2331 :   u32 key_expire = 0;
    2828             :   const byte *p;
    2829             : 
    2830        2331 :   if (subnode->pkt->pkttype != PKT_PUBLIC_SUBKEY)
    2831           0 :     BUG ();
    2832        2331 :   mainpk = keyblock->pkt->pkt.public_key;
    2833        2331 :   if (mainpk->version < 4)
    2834           1 :     return;/* (actually this should never happen) */
    2835        2331 :   keyid_from_pk (mainpk, mainkid);
    2836        2331 :   subpk = subnode->pkt->pkt.public_key;
    2837        2331 :   keytimestamp = subpk->timestamp;
    2838             : 
    2839        2331 :   subpk->flags.valid = 0;
    2840        2331 :   subpk->flags.exact = 0;
    2841        2331 :   subpk->main_keyid[0] = mainpk->main_keyid[0];
    2842        2331 :   subpk->main_keyid[1] = mainpk->main_keyid[1];
    2843             : 
    2844             :   /* Find the latest key binding self-signature.  */
    2845        2331 :   signode = NULL;
    2846        2331 :   sigdate = 0; /* Helper to find the latest signature.  */
    2847        6993 :   for (k = subnode->next; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2848        2331 :        k = k->next)
    2849             :     {
    2850        2331 :       if (k->pkt->pkttype == PKT_SIGNATURE)
    2851             :         {
    2852        2331 :           sig = k->pkt->pkt.signature;
    2853        2331 :           if (sig->keyid[0] == mainkid[0] && sig->keyid[1] == mainkid[1])
    2854             :             {
    2855        2330 :               if (check_key_signature (keyblock, k, NULL))
    2856             :                 ; /* Signature did not verify.  */
    2857        2330 :               else if (IS_SUBKEY_REV (sig))
    2858             :                 {
    2859             :                   /* Note that this means that the date on a
    2860             :                      revocation sig does not matter - even if the
    2861             :                      binding sig is dated after the revocation sig,
    2862             :                      the subkey is still marked as revoked.  This
    2863             :                      seems ok, as it is just as easy to make new
    2864             :                      subkeys rather than re-sign old ones as the
    2865             :                      problem is in the distribution.  Plus, PGP (7)
    2866             :                      does this the same way.  */
    2867           0 :                   subpk->flags.revoked = 1;
    2868           0 :                   sig_to_revoke_info (sig, &subpk->revoked);
    2869             :                   /* Although we could stop now, we continue to
    2870             :                    * figure out other information like the old expiration
    2871             :                    * time.  */
    2872             :                 }
    2873        2330 :               else if (IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate)
    2874             :                 {
    2875        2330 :                   if (sig->flags.expired)
    2876             :                     ; /* Signature has expired - ignore it.  */
    2877             :                   else
    2878             :                     {
    2879        2330 :                       sigdate = sig->timestamp;
    2880        2330 :                       signode = k;
    2881        2330 :                       signode->pkt->pkt.signature->flags.chosen_selfsig = 0;
    2882             :                     }
    2883             :                 }
    2884             :             }
    2885             :         }
    2886             :     }
    2887             : 
    2888             :   /* No valid key binding.  */
    2889        2331 :   if (!signode)
    2890           1 :     return;
    2891             : 
    2892        2330 :   sig = signode->pkt->pkt.signature;
    2893        2330 :   sig->flags.chosen_selfsig = 1; /* So we know which selfsig we chose later.  */
    2894             : 
    2895        2330 :   key_usage = parse_key_usage (sig);
    2896        2330 :   if (!key_usage)
    2897             :     {
    2898             :       /* No key flags at all: get it from the algo.  */
    2899         936 :       key_usage = openpgp_pk_algo_usage (subpk->pubkey_algo);
    2900             :     }
    2901             :   else
    2902             :     {
    2903             :       /* Check that the usage matches the usage as given by the algo.  */
    2904        1394 :       int x = openpgp_pk_algo_usage (subpk->pubkey_algo);
    2905        1394 :       if (x) /* Mask it down to the actual allowed usage.  */
    2906        1394 :         key_usage &= x;
    2907             :     }
    2908             : 
    2909        2330 :   subpk->pubkey_usage = key_usage;
    2910             : 
    2911        2330 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
    2912        2330 :   if (p && buf32_to_u32 (p))
    2913         114 :     key_expire = keytimestamp + buf32_to_u32 (p);
    2914             :   else
    2915        2216 :     key_expire = 0;
    2916        2330 :   subpk->has_expired = key_expire >= curtime ? 0 : key_expire;
    2917        2330 :   subpk->expiredate = key_expire;
    2918             : 
    2919             :   /* Algo doesn't exist.  */
    2920        2330 :   if (openpgp_pk_test_algo (subpk->pubkey_algo))
    2921           0 :     return;
    2922             : 
    2923        2330 :   subpk->flags.valid = 1;
    2924             : 
    2925             :   /* Find the most recent 0x19 embedded signature on our self-sig. */
    2926        2330 :   if (!subpk->flags.backsig)
    2927             :     {
    2928        2330 :       int seq = 0;
    2929             :       size_t n;
    2930        2330 :       PKT_signature *backsig = NULL;
    2931             : 
    2932        2330 :       sigdate = 0;
    2933             : 
    2934             :       /* We do this while() since there may be other embedded
    2935             :          signatures in the future.  We only want 0x19 here. */
    2936             : 
    2937        4660 :       while ((p = enum_sig_subpkt (sig->hashed,
    2938             :                                    SIGSUBPKT_SIGNATURE, &n, &seq, NULL)))
    2939           0 :         if (n > 3
    2940           0 :             && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
    2941             :           {
    2942           0 :             PKT_signature *tempsig = buf_to_sig (p, n);
    2943           0 :             if (tempsig)
    2944             :               {
    2945           0 :                 if (tempsig->timestamp > sigdate)
    2946             :                   {
    2947           0 :                     if (backsig)
    2948           0 :                       free_seckey_enc (backsig);
    2949             : 
    2950           0 :                     backsig = tempsig;
    2951           0 :                     sigdate = backsig->timestamp;
    2952             :                   }
    2953             :                 else
    2954           0 :                   free_seckey_enc (tempsig);
    2955             :               }
    2956             :           }
    2957             : 
    2958        2330 :       seq = 0;
    2959             : 
    2960             :       /* It is safe to have this in the unhashed area since the 0x19
    2961             :          is located on the selfsig for convenience, not security. */
    2962             : 
    2963        4786 :       while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE,
    2964             :                                    &n, &seq, NULL)))
    2965         126 :         if (n > 3
    2966         126 :             && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
    2967             :           {
    2968         126 :             PKT_signature *tempsig = buf_to_sig (p, n);
    2969         126 :             if (tempsig)
    2970             :               {
    2971         126 :                 if (tempsig->timestamp > sigdate)
    2972             :                   {
    2973         126 :                     if (backsig)
    2974           0 :                       free_seckey_enc (backsig);
    2975             : 
    2976         126 :                     backsig = tempsig;
    2977         126 :                     sigdate = backsig->timestamp;
    2978             :                   }
    2979             :                 else
    2980           0 :                   free_seckey_enc (tempsig);
    2981             :               }
    2982             :           }
    2983             : 
    2984        2330 :       if (backsig)
    2985             :         {
    2986             :           /* At this point, backsig contains the most recent 0x19 sig.
    2987             :              Let's see if it is good. */
    2988             : 
    2989             :           /* 2==valid, 1==invalid, 0==didn't check */
    2990         126 :           if (check_backsig (mainpk, subpk, backsig) == 0)
    2991         126 :             subpk->flags.backsig = 2;
    2992             :           else
    2993           0 :             subpk->flags.backsig = 1;
    2994             : 
    2995         126 :           free_seckey_enc (backsig);
    2996             :         }
    2997             :     }
    2998             : }
    2999             : 
    3000             : 
    3001             : /* Merge information from the self-signatures with the public key,
    3002             :    subkeys and user ids to make using them more easy.
    3003             : 
    3004             :    See documentation for merge_selfsigs_main, merge_selfsigs_subkey
    3005             :    and fixup_uidnode for exactly which fields are updated.  */
    3006             : static void
    3007        2193 : merge_selfsigs (KBNODE keyblock)
    3008             : {
    3009             :   KBNODE k;
    3010             :   int revoked;
    3011             :   struct revoke_info rinfo;
    3012             :   PKT_public_key *main_pk;
    3013             :   prefitem_t *prefs;
    3014             :   unsigned int mdc_feature;
    3015             : 
    3016        2193 :   if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
    3017             :     {
    3018           0 :       if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
    3019             :         {
    3020           0 :           log_error ("expected public key but found secret key "
    3021             :                      "- must stop\n");
    3022             :           /* We better exit here because a public key is expected at
    3023             :              other places too.  FIXME: Figure this out earlier and
    3024             :              don't get to here at all */
    3025           0 :           g10_exit (1);
    3026             :         }
    3027           0 :       BUG ();
    3028             :     }
    3029             : 
    3030        2193 :   merge_selfsigs_main (keyblock, &revoked, &rinfo);
    3031             : 
    3032             :   /* Now merge in the data from each of the subkeys.  */
    3033       15125 :   for (k = keyblock; k; k = k->next)
    3034             :     {
    3035       12932 :       if (k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3036             :         {
    3037        2331 :           merge_selfsigs_subkey (keyblock, k);
    3038             :         }
    3039             :     }
    3040             : 
    3041        2193 :   main_pk = keyblock->pkt->pkt.public_key;
    3042        2193 :   if (revoked || main_pk->has_expired || !main_pk->flags.valid)
    3043             :     {
    3044             :       /* If the primary key is revoked, expired, or invalid we
    3045             :        * better set the appropriate flags on that key and all
    3046             :        * subkeys.  */
    3047          84 :       for (k = keyblock; k; k = k->next)
    3048             :         {
    3049          68 :           if (k->pkt->pkttype == PKT_PUBLIC_KEY
    3050          52 :               || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3051             :             {
    3052          23 :               PKT_public_key *pk = k->pkt->pkt.public_key;
    3053          23 :               if (!main_pk->flags.valid)
    3054           2 :                 pk->flags.valid = 0;
    3055          23 :               if (revoked && !pk->flags.revoked)
    3056             :                 {
    3057           0 :                   pk->flags.revoked = revoked;
    3058           0 :                   memcpy (&pk->revoked, &rinfo, sizeof (rinfo));
    3059             :                 }
    3060          23 :               if (main_pk->has_expired)
    3061          21 :                 pk->has_expired = main_pk->has_expired;
    3062             :             }
    3063             :         }
    3064        2209 :       return;
    3065             :     }
    3066             : 
    3067             :   /* Set the preference list of all keys to those of the primary real
    3068             :    * user ID.  Note: we use these preferences when we don't know by
    3069             :    * which user ID the key has been selected.
    3070             :    * fixme: we should keep atoms of commonly used preferences or
    3071             :    * use reference counting to optimize the preference lists storage.
    3072             :    * FIXME: it might be better to use the intersection of
    3073             :    * all preferences.
    3074             :    * Do a similar thing for the MDC feature flag.  */
    3075        2177 :   prefs = NULL;
    3076        2177 :   mdc_feature = 0;
    3077        5901 :   for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
    3078             :     {
    3079        5901 :       if (k->pkt->pkttype == PKT_USER_ID
    3080        2931 :           && !k->pkt->pkt.user_id->attrib_data
    3081        2931 :           && k->pkt->pkt.user_id->is_primary)
    3082             :         {
    3083        2177 :           prefs = k->pkt->pkt.user_id->prefs;
    3084        2177 :           mdc_feature = k->pkt->pkt.user_id->flags.mdc;
    3085        2177 :           break;
    3086             :         }
    3087             :     }
    3088       15041 :   for (k = keyblock; k; k = k->next)
    3089             :     {
    3090       12864 :       if (k->pkt->pkttype == PKT_PUBLIC_KEY
    3091       10687 :           || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3092             :         {
    3093        4501 :           PKT_public_key *pk = k->pkt->pkt.public_key;
    3094        4501 :           if (pk->prefs)
    3095          27 :             xfree (pk->prefs);
    3096        4501 :           pk->prefs = copy_prefs (prefs);
    3097        4501 :           pk->flags.mdc = mdc_feature;
    3098             :         }
    3099             :     }
    3100             : }
    3101             : 
    3102             : 
    3103             : 
    3104             : /* See whether the key satisfies any additional requirements specified
    3105             :  * in CTX.  If so, return the node of an appropriate key or subkey.
    3106             :  * Otherwise, return NULL if there was no appropriate key.
    3107             :  *
    3108             :  * In case the primary key is not required, select a suitable subkey.
    3109             :  * We need the primary key if PUBKEY_USAGE_CERT is set in REQ_USAGE or
    3110             :  * we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG is set in
    3111             :  * REQ_USAGE.
    3112             :  *
    3113             :  * If any of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT
    3114             :  * are set in REQ_USAGE, we filter by the key's function.  Concretely,
    3115             :  * if PUBKEY_USAGE_SIG and PUBKEY_USAGE_CERT are set, then we only
    3116             :  * return a key if it is (at least) either a signing or a
    3117             :  * certification key.
    3118             :  *
    3119             :  * If REQ_USAGE is set, then we reject any keys that are not good
    3120             :  * (i.e., valid, not revoked, not expired, etc.).  This allows the
    3121             :  * getkey functions to be used for plain key listings.
    3122             :  *
    3123             :  * Sets the matched key's user id field (pk->user_id) to the user id
    3124             :  * that matched the low-level search criteria or NULL.
    3125             :  *
    3126             :  * If R_FLAGS is not NULL set certain flags for more detailed error
    3127             :  * reporting.  Used flags are:
    3128             :  *
    3129             :  * - LOOKUP_ALL_SUBKEYS_EXPIRED :: All Subkeys are expired or have
    3130             :  *                                 been revoked.
    3131             :  * - LOOKUP_NOT_SELECTED :: No suitable key found
    3132             :  *
    3133             :  * This function needs to handle several different cases:
    3134             :  *
    3135             :  *  1. No requested usage and no primary key requested
    3136             :  *     Examples for this case are that we have a keyID to be used
    3137             :  *     for decrytion or verification.
    3138             :  *  2. No usage but primary key requested
    3139             :  *     This is the case for all functions which work on an
    3140             :  *     entire keyblock, e.g. for editing or listing
    3141             :  *  3. Usage and primary key requested
    3142             :  *     FIXME
    3143             :  *  4. Usage but no primary key requested
    3144             :  *     FIXME
    3145             :  *
    3146             :  */
    3147             : static kbnode_t
    3148        2138 : finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
    3149             :                unsigned int *r_flags)
    3150             : {
    3151             :   kbnode_t k;
    3152             : 
    3153             :   /* If WANT_EXACT is set, the key or subkey that actually matched the
    3154             :      low-level search criteria.  */
    3155        2138 :   kbnode_t foundk = NULL;
    3156             :   /* The user id (if any) that matched the low-level search criteria.  */
    3157        2138 :   PKT_user_id *foundu = NULL;
    3158             : 
    3159             :   u32 latest_date;
    3160             :   kbnode_t latest_key;
    3161             :   PKT_public_key *pk;
    3162             :   int req_prim;
    3163        2138 :   u32 curtime = make_timestamp ();
    3164             : 
    3165        2138 :   if (r_flags)
    3166        2138 :     *r_flags = 0;
    3167             : 
    3168             : #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
    3169        2138 :   req_usage &= USAGE_MASK;
    3170             : 
    3171             :   /* Request the primary if we're certifying another key, and also if
    3172             :    * signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 do
    3173             :    * not understand signatures made by a signing subkey.  PGP 8 does. */
    3174        4276 :   req_prim = ((req_usage & PUBKEY_USAGE_CERT)
    3175        2138 :               || ((PGP6 || PGP7) && (req_usage & PUBKEY_USAGE_SIG)));
    3176             : 
    3177             : 
    3178        2138 :   log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
    3179             : 
    3180             :   /* For an exact match mark the primary or subkey that matched the
    3181             :      low-level search criteria.  */
    3182        2138 :   if (want_exact)
    3183             :     {
    3184        2728 :       for (k = keyblock; k; k = k->next)
    3185             :         {
    3186        2728 :           if ((k->flag & 1))
    3187             :             {
    3188        1003 :               log_assert (k->pkt->pkttype == PKT_PUBLIC_KEY
    3189             :                           || k->pkt->pkttype == PKT_PUBLIC_SUBKEY);
    3190        1003 :               foundk = k;
    3191        1003 :               pk = k->pkt->pkt.public_key;
    3192        1003 :               pk->flags.exact = 1;
    3193        1003 :               break;
    3194             :             }
    3195             :         }
    3196             :     }
    3197             : 
    3198             :   /* Get the user id that matched that low-level search criteria.  */
    3199       14176 :   for (k = keyblock; k; k = k->next)
    3200             :     {
    3201       12176 :       if ((k->flag & 2))
    3202             :         {
    3203         138 :           log_assert (k->pkt->pkttype == PKT_USER_ID);
    3204         138 :           foundu = k->pkt->pkt.user_id;
    3205         138 :           break;
    3206             :         }
    3207             :     }
    3208             : 
    3209        2138 :   if (DBG_LOOKUP)
    3210           0 :     log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
    3211           0 :                (ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
    3212             :                foundk ? "one" : "all", req_usage);
    3213             : 
    3214        2138 :   if (!req_usage)
    3215             :     {
    3216        1752 :       latest_key = foundk ? foundk : keyblock;
    3217        1752 :       goto found;
    3218             :     }
    3219             : 
    3220         386 :   latest_date = 0;
    3221         386 :   latest_key = NULL;
    3222             :   /* Set LATEST_KEY to the latest (the one with the most recent
    3223             :    * timestamp) good (valid, not revoked, not expired, etc.) subkey.
    3224             :    *
    3225             :    * Don't bother if we are only looking for a primary key or we need
    3226             :    * an exact match and the exact match is not a subkey.  */
    3227         386 :   if (req_prim || (foundk && foundk->pkt->pkttype != PKT_PUBLIC_SUBKEY))
    3228             :     ;
    3229             :   else
    3230             :     {
    3231             :       kbnode_t nextk;
    3232         385 :       int n_subkeys = 0;
    3233         385 :       int n_revoked_or_expired = 0;
    3234             : 
    3235             :       /* Either start a loop or check just this one subkey.  */
    3236        2726 :       for (k = foundk ? foundk : keyblock; k; k = nextk)
    3237             :         {
    3238        2341 :           if (foundk)
    3239             :             {
    3240             :               /* If FOUNDK is not NULL, then only consider that exact
    3241             :                  key, i.e., don't iterate.  */
    3242           2 :               nextk = NULL;
    3243             :             }
    3244             :           else
    3245        2339 :             nextk = k->next;
    3246             : 
    3247        2341 :           if (k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
    3248        1914 :             continue;
    3249             : 
    3250         427 :           pk = k->pkt->pkt.public_key;
    3251         427 :           if (DBG_LOOKUP)
    3252           0 :             log_debug ("\tchecking subkey %08lX\n",
    3253           0 :                        (ulong) keyid_from_pk (pk, NULL));
    3254             : 
    3255         427 :           if (!pk->flags.valid)
    3256             :             {
    3257           0 :               if (DBG_LOOKUP)
    3258           0 :                 log_debug ("\tsubkey not valid\n");
    3259           0 :               continue;
    3260             :             }
    3261         427 :           if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
    3262             :             {
    3263         145 :               if (DBG_LOOKUP)
    3264           0 :                 log_debug ("\tusage does not match: want=%x have=%x\n",
    3265           0 :                            req_usage, pk->pubkey_usage);
    3266         145 :               continue;
    3267             :             }
    3268             : 
    3269         282 :           n_subkeys++;
    3270         282 :           if (pk->flags.revoked)
    3271             :             {
    3272           0 :               if (DBG_LOOKUP)
    3273           0 :                 log_debug ("\tsubkey has been revoked\n");
    3274           0 :               n_revoked_or_expired++;
    3275           0 :               continue;
    3276             :             }
    3277         282 :           if (pk->has_expired)
    3278             :             {
    3279           0 :               if (DBG_LOOKUP)
    3280           0 :                 log_debug ("\tsubkey has expired\n");
    3281           0 :               n_revoked_or_expired++;
    3282           0 :               continue;
    3283             :             }
    3284         282 :           if (pk->timestamp > curtime && !opt.ignore_valid_from)
    3285             :             {
    3286           0 :               if (DBG_LOOKUP)
    3287           0 :                 log_debug ("\tsubkey not yet valid\n");
    3288           0 :               continue;
    3289             :             }
    3290             : 
    3291         282 :           if (DBG_LOOKUP)
    3292           0 :             log_debug ("\tsubkey might be fine\n");
    3293             :           /* In case a key has a timestamp of 0 set, we make sure
    3294             :              that it is used.  A better change would be to compare
    3295             :              ">=" but that might also change the selected keys and
    3296             :              is as such a more intrusive change.  */
    3297         282 :           if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
    3298             :             {
    3299         282 :               latest_date = pk->timestamp;
    3300         282 :               latest_key = k;
    3301             :             }
    3302             :         }
    3303         385 :       if (n_subkeys == n_revoked_or_expired && r_flags)
    3304         118 :         *r_flags |= LOOKUP_ALL_SUBKEYS_EXPIRED;
    3305             :     }
    3306             : 
    3307             :   /* Check if the primary key is ok (valid, not revoke, not expire,
    3308             :    * matches requested usage) if:
    3309             :    *
    3310             :    *   - we didn't find an appropriate subkey and we're not doing an
    3311             :    *     exact search,
    3312             :    *
    3313             :    *   - we're doing an exact match and the exact match was the
    3314             :    *     primary key, or,
    3315             :    *
    3316             :    *   - we're just considering the primary key.  */
    3317         386 :   if ((!latest_key && !want_exact) || foundk == keyblock || req_prim)
    3318             :     {
    3319         119 :       if (DBG_LOOKUP && !foundk && !req_prim)
    3320           0 :         log_debug ("\tno suitable subkeys found - trying primary\n");
    3321         119 :       pk = keyblock->pkt->pkt.public_key;
    3322         119 :       if (!pk->flags.valid)
    3323             :         {
    3324           0 :           if (DBG_LOOKUP)
    3325           0 :             log_debug ("\tprimary key not valid\n");
    3326             :         }
    3327         119 :       else if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
    3328             :         {
    3329           0 :           if (DBG_LOOKUP)
    3330           0 :             log_debug ("\tprimary key usage does not match: "
    3331           0 :                        "want=%x have=%x\n", req_usage, pk->pubkey_usage);
    3332             :         }
    3333         119 :       else if (pk->flags.revoked)
    3334             :         {
    3335           0 :           if (DBG_LOOKUP)
    3336           0 :             log_debug ("\tprimary key has been revoked\n");
    3337             :         }
    3338         119 :       else if (pk->has_expired)
    3339             :         {
    3340           0 :           if (DBG_LOOKUP)
    3341           0 :             log_debug ("\tprimary key has expired\n");
    3342             :         }
    3343             :       else /* Okay.  */
    3344             :         {
    3345         119 :           if (DBG_LOOKUP)
    3346           0 :             log_debug ("\tprimary key may be used\n");
    3347         119 :           latest_key = keyblock;
    3348             :         }
    3349             :     }
    3350             : 
    3351         386 :   if (!latest_key)
    3352             :     {
    3353           0 :       if (DBG_LOOKUP)
    3354           0 :         log_debug ("\tno suitable key found -  giving up\n");
    3355           0 :       if (r_flags)
    3356           0 :         *r_flags |= LOOKUP_NOT_SELECTED;
    3357           0 :       return NULL; /* Not found.  */
    3358             :     }
    3359             : 
    3360             :  found:
    3361        2138 :   if (DBG_LOOKUP)
    3362           0 :     log_debug ("\tusing key %08lX\n",
    3363           0 :                (ulong) keyid_from_pk (latest_key->pkt->pkt.public_key, NULL));
    3364             : 
    3365        2138 :   if (latest_key)
    3366             :     {
    3367        2138 :       pk = latest_key->pkt->pkt.public_key;
    3368        2138 :       if (pk->user_id)
    3369           0 :         free_user_id (pk->user_id);
    3370        2138 :       pk->user_id = scopy_user_id (foundu);
    3371             :     }
    3372             : 
    3373        2138 :   if (latest_key != keyblock && opt.verbose)
    3374             :     {
    3375           6 :       char *tempkeystr =
    3376           6 :         xstrdup (keystr_from_pk (latest_key->pkt->pkt.public_key));
    3377           6 :       log_info (_("using subkey %s instead of primary key %s\n"),
    3378           6 :                 tempkeystr, keystr_from_pk (keyblock->pkt->pkt.public_key));
    3379           6 :       xfree (tempkeystr);
    3380             :     }
    3381             : 
    3382        2138 :   cache_user_id (keyblock);
    3383             : 
    3384        2138 :   return latest_key ? latest_key : keyblock; /* Found.  */
    3385             : }
    3386             : 
    3387             : 
    3388             : /* Print a KEY_CONSIDERED status line.  */
    3389             : static void
    3390        2138 : print_status_key_considered (kbnode_t keyblock, unsigned int flags)
    3391             : {
    3392             :   char hexfpr[2*MAX_FINGERPRINT_LEN + 1];
    3393             :   kbnode_t node;
    3394             :   char flagbuf[20];
    3395             : 
    3396        2138 :   if (!is_status_enabled ())
    3397        4220 :     return;
    3398             : 
    3399          28 :   for (node=keyblock; node; node = node->next)
    3400          28 :     if (node->pkt->pkttype == PKT_PUBLIC_KEY
    3401           0 :         || node->pkt->pkttype == PKT_SECRET_KEY)
    3402             :       break;
    3403          28 :   if (!node)
    3404             :     {
    3405           0 :       log_error ("%s: keyblock w/o primary key\n", __func__);
    3406           0 :       return;
    3407             :     }
    3408             : 
    3409          28 :   hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr);
    3410          28 :   snprintf (flagbuf, sizeof flagbuf, " %u", flags);
    3411          28 :   write_status_strings (STATUS_KEY_CONSIDERED, hexfpr, flagbuf, NULL);
    3412             : }
    3413             : 
    3414             : 
    3415             : 
    3416             : /* A high-level function to lookup keys.
    3417             : 
    3418             :    This function builds on top of the low-level keydb API.  It first
    3419             :    searches the database using the description stored in CTX->ITEMS,
    3420             :    then it filters the results using CTX and, finally, if WANT_SECRET
    3421             :    is set, it ignores any keys for which no secret key is available.
    3422             : 
    3423             :    Unlike the low-level search functions, this function also merges
    3424             :    all of the self-signed data into the keys, subkeys and user id
    3425             :    packets (see the merge_selfsigs for details).
    3426             : 
    3427             :    On success the key's keyblock is stored at *RET_KEYBLOCK.  */
    3428             : static int
    3429        2197 : lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
    3430             :         int want_secret)
    3431             : {
    3432             :   int rc;
    3433        2197 :   int no_suitable_key = 0;
    3434        2197 :   KBNODE keyblock = NULL;
    3435        2197 :   KBNODE found_key = NULL;
    3436             :   unsigned int infoflags;
    3437             : 
    3438        2197 :   if (ret_keyblock)
    3439        2197 :     *ret_keyblock = NULL;
    3440             : 
    3441             :   for (;;)
    3442             :     {
    3443        2197 :       rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL);
    3444        2197 :       if (rc)
    3445          65 :         break;
    3446             : 
    3447             :       /* If we are iterating over the entire database, then we need to
    3448             :          change from KEYDB_SEARCH_MODE_FIRST, which does an implicit
    3449             :          reset, to KEYDB_SEARCH_MODE_NEXT, which gets the next
    3450             :          record.  */
    3451        2132 :       if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
    3452          85 :         ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
    3453             : 
    3454        2132 :       rc = keydb_get_keyblock (ctx->kr_handle, &keyblock);
    3455        2132 :       if (rc)
    3456             :         {
    3457           0 :           log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
    3458           0 :           goto skip;
    3459             :         }
    3460             : 
    3461        2132 :       if (want_secret && agent_probe_any_secret_key (NULL, keyblock))
    3462           0 :         goto skip; /* No secret key available.  */
    3463             : 
    3464             :       /* Warning: node flag bits 0 and 1 should be preserved by
    3465             :        * merge_selfsigs.  */
    3466        2132 :       merge_selfsigs (keyblock);
    3467        2132 :       found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact,
    3468             :                                  &infoflags);
    3469        2132 :       print_status_key_considered (keyblock, infoflags);
    3470        2132 :       if (found_key)
    3471             :         {
    3472        2132 :           no_suitable_key = 0;
    3473        2132 :           goto found;
    3474             :         }
    3475             :       else
    3476             :         {
    3477           0 :           no_suitable_key = 1;
    3478             :         }
    3479             : 
    3480             :     skip:
    3481             :       /* Release resources and continue search. */
    3482           0 :       release_kbnode (keyblock);
    3483           0 :       keyblock = NULL;
    3484             :       /* The keyblock cache ignores the current "file position".
    3485             :          Thus, if we request the next result and the cache matches
    3486             :          (and it will since it is what we just looked for), we'll get
    3487             :          the same entry back!  We can avoid this infinite loop by
    3488             :          disabling the cache.  */
    3489           0 :       keydb_disable_caching (ctx->kr_handle);
    3490           0 :     }
    3491             : 
    3492             :  found:
    3493        2197 :   if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
    3494           0 :     log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
    3495             : 
    3496        2197 :   if (!rc)
    3497             :     {
    3498        2132 :       if (ret_keyblock)
    3499        2132 :         *ret_keyblock = keyblock; /* Return the keyblock.  */
    3500        2132 :       keyblock = NULL;
    3501             :     }
    3502          65 :   else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && no_suitable_key)
    3503           0 :     rc = want_secret? GPG_ERR_UNUSABLE_SECKEY : GPG_ERR_UNUSABLE_PUBKEY;
    3504          65 :   else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
    3505          65 :     rc = want_secret? GPG_ERR_NO_SECKEY : GPG_ERR_NO_PUBKEY;
    3506             : 
    3507        2197 :   release_kbnode (keyblock);
    3508             : 
    3509        2197 :   if (ret_found_key)
    3510             :     {
    3511        1504 :       if (! rc)
    3512        1439 :         *ret_found_key = found_key;
    3513             :       else
    3514          65 :         *ret_found_key = NULL;
    3515             :     }
    3516             : 
    3517        2197 :   return rc;
    3518             : }
    3519             : 
    3520             : 
    3521             : /* Enumerate some secret keys (specifically, those specified with
    3522             :  * --default-key and --try-secret-key).  Use the following procedure:
    3523             :  *
    3524             :  *  1) Initialize a void pointer to NULL
    3525             :  *  2) Pass a reference to this pointer to this function (content)
    3526             :  *     and provide space for the secret key (sk)
    3527             :  *  3) Call this function as long as it does not return an error (or
    3528             :  *     until you are done).  The error code GPG_ERR_EOF indicates the
    3529             :  *     end of the listing.
    3530             :  *  4) Call this function a last time with SK set to NULL,
    3531             :  *     so that can free it's context.
    3532             :  *
    3533             :  * In pseudo-code:
    3534             :  *
    3535             :  *   void *ctx = NULL;
    3536             :  *   PKT_public_key *sk = xmalloc_clear (sizeof (*sk));
    3537             :  *
    3538             :  *   while ((err = enum_secret_keys (&ctx, sk)))
    3539             :  *     { // Process SK.
    3540             :  *       if (done)
    3541             :  *         break;
    3542             :  *       free_public_key (sk);
    3543             :  *       sk = xmalloc_clear (sizeof (*sk));
    3544             :  *     }
    3545             :  *
    3546             :  *   // Release any resources used by CTX.
    3547             :  *   enum_secret_keys (&ctx, NULL);
    3548             :  *   free_public_key (sk);
    3549             :  *
    3550             :  *   if (gpg_err_code (err) != GPG_ERR_EOF)
    3551             :  *     ; // An error occurred.
    3552             :  */
    3553             : gpg_error_t
    3554           0 : enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
    3555             : {
    3556           0 :   gpg_error_t err = 0;
    3557             :   const char *name;
    3558             :   kbnode_t keyblock;
    3559             :   struct
    3560             :   {
    3561             :     int eof;
    3562             :     int state;
    3563             :     strlist_t sl;
    3564             :     kbnode_t keyblock;
    3565             :     kbnode_t node;
    3566             :     getkey_ctx_t ctx;
    3567           0 :   } *c = *context;
    3568             : 
    3569           0 :   if (!c)
    3570             :     {
    3571             :       /* Make a new context.  */
    3572           0 :       c = xtrycalloc (1, sizeof *c);
    3573           0 :       if (!c)
    3574           0 :         return gpg_error_from_syserror ();
    3575           0 :       *context = c;
    3576             :     }
    3577             : 
    3578           0 :   if (!sk)
    3579             :     {
    3580             :       /* Free the context.  */
    3581           0 :       release_kbnode (c->keyblock);
    3582           0 :       getkey_end (c->ctx);
    3583           0 :       xfree (c);
    3584           0 :       *context = NULL;
    3585           0 :       return 0;
    3586             :     }
    3587             : 
    3588           0 :   if (c->eof)
    3589           0 :     return gpg_error (GPG_ERR_EOF);
    3590             : 
    3591             :   for (;;)
    3592             :     {
    3593             :       /* Loop until we have a keyblock.  */
    3594           0 :       while (!c->keyblock)
    3595             :         {
    3596             :           /* Loop over the list of secret keys.  */
    3597             :           do
    3598             :             {
    3599           0 :               name = NULL;
    3600           0 :               keyblock = NULL;
    3601           0 :               switch (c->state)
    3602             :                 {
    3603             :                 case 0: /* First try to use the --default-key.  */
    3604           0 :                   name = parse_def_secret_key (ctrl);
    3605           0 :                   c->state = 1;
    3606           0 :                   break;
    3607             : 
    3608             :                 case 1: /* Init list of keys to try.  */
    3609           0 :                   c->sl = opt.secret_keys_to_try;
    3610           0 :                   c->state++;
    3611           0 :                   break;
    3612             : 
    3613             :                 case 2: /* Get next item from list.  */
    3614           0 :                   if (c->sl)
    3615             :                     {
    3616           0 :                       name = c->sl->d;
    3617           0 :                       c->sl = c->sl->next;
    3618             :                     }
    3619             :                   else
    3620           0 :                     c->state++;
    3621           0 :                   break;
    3622             : 
    3623             :                 case 3: /* Init search context to enum all secret keys.  */
    3624           0 :                   err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock);
    3625           0 :                   if (err)
    3626             :                     {
    3627           0 :                       release_kbnode (keyblock);
    3628           0 :                       keyblock = NULL;
    3629           0 :                       getkey_end (c->ctx);
    3630           0 :                       c->ctx = NULL;
    3631             :                     }
    3632           0 :                   c->state++;
    3633           0 :                   break;
    3634             : 
    3635             :                 case 4: /* Get next item from the context.  */
    3636           0 :                   if (c->ctx)
    3637             :                     {
    3638           0 :                       err = getkey_next (c->ctx, NULL, &keyblock);
    3639           0 :                       if (err)
    3640             :                         {
    3641           0 :                           release_kbnode (keyblock);
    3642           0 :                           keyblock = NULL;
    3643           0 :                           getkey_end (c->ctx);
    3644           0 :                           c->ctx = NULL;
    3645             :                         }
    3646             :                     }
    3647             :                   else
    3648           0 :                     c->state++;
    3649           0 :                   break;
    3650             : 
    3651             :                 default: /* No more names to check - stop.  */
    3652           0 :                   c->eof = 1;
    3653           0 :                   return gpg_error (GPG_ERR_EOF);
    3654             :                 }
    3655             :             }
    3656           0 :           while ((!name || !*name) && !keyblock);
    3657             : 
    3658           0 :           if (keyblock)
    3659           0 :             c->node = c->keyblock = keyblock;
    3660             :           else
    3661             :             {
    3662           0 :               err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
    3663           0 :               if (err)
    3664             :                 {
    3665             :                   /* getkey_byname might return a keyblock even in the
    3666             :                      error case - I have not checked.  Thus better release
    3667             :                      it.  */
    3668           0 :                   release_kbnode (c->keyblock);
    3669           0 :                   c->keyblock = NULL;
    3670             :                 }
    3671             :               else
    3672           0 :                 c->node = c->keyblock;
    3673             :             }
    3674             :         }
    3675             : 
    3676             :       /* Get the next key from the current keyblock.  */
    3677           0 :       for (; c->node; c->node = c->node->next)
    3678             :         {
    3679           0 :           if (c->node->pkt->pkttype == PKT_PUBLIC_KEY
    3680           0 :               || c->node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3681             :             {
    3682           0 :               copy_public_key (sk, c->node->pkt->pkt.public_key);
    3683           0 :               c->node = c->node->next;
    3684           0 :               return 0; /* Found.  */
    3685             :             }
    3686             :         }
    3687             : 
    3688             :       /* Dispose the keyblock and continue.  */
    3689           0 :       release_kbnode (c->keyblock);
    3690           0 :       c->keyblock = NULL;
    3691           0 :     }
    3692             : }
    3693             : 
    3694             : 
    3695             : /*********************************************
    3696             :  ***********  User ID printing helpers *******
    3697             :  *********************************************/
    3698             : 
    3699             : /* Return a string with a printable representation of the user_id.
    3700             :  * this string must be freed by xfree.   */
    3701             : static char *
    3702         704 : get_user_id_string (u32 * keyid, int mode, size_t *r_len)
    3703             : {
    3704             :   user_id_db_t r;
    3705             :   keyid_list_t a;
    3706         704 :   int pass = 0;
    3707             :   char *p;
    3708             : 
    3709             :   /* Try it two times; second pass reads from the database.  */
    3710             :   do
    3711             :     {
    3712         736 :       for (r = user_id_db; r; r = r->next)
    3713             :         {
    3714        1259 :           for (a = r->keyids; a; a = a->next)
    3715             :             {
    3716        1232 :               if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
    3717             :                 {
    3718         701 :                   if (mode == 2)
    3719             :                     {
    3720             :                       /* An empty string as user id is possible.  Make
    3721             :                          sure that the malloc allocates one byte and
    3722             :                          does not bail out.  */
    3723         694 :                       p = xmalloc (r->len? r->len : 1);
    3724         694 :                       memcpy (p, r->name, r->len);
    3725         694 :                       if (r_len)
    3726         694 :                         *r_len = r->len;
    3727             :                     }
    3728             :                   else
    3729             :                     {
    3730           7 :                       if (mode)
    3731           3 :                         p = xasprintf ("%08lX%08lX %.*s",
    3732           2 :                                        (ulong) keyid[0], (ulong) keyid[1],
    3733           1 :                                        r->len, r->name);
    3734             :                       else
    3735           6 :                         p = xasprintf ("%s %.*s", keystr (keyid),
    3736           6 :                                        r->len, r->name);
    3737           7 :                       if (r_len)
    3738           0 :                         *r_len = strlen (p);
    3739             :                     }
    3740             : 
    3741         701 :                   return p;
    3742             :                 }
    3743             :             }
    3744             :         }
    3745             :     }
    3746           8 :   while (++pass < 2 && !get_pubkey (NULL, keyid));
    3747             : 
    3748           3 :   if (mode == 2)
    3749           3 :     p = xstrdup (user_id_not_found_utf8 ());
    3750           0 :   else if (mode)
    3751           0 :     p = xasprintf ("%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]);
    3752             :   else
    3753           0 :     p = xasprintf ("%s [?]", keystr (keyid));
    3754             : 
    3755           3 :   if (r_len)
    3756           3 :     *r_len = strlen (p);
    3757           3 :   return p;
    3758             : }
    3759             : 
    3760             : 
    3761             : char *
    3762           6 : get_user_id_string_native (u32 * keyid)
    3763             : {
    3764           6 :   char *p = get_user_id_string (keyid, 0, NULL);
    3765           6 :   char *p2 = utf8_to_native (p, strlen (p), 0);
    3766           6 :   xfree (p);
    3767           6 :   return p2;
    3768             : }
    3769             : 
    3770             : 
    3771             : char *
    3772           1 : get_long_user_id_string (u32 * keyid)
    3773             : {
    3774           1 :   return get_user_id_string (keyid, 1, NULL);
    3775             : }
    3776             : 
    3777             : 
    3778             : /* Please try to use get_user_byfpr instead of this one.  */
    3779             : char *
    3780         697 : get_user_id (u32 * keyid, size_t * rn)
    3781             : {
    3782         697 :   return get_user_id_string (keyid, 2, rn);
    3783             : }
    3784             : 
    3785             : 
    3786             : /* Please try to use get_user_id_byfpr_native instead of this one.  */
    3787             : char *
    3788         264 : get_user_id_native (u32 * keyid)
    3789             : {
    3790             :   size_t rn;
    3791         264 :   char *p = get_user_id (keyid, &rn);
    3792         264 :   char *p2 = utf8_to_native (p, rn, 0);
    3793         264 :   xfree (p);
    3794         264 :   return p2;
    3795             : }
    3796             : 
    3797             : 
    3798             : /* Return the user id for a key designated by its fingerprint, FPR,
    3799             :    which must be MAX_FINGERPRINT_LEN bytes in size.  Note: the
    3800             :    returned string, which must be freed using xfree, may not be NUL
    3801             :    terminated.  To determine the length of the string, you must use
    3802             :    *RN.  */
    3803             : char *
    3804          93 : get_user_id_byfpr (const byte *fpr, size_t *rn)
    3805             : {
    3806             :   user_id_db_t r;
    3807             :   char *p;
    3808          93 :   int pass = 0;
    3809             : 
    3810             :   /* Try it two times; second pass reads from the database.  */
    3811             :   do
    3812             :     {
    3813        1428 :       for (r = user_id_db; r; r = r->next)
    3814             :         {
    3815             :           keyid_list_t a;
    3816        3908 :           for (a = r->keyids; a; a = a->next)
    3817             :             {
    3818        2640 :               if (!memcmp (a->fpr, fpr, MAX_FINGERPRINT_LEN))
    3819             :                 {
    3820             :                   /* An empty string as user id is possible.  Make
    3821             :                      sure that the malloc allocates one byte and does
    3822             :                      not bail out.  */
    3823          93 :                   p = xmalloc (r->len? r->len : 1);
    3824          93 :                   memcpy (p, r->name, r->len);
    3825          93 :                   *rn = r->len;
    3826          93 :                   return p;
    3827             :                 }
    3828             :             }
    3829             :         }
    3830             :     }
    3831             :   while (++pass < 2
    3832          67 :          && !get_pubkey_byfprint (NULL, NULL, fpr, MAX_FINGERPRINT_LEN));
    3833           0 :   p = xstrdup (user_id_not_found_utf8 ());
    3834           0 :   *rn = strlen (p);
    3835           0 :   return p;
    3836             : }
    3837             : 
    3838             : /* Like get_user_id_byfpr, but convert the string to the native
    3839             :    encoding.  The returned string needs to be freed.  Unlike
    3840             :    get_user_id_byfpr, the returned string is NUL terminated.  */
    3841             : char *
    3842          93 : get_user_id_byfpr_native (const byte *fpr)
    3843             : {
    3844             :   size_t rn;
    3845          93 :   char *p = get_user_id_byfpr (fpr, &rn);
    3846          93 :   char *p2 = utf8_to_native (p, rn, 0);
    3847          93 :   xfree (p);
    3848          93 :   return p2;
    3849             : }
    3850             : 
    3851             : 
    3852             : /* Return the database handle used by this context.  The context still
    3853             :    owns the handle.  */
    3854             : KEYDB_HANDLE
    3855           0 : get_ctx_handle (GETKEY_CTX ctx)
    3856             : {
    3857           0 :   return ctx->kr_handle;
    3858             : }
    3859             : 
    3860             : static void
    3861           0 : free_akl (struct akl *akl)
    3862             : {
    3863           0 :   if (! akl)
    3864           0 :     return;
    3865             : 
    3866           0 :   if (akl->spec)
    3867           0 :     free_keyserver_spec (akl->spec);
    3868             : 
    3869           0 :   xfree (akl);
    3870             : }
    3871             : 
    3872             : void
    3873           0 : release_akl (void)
    3874             : {
    3875           0 :   while (opt.auto_key_locate)
    3876             :     {
    3877           0 :       struct akl *akl2 = opt.auto_key_locate;
    3878           0 :       opt.auto_key_locate = opt.auto_key_locate->next;
    3879           0 :       free_akl (akl2);
    3880             :     }
    3881           0 : }
    3882             : 
    3883             : /* Returns false on error. */
    3884             : int
    3885           0 : parse_auto_key_locate (char *options)
    3886             : {
    3887             :   char *tok;
    3888             : 
    3889           0 :   while ((tok = optsep (&options)))
    3890             :     {
    3891           0 :       struct akl *akl, *check, *last = NULL;
    3892           0 :       int dupe = 0;
    3893             : 
    3894           0 :       if (tok[0] == '\0')
    3895           0 :         continue;
    3896             : 
    3897           0 :       akl = xmalloc_clear (sizeof (*akl));
    3898             : 
    3899           0 :       if (ascii_strcasecmp (tok, "clear") == 0)
    3900             :         {
    3901           0 :           xfree (akl);
    3902           0 :           free_akl (opt.auto_key_locate);
    3903           0 :           opt.auto_key_locate = NULL;
    3904           0 :           continue;
    3905             :         }
    3906           0 :       else if (ascii_strcasecmp (tok, "nodefault") == 0)
    3907           0 :         akl->type = AKL_NODEFAULT;
    3908           0 :       else if (ascii_strcasecmp (tok, "local") == 0)
    3909           0 :         akl->type = AKL_LOCAL;
    3910           0 :       else if (ascii_strcasecmp (tok, "ldap") == 0)
    3911           0 :         akl->type = AKL_LDAP;
    3912           0 :       else if (ascii_strcasecmp (tok, "keyserver") == 0)
    3913           0 :         akl->type = AKL_KEYSERVER;
    3914             : #ifdef USE_DNS_CERT
    3915           0 :       else if (ascii_strcasecmp (tok, "cert") == 0)
    3916           0 :         akl->type = AKL_CERT;
    3917             : #endif
    3918           0 :       else if (ascii_strcasecmp (tok, "pka") == 0)
    3919           0 :         akl->type = AKL_PKA;
    3920           0 :       else if (ascii_strcasecmp (tok, "dane") == 0)
    3921           0 :         akl->type = AKL_DANE;
    3922           0 :       else if (ascii_strcasecmp (tok, "wkd") == 0)
    3923           0 :         akl->type = AKL_WKD;
    3924           0 :       else if ((akl->spec = parse_keyserver_uri (tok, 1)))
    3925           0 :         akl->type = AKL_SPEC;
    3926             :       else
    3927             :         {
    3928           0 :           free_akl (akl);
    3929           0 :           return 0;
    3930             :         }
    3931             : 
    3932             :       /* We must maintain the order the user gave us */
    3933           0 :       for (check = opt.auto_key_locate; check;
    3934           0 :            last = check, check = check->next)
    3935             :         {
    3936             :           /* Check for duplicates */
    3937           0 :           if (check->type == akl->type
    3938           0 :               && (akl->type != AKL_SPEC
    3939           0 :                   || (akl->type == AKL_SPEC
    3940           0 :                       && strcmp (check->spec->uri, akl->spec->uri) == 0)))
    3941             :             {
    3942           0 :               dupe = 1;
    3943           0 :               free_akl (akl);
    3944           0 :               break;
    3945             :             }
    3946             :         }
    3947             : 
    3948           0 :       if (!dupe)
    3949             :         {
    3950           0 :           if (last)
    3951           0 :             last->next = akl;
    3952             :           else
    3953           0 :             opt.auto_key_locate = akl;
    3954             :         }
    3955             :     }
    3956             : 
    3957           0 :   return 1;
    3958             : }
    3959             : 
    3960             : 
    3961             : /* Returns true if a secret key is available for the public key with
    3962             :    key id KEYID; returns false if not.  This function ignores legacy
    3963             :    keys.  Note: this is just a fast check and does not tell us whether
    3964             :    the secret key is valid; this check merely indicates whether there
    3965             :    is some secret key with the specified key id.  */
    3966             : int
    3967         322 : have_secret_key_with_kid (u32 *keyid)
    3968             : {
    3969             :   gpg_error_t err;
    3970             :   KEYDB_HANDLE kdbhd;
    3971             :   KEYDB_SEARCH_DESC desc;
    3972             :   kbnode_t keyblock;
    3973             :   kbnode_t node;
    3974         322 :   int result = 0;
    3975             : 
    3976         322 :   kdbhd = keydb_new ();
    3977         322 :   if (!kdbhd)
    3978           0 :     return 0;
    3979         322 :   memset (&desc, 0, sizeof desc);
    3980         322 :   desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
    3981         322 :   desc.u.kid[0] = keyid[0];
    3982         322 :   desc.u.kid[1] = keyid[1];
    3983         967 :   while (!result)
    3984             :     {
    3985         377 :       err = keydb_search (kdbhd, &desc, 1, NULL);
    3986         377 :       if (err)
    3987          54 :         break;
    3988             : 
    3989         323 :       err = keydb_get_keyblock (kdbhd, &keyblock);
    3990         323 :       if (err)
    3991             :         {
    3992           0 :           log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
    3993           0 :           break;
    3994             :         }
    3995             : 
    3996        1109 :       for (node = keyblock; node; node = node->next)
    3997             :         {
    3998             :           /* Bit 0 of the flags is set if the search found the key
    3999             :              using that key or subkey.  Note: a search will only ever
    4000             :              match a single key or subkey.  */
    4001        1109 :           if ((node->flag & 1))
    4002             :             {
    4003         323 :               log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
    4004             :                           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
    4005             : 
    4006         323 :               if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
    4007         268 :                 result = 1; /* Secret key available.  */
    4008             :               else
    4009          55 :                 result = 0;
    4010             : 
    4011         323 :               break;
    4012             :             }
    4013             :         }
    4014         323 :       release_kbnode (keyblock);
    4015             :     }
    4016             : 
    4017         322 :   keydb_release (kdbhd);
    4018         322 :   return result;
    4019             : }

Generated by: LCOV version 1.11