LCOV - code coverage report
Current view: top level - g10 - getkey.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 1024 1625 63.0 %
Date: 2016-11-29 15:00:56 Functions: 46 56 82.1 %

          Line data    Source code
       1             : /* getkey.c -  Get a key from the database
       2             :  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
       3             :  *               2007, 2008, 2010  Free Software Foundation, Inc.
       4             :  * Copyright (C) 2015, 2016 g10 Code GmbH
       5             :  *
       6             :  * This file is part of GnuPG.
       7             :  *
       8             :  * GnuPG is free software; you can redistribute it and/or modify
       9             :  * it under the terms of the GNU General Public License as published by
      10             :  * the Free Software Foundation; either version 3 of the License, or
      11             :  * (at your option) any later version.
      12             :  *
      13             :  * GnuPG is distributed in the hope that it will be useful,
      14             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :  * GNU General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU General Public License
      19             :  * along with this program; if not, see <https://www.gnu.org/licenses/>.
      20             :  */
      21             : 
      22             : #include <config.h>
      23             : #include <stdio.h>
      24             : #include <stdlib.h>
      25             : #include <string.h>
      26             : #include <ctype.h>
      27             : 
      28             : #include "gpg.h"
      29             : #include "util.h"
      30             : #include "packet.h"
      31             : #include "iobuf.h"
      32             : #include "keydb.h"
      33             : #include "options.h"
      34             : #include "main.h"
      35             : #include "trustdb.h"
      36             : #include "i18n.h"
      37             : #include "keyserver-internal.h"
      38             : #include "call-agent.h"
      39             : #include "host2net.h"
      40             : #include "mbox-util.h"
      41             : #include "status.h"
      42             : 
      43             : #define MAX_PK_CACHE_ENTRIES   PK_UID_CACHE_SIZE
      44             : #define MAX_UID_CACHE_ENTRIES  PK_UID_CACHE_SIZE
      45             : 
      46             : #if MAX_PK_CACHE_ENTRIES < 2
      47             : #error We need the cache for key creation
      48             : #endif
      49             : 
      50             : /* Flags values returned by the lookup code.  Note that the values are
      51             :  * directly used by the KEY_CONSIDERED status line.  */
      52             : #define LOOKUP_NOT_SELECTED        (1<<0)
      53             : #define LOOKUP_ALL_SUBKEYS_EXPIRED (1<<1)  /* or revoked */
      54             : 
      55             : 
      56             : /* A context object used by the lookup functions.  */
      57             : struct getkey_ctx_s
      58             : {
      59             :   /* Part of the search criteria: whether the search is an exact
      60             :      search or not.  A search that is exact requires that a key or
      61             :      subkey meet all of the specified criteria.  A search that is not
      62             :      exact allows selecting a different key or subkey from the
      63             :      keyblock that matched the critera.  Further, an exact search
      64             :      returns the key or subkey that matched whereas a non-exact search
      65             :      typically returns the primary key.  See finish_lookup for
      66             :      details.  */
      67             :   int exact;
      68             : 
      69             :   /* Part of the search criteria: Whether the caller only wants keys
      70             :      with an available secret key.  This is used by getkey_next to get
      71             :      the next result with the same initial criteria.  */
      72             :   int want_secret;
      73             : 
      74             :   /* Part of the search criteria: The type of the requested key.  A
      75             :      mask of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.
      76             :      If non-zero, then for a key to match, it must implement one of
      77             :      the required uses.  */
      78             :   int req_usage;
      79             : 
      80             :   /* The database handle.  */
      81             :   KEYDB_HANDLE kr_handle;
      82             : 
      83             :   /* Whether we should call xfree() on the context when the context is
      84             :      released using getkey_end()).  */
      85             :   int not_allocated;
      86             : 
      87             :   /* This variable is used as backing store for strings which have
      88             :      their address used in ITEMS.  */
      89             :   strlist_t extra_list;
      90             : 
      91             :   /* Part of the search criteria: The low-level search specification
      92             :      as passed to keydb_search.  */
      93             :   int nitems;
      94             :   /* This must be the last element in the structure.  When we allocate
      95             :      the structure, we allocate it so that ITEMS can hold NITEMS.  */
      96             :   KEYDB_SEARCH_DESC items[1];
      97             : };
      98             : 
      99             : #if 0
     100             : static struct
     101             : {
     102             :   int any;
     103             :   int okay_count;
     104             :   int nokey_count;
     105             :   int error_count;
     106             : } lkup_stats[21];
     107             : #endif
     108             : 
     109             : typedef struct keyid_list
     110             : {
     111             :   struct keyid_list *next;
     112             :   char fpr[MAX_FINGERPRINT_LEN];
     113             :   u32 keyid[2];
     114             : } *keyid_list_t;
     115             : 
     116             : 
     117             : #if MAX_PK_CACHE_ENTRIES
     118             : typedef struct pk_cache_entry
     119             : {
     120             :   struct pk_cache_entry *next;
     121             :   u32 keyid[2];
     122             :   PKT_public_key *pk;
     123             : } *pk_cache_entry_t;
     124             : static pk_cache_entry_t pk_cache;
     125             : static int pk_cache_entries;    /* Number of entries in pk cache.  */
     126             : static int pk_cache_disabled;
     127             : #endif
     128             : 
     129             : #if MAX_UID_CACHE_ENTRIES < 5
     130             : #error we really need the userid cache
     131             : #endif
     132             : typedef struct user_id_db
     133             : {
     134             :   struct user_id_db *next;
     135             :   keyid_list_t keyids;
     136             :   int len;
     137             :   char name[1];
     138             : } *user_id_db_t;
     139             : static user_id_db_t user_id_db;
     140             : static int uid_cache_entries;   /* Number of entries in uid cache. */
     141             : 
     142             : static void merge_selfsigs (kbnode_t keyblock);
     143             : static int lookup (getkey_ctx_t ctx,
     144             :                    kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
     145             :                    int want_secret);
     146             : static kbnode_t finish_lookup (kbnode_t keyblock,
     147             :                                unsigned int req_usage, int want_exact,
     148             :                                unsigned int *r_flags);
     149             : static void print_status_key_considered (kbnode_t keyblock, unsigned int flags);
     150             : 
     151             : 
     152             : #if 0
     153             : static void
     154             : print_stats ()
     155             : {
     156             :   int i;
     157             :   for (i = 0; i < DIM (lkup_stats); i++)
     158             :     {
     159             :       if (lkup_stats[i].any)
     160             :         es_fprintf (es_stderr,
     161             :                  "lookup stats: mode=%-2d  ok=%-6d  nokey=%-6d  err=%-6d\n",
     162             :                  i,
     163             :                  lkup_stats[i].okay_count,
     164             :                  lkup_stats[i].nokey_count, lkup_stats[i].error_count);
     165             :     }
     166             : }
     167             : #endif
     168             : 
     169             : 
     170             : /* Cache a copy of a public key in the public key cache.  PK is not
     171             :  * cached if caching is disabled (via getkey_disable_caches), if
     172             :  * PK->FLAGS.DONT_CACHE is set, we don't know how to derive a key id
     173             :  * from the public key (e.g., unsupported algorithm), or a key with
     174             :  * the key id is already in the cache.
     175             :  *
     176             :  * The public key packet is copied into the cache using
     177             :  * copy_public_key.  Thus, any secret parts are not copied, for
     178             :  * instance.
     179             :  *
     180             :  * This cache is filled by get_pubkey and is read by get_pubkey and
     181             :  * get_pubkey_fast.  */
     182             : void
     183         706 : cache_public_key (PKT_public_key * pk)
     184             : {
     185             : #if MAX_PK_CACHE_ENTRIES
     186             :   pk_cache_entry_t ce, ce2;
     187             :   u32 keyid[2];
     188             : 
     189         706 :   if (pk_cache_disabled)
     190           5 :     return;
     191             : 
     192         706 :   if (pk->flags.dont_cache)
     193           0 :     return;
     194             : 
     195         706 :   if (is_ELGAMAL (pk->pubkey_algo)
     196         473 :       || pk->pubkey_algo == PUBKEY_ALGO_DSA
     197         136 :       || pk->pubkey_algo == PUBKEY_ALGO_ECDSA
     198          88 :       || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
     199          86 :       || pk->pubkey_algo == PUBKEY_ALGO_ECDH
     200          62 :       || is_RSA (pk->pubkey_algo))
     201             :     {
     202         706 :       keyid_from_pk (pk, keyid);
     203             :     }
     204             :   else
     205           0 :     return; /* Don't know how to get the keyid.  */
     206             : 
     207         744 :   for (ce = pk_cache; ce; ce = ce->next)
     208          43 :     if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
     209             :       {
     210           5 :         if (DBG_CACHE)
     211           0 :           log_debug ("cache_public_key: already in cache\n");
     212           5 :         return;
     213             :       }
     214             : 
     215         701 :   if (pk_cache_entries >= MAX_PK_CACHE_ENTRIES)
     216             :     {
     217             :       int n;
     218             : 
     219             :       /* Remove the last 50% of the entries.  */
     220           0 :       for (ce = pk_cache, n = 0; ce && n < pk_cache_entries/2; n++)
     221           0 :         ce = ce->next;
     222           0 :       if (ce && ce != pk_cache && ce->next)
     223             :         {
     224           0 :           ce2 = ce->next;
     225           0 :           ce->next = NULL;
     226           0 :           ce = ce2;
     227           0 :           for (; ce; ce = ce2)
     228             :             {
     229           0 :               ce2 = ce->next;
     230           0 :               free_public_key (ce->pk);
     231           0 :               xfree (ce);
     232           0 :               pk_cache_entries--;
     233             :             }
     234             :         }
     235           0 :       log_assert (pk_cache_entries < MAX_PK_CACHE_ENTRIES);
     236             :     }
     237         701 :   pk_cache_entries++;
     238         701 :   ce = xmalloc (sizeof *ce);
     239         701 :   ce->next = pk_cache;
     240         701 :   pk_cache = ce;
     241         701 :   ce->pk = copy_public_key (NULL, pk);
     242         701 :   ce->keyid[0] = keyid[0];
     243         701 :   ce->keyid[1] = keyid[1];
     244             : #endif
     245             : }
     246             : 
     247             : 
     248             : /* Return a const utf-8 string with the text "[User ID not found]".
     249             :    This function is required so that we don't need to switch gettext's
     250             :    encoding temporary.  */
     251             : static const char *
     252           5 : user_id_not_found_utf8 (void)
     253             : {
     254             :   static char *text;
     255             : 
     256           5 :   if (!text)
     257           3 :     text = native_to_utf8 (_("[User ID not found]"));
     258           5 :   return text;
     259             : }
     260             : 
     261             : 
     262             : 
     263             : /* Return the user ID from the given keyblock.
     264             :  * We use the primary uid flag which has been set by the merge_selfsigs
     265             :  * function.  The returned value is only valid as long as the given
     266             :  * keyblock is not changed.  */
     267             : static const char *
     268        1186 : get_primary_uid (KBNODE keyblock, size_t * uidlen)
     269             : {
     270             :   KBNODE k;
     271             :   const char *s;
     272             : 
     273        3235 :   for (k = keyblock; k; k = k->next)
     274             :     {
     275        3235 :       if (k->pkt->pkttype == PKT_USER_ID
     276        1590 :           && !k->pkt->pkt.user_id->attrib_data
     277        1590 :           && k->pkt->pkt.user_id->is_primary)
     278             :         {
     279        1186 :           *uidlen = k->pkt->pkt.user_id->len;
     280        1186 :           return k->pkt->pkt.user_id->name;
     281             :         }
     282             :     }
     283           0 :   s = user_id_not_found_utf8 ();
     284           0 :   *uidlen = strlen (s);
     285           0 :   return s;
     286             : }
     287             : 
     288             : 
     289             : static void
     290        1296 : release_keyid_list (keyid_list_t k)
     291             : {
     292        2592 :   while (k)
     293             :     {
     294           0 :       keyid_list_t k2 = k->next;
     295           0 :       xfree (k);
     296           0 :       k = k2;
     297             :     }
     298        1296 : }
     299             : 
     300             : /****************
     301             :  * Store the association of keyid and userid
     302             :  * Feed only public keys to this function.
     303             :  */
     304             : static void
     305        2482 : cache_user_id (KBNODE keyblock)
     306             : {
     307             :   user_id_db_t r;
     308             :   const char *uid;
     309             :   size_t uidlen;
     310        2482 :   keyid_list_t keyids = NULL;
     311             :   KBNODE k;
     312             : 
     313        9599 :   for (k = keyblock; k; k = k->next)
     314             :     {
     315        8413 :       if (k->pkt->pkttype == PKT_PUBLIC_KEY
     316        5931 :           || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     317             :         {
     318        3748 :           keyid_list_t a = xmalloc_clear (sizeof *a);
     319             :           /* Hmmm: For a long list of keyids it might be an advantage
     320             :            * to append the keys.  */
     321        3748 :           fingerprint_from_pk (k->pkt->pkt.public_key, a->fpr, NULL);
     322        3748 :           keyid_from_pk (k->pkt->pkt.public_key, a->keyid);
     323             :           /* First check for duplicates.  */
     324        6357 :           for (r = user_id_db; r; r = r->next)
     325             :             {
     326             :               keyid_list_t b;
     327             : 
     328       10246 :               for (b = r->keyids; b; b = b->next)
     329             :                 {
     330        7637 :                   if (!memcmp (b->fpr, a->fpr, MAX_FINGERPRINT_LEN))
     331             :                     {
     332        1296 :                       if (DBG_CACHE)
     333           0 :                         log_debug ("cache_user_id: already in cache\n");
     334        1296 :                       release_keyid_list (keyids);
     335        1296 :                       xfree (a);
     336        1296 :                       return;
     337             :                     }
     338             :                 }
     339             :             }
     340             :           /* Now put it into the cache.  */
     341        2452 :           a->next = keyids;
     342        2452 :           keyids = a;
     343             :         }
     344             :     }
     345        1186 :   if (!keyids)
     346           0 :     BUG (); /* No key no fun.  */
     347             : 
     348             : 
     349        1186 :   uid = get_primary_uid (keyblock, &uidlen);
     350             : 
     351        1186 :   if (uid_cache_entries >= MAX_UID_CACHE_ENTRIES)
     352             :     {
     353             :       /* fixme: use another algorithm to free some cache slots */
     354           0 :       r = user_id_db;
     355           0 :       user_id_db = r->next;
     356           0 :       release_keyid_list (r->keyids);
     357           0 :       xfree (r);
     358           0 :       uid_cache_entries--;
     359             :     }
     360        1186 :   r = xmalloc (sizeof *r + uidlen - 1);
     361        1186 :   r->keyids = keyids;
     362        1186 :   r->len = uidlen;
     363        1186 :   memcpy (r->name, uid, r->len);
     364        1186 :   r->next = user_id_db;
     365        1186 :   user_id_db = r;
     366        1186 :   uid_cache_entries++;
     367             : }
     368             : 
     369             : 
     370             : /* Disable and drop the public key cache (which is filled by
     371             :    cache_public_key and get_pubkey).  Note: there is currently no way
     372             :    to reenable this cache.  */
     373             : void
     374         122 : getkey_disable_caches ()
     375             : {
     376             : #if MAX_PK_CACHE_ENTRIES
     377             :   {
     378             :     pk_cache_entry_t ce, ce2;
     379             : 
     380         122 :     for (ce = pk_cache; ce; ce = ce2)
     381             :       {
     382           0 :         ce2 = ce->next;
     383           0 :         free_public_key (ce->pk);
     384           0 :         xfree (ce);
     385             :       }
     386         122 :     pk_cache_disabled = 1;
     387         122 :     pk_cache_entries = 0;
     388         122 :     pk_cache = NULL;
     389             :   }
     390             : #endif
     391             :   /* fixme: disable user id cache ? */
     392         122 : }
     393             : 
     394             : 
     395             : void
     396           0 : pubkey_free (pubkey_t key)
     397             : {
     398           0 :   if (key)
     399             :     {
     400           0 :       xfree (key->pk);
     401           0 :       release_kbnode (key->keyblock);
     402           0 :       xfree (key);
     403             :     }
     404           0 : }
     405             : 
     406             : void
     407           0 : pubkeys_free (pubkey_t keys)
     408             : {
     409           0 :   while (keys)
     410             :     {
     411           0 :       pubkey_t next = keys->next;
     412           0 :       pubkey_free (keys);
     413           0 :       keys = next;
     414             :     }
     415           0 : }
     416             : 
     417             : /* Returns all keys that match the search specfication SEARCH_TERMS.
     418             : 
     419             :    This function also checks for and warns about duplicate entries in
     420             :    the keydb, which can occur if the user has configured multiple
     421             :    keyrings or keyboxes or if a keyring or keybox was corrupted.
     422             : 
     423             :    Note: SEARCH_TERMS will not be expanded (i.e., it may not be a
     424             :    group).
     425             : 
     426             :    USE is the operation for which the key is required.  It must be
     427             :    either PUBKEY_USAGE_ENC, PUBKEY_USAGE_SIG, PUBKEY_USAGE_CERT or
     428             :    PUBKEY_USAGE_AUTH.
     429             : 
     430             :    XXX: Currently, only PUBKEY_USAGE_ENC and PUBKEY_USAGE_SIG are
     431             :    implemented.
     432             : 
     433             :    INCLUDE_UNUSABLE indicates whether disabled keys are allowed.
     434             :    (Recipients specified with --encrypt-to and --hidden-encrypt-to may
     435             :    be disabled.  It is possible to edit disabled keys.)
     436             : 
     437             :    SOURCE is the context in which SEARCH_TERMS was specified, e.g.,
     438             :    "--encrypt-to", etc.  If this function is called interactively,
     439             :    then this should be NULL.
     440             : 
     441             :    If WARN_POSSIBLY_AMBIGUOUS is set, then emits a warning if the user
     442             :    does not specify a long key id or a fingerprint.
     443             : 
     444             :    The results are placed in *KEYS.  *KEYS must be NULL!  */
     445             : gpg_error_t
     446           0 : get_pubkeys (ctrl_t ctrl,
     447             :              char *search_terms, int use, int include_unusable, char *source,
     448             :              int warn_possibly_ambiguous,
     449             :              pubkey_t *r_keys)
     450             : {
     451             :   /* We show a warning when a key appears multiple times in the DB.
     452             :      This can happen for two reasons:
     453             : 
     454             :        - The user has configured multiple keyrings or keyboxes.
     455             : 
     456             :        - The keyring or keybox has been corrupted in some way, e.g., a
     457             :          bug or a random process changing them.
     458             : 
     459             :      For each duplicate, we only want to show the key once.  Hence,
     460             :      this list.  */
     461             :   static strlist_t key_dups;
     462             : 
     463             :   /* USE transformed to a string.  */
     464             :   char *use_str;
     465             : 
     466             :   gpg_error_t err;
     467             : 
     468             :   KEYDB_SEARCH_DESC desc;
     469             : 
     470             :   GETKEY_CTX ctx;
     471           0 :   pubkey_t results = NULL;
     472             :   pubkey_t r;
     473             : 
     474             :   int count;
     475             : 
     476             :   char fingerprint[2 * MAX_FINGERPRINT_LEN + 1];
     477             : 
     478           0 :   if (DBG_LOOKUP)
     479             :     {
     480           0 :       log_debug ("\n");
     481           0 :       log_debug ("%s: Checking %s=%s\n",
     482             :                  __func__, source ? source : "user input", search_terms);
     483             :     }
     484             : 
     485           0 :   if (*r_keys)
     486           0 :     log_bug ("%s: KEYS should be NULL!\n", __func__);
     487             : 
     488           0 :   switch (use)
     489             :     {
     490           0 :     case PUBKEY_USAGE_ENC: use_str = "encrypt"; break;
     491           0 :     case PUBKEY_USAGE_SIG: use_str = "sign"; break;
     492           0 :     case PUBKEY_USAGE_CERT: use_str = "cetify"; break;
     493           0 :     case PUBKEY_USAGE_AUTH: use_str = "authentication"; break;
     494           0 :     default: log_bug ("%s: Bad value for USE (%d)\n", __func__, use);
     495             :     }
     496             : 
     497           0 :   if (use == PUBKEY_USAGE_CERT || use == PUBKEY_USAGE_AUTH)
     498           0 :     log_bug ("%s: use=%s is unimplemented.\n", __func__, use_str);
     499             : 
     500           0 :   err = classify_user_id (search_terms, &desc, 1);
     501           0 :   if (err)
     502             :     {
     503           0 :       log_info (_("key \"%s\" not found: %s\n"),
     504             :                 search_terms, gpg_strerror (err));
     505           0 :       if (!opt.quiet && source)
     506           0 :         log_info (_("(check argument of option '%s')\n"), source);
     507           0 :       goto out;
     508             :     }
     509             : 
     510           0 :   if (warn_possibly_ambiguous
     511           0 :       && ! (desc.mode == KEYDB_SEARCH_MODE_LONG_KID
     512           0 :             || desc.mode == KEYDB_SEARCH_MODE_FPR16
     513           0 :             || desc.mode == KEYDB_SEARCH_MODE_FPR20
     514           0 :             || desc.mode == KEYDB_SEARCH_MODE_FPR))
     515             :     {
     516           0 :       log_info (_("Warning: '%s' should be a long key ID or a fingerprint\n"),
     517             :                 search_terms);
     518           0 :       if (!opt.quiet && source)
     519           0 :         log_info (_("(check argument of option '%s')\n"), source);
     520             :     }
     521             : 
     522             :   /* Gather all of the results.  */
     523           0 :   ctx = NULL;
     524           0 :   count = 0;
     525             :   do
     526             :     {
     527           0 :       PKT_public_key *pk = xmalloc_clear (sizeof *pk);
     528             :       KBNODE kb;
     529           0 :       pk->req_usage = use;
     530             : 
     531           0 :       if (! ctx)
     532           0 :         err = get_pubkey_byname (ctrl, &ctx, pk, search_terms, &kb, NULL,
     533             :                                  include_unusable, 1);
     534             :       else
     535           0 :         err = getkey_next (ctx, pk, &kb);
     536             : 
     537           0 :       if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     538             :         /* No more results.   */
     539             :         {
     540           0 :           xfree (pk);
     541           0 :           break;
     542             :         }
     543           0 :       else if (err)
     544             :         /* An error (other than "not found").  */
     545             :         {
     546           0 :           log_error (_("error looking up: %s\n"),
     547             :                      gpg_strerror (err));
     548           0 :           xfree (pk);
     549           0 :           break;
     550             :         }
     551             : 
     552             :       /* Another result!  */
     553           0 :       count ++;
     554             : 
     555           0 :       r = xmalloc_clear (sizeof (*r));
     556           0 :       r->pk = pk;
     557           0 :       r->keyblock = kb;
     558           0 :       r->next = results;
     559           0 :       results = r;
     560             :     }
     561           0 :   while (ctx);
     562           0 :   getkey_end (ctx);
     563             : 
     564           0 :   if (DBG_LOOKUP)
     565             :     {
     566           0 :       log_debug ("%s resulted in %d matches.\n", search_terms, count);
     567           0 :       for (r = results; r; r = r->next)
     568           0 :         log_debug ("  %s\n",
     569           0 :                    hexfingerprint (r->keyblock->pkt->pkt.public_key,
     570             :                                    fingerprint, sizeof (fingerprint)));
     571             :     }
     572             : 
     573           0 :   if (! results && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     574             :     /* No match.  */
     575             :     {
     576           0 :       if (DBG_LOOKUP)
     577           0 :         log_debug ("%s: '%s' not found.\n", __func__, search_terms);
     578             : 
     579           0 :       log_info (_("key \"%s\" not found\n"), search_terms);
     580           0 :       if (!opt.quiet && source)
     581           0 :         log_info (_("(check argument of option '%s')\n"), source);
     582             : 
     583           0 :       goto out;
     584             :     }
     585           0 :   else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
     586             :     /* No more matches.  */
     587             :     ;
     588           0 :   else if (err)
     589             :     /* Some other error.  An error message was already printed
     590             :        out.  Free RESULTS and continue.  */
     591           0 :     goto out;
     592             : 
     593             :   /* Check for duplicates.  */
     594           0 :   if (DBG_LOOKUP)
     595           0 :     log_debug ("%s: Checking results of %s='%s' for dups\n",
     596             :                __func__, source ? source : "user input", search_terms);
     597           0 :   count = 0;
     598           0 :   for (r = results; r; r = r->next)
     599             :     {
     600             :       pubkey_t *prevp;
     601             :       pubkey_t next;
     602             :       pubkey_t r2;
     603           0 :       int dups = 0;
     604             : 
     605           0 :       prevp = &r->next;
     606           0 :       next = r->next;
     607           0 :       while ((r2 = next))
     608             :         {
     609           0 :           if (cmp_public_keys (r->keyblock->pkt->pkt.public_key,
     610           0 :                                r2->keyblock->pkt->pkt.public_key) != 0)
     611             :             /* Not a dup.  */
     612             :             {
     613           0 :               prevp = &r2->next;
     614           0 :               next = r2->next;
     615           0 :               continue;
     616             :             }
     617             : 
     618           0 :           dups ++;
     619           0 :           count ++;
     620             : 
     621             :           /* Remove R2 from the list.  */
     622           0 :           *prevp = r2->next;
     623           0 :           release_kbnode (r2->keyblock);
     624           0 :           next = r2->next;
     625           0 :           xfree (r2);
     626             :         }
     627             : 
     628           0 :       if (dups)
     629             :         {
     630           0 :           hexfingerprint (r->keyblock->pkt->pkt.public_key,
     631             :                           fingerprint, sizeof fingerprint);
     632           0 :           if (! strlist_find (key_dups, fingerprint))
     633             :             {
     634             :               char fingerprint_formatted[MAX_FORMATTED_FINGERPRINT_LEN + 1];
     635             : 
     636           0 :               log_info (_("Warning: %s appears in the keyring %d times\n"),
     637             :                         format_hexfingerprint (fingerprint,
     638             :                                                fingerprint_formatted,
     639             :                                                sizeof fingerprint_formatted),
     640             :                         1 + dups);
     641           0 :               add_to_strlist (&key_dups, fingerprint);
     642             :             }
     643             :         }
     644             :     }
     645             : 
     646           0 :   if (DBG_LOOKUP && count)
     647             :     {
     648           0 :       log_debug ("After removing %d dups:\n", count);
     649           0 :       for (r = results, count = 0; r; r = r->next)
     650           0 :         log_debug ("  %d: %s\n",
     651             :                    count,
     652           0 :                    hexfingerprint (r->keyblock->pkt->pkt.public_key,
     653             :                                    fingerprint, sizeof fingerprint));
     654             :     }
     655             : 
     656             :  out:
     657           0 :   if (err)
     658           0 :     pubkeys_free (results);
     659             :   else
     660           0 :     *r_keys = results;
     661             : 
     662           0 :   return err;
     663             : }
     664             : 
     665             : 
     666             : static void
     667        1398 : pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
     668             : {
     669        1398 :   kbnode_t a = found_key ? found_key : keyblock;
     670             : 
     671        1398 :   log_assert (a->pkt->pkttype == PKT_PUBLIC_KEY
     672             :               || a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
     673             : 
     674        1398 :   copy_public_key (pk, a->pkt->pkt.public_key);
     675        1398 : }
     676             : 
     677             : 
     678             : /* Return the public key with the key id KEYID and store it at PK.
     679             :  * The resources in *PK should be released using
     680             :  * release_public_key_parts().  This function also stores a copy of
     681             :  * the public key in the user id cache (see cache_public_key).
     682             :  *
     683             :  * If PK is NULL, this function just stores the public key in the
     684             :  * cache and returns the usual return code.
     685             :  *
     686             :  * PK->REQ_USAGE (which is a mask of PUBKEY_USAGE_SIG,
     687             :  * PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT) is passed through to the
     688             :  * lookup function.  If this is non-zero, only keys with the specified
     689             :  * usage will be returned.  As such, it is essential that
     690             :  * PK->REQ_USAGE be correctly initialized!
     691             :  *
     692             :  * Returns 0 on success, GPG_ERR_NO_PUBKEY if there is no public key
     693             :  * with the specified key id, or another error code if an error
     694             :  * occurs.
     695             :  *
     696             :  * If the data was not read from the cache, then the self-signed data
     697             :  * has definitely been merged into the public key using
     698             :  * merge_selfsigs.  */
     699             : int
     700         901 : get_pubkey (PKT_public_key * pk, u32 * keyid)
     701             : {
     702         901 :   int internal = 0;
     703         901 :   int rc = 0;
     704             : 
     705             : #if MAX_PK_CACHE_ENTRIES
     706         901 :   if (pk)
     707             :     {
     708             :       /* Try to get it from the cache.  We don't do this when pk is
     709             :          NULL as it does not guarantee that the user IDs are
     710             :          cached. */
     711             :       pk_cache_entry_t ce;
     712         926 :       for (ce = pk_cache; ce; ce = ce->next)
     713             :         {
     714         229 :           if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
     715             :             /* XXX: We don't check PK->REQ_USAGE here, but if we don't
     716             :                read from the cache, we do check it!  */
     717             :             {
     718         191 :               copy_public_key (pk, ce->pk);
     719         191 :               return 0;
     720             :             }
     721             :         }
     722             :     }
     723             : #endif
     724             :   /* More init stuff.  */
     725         710 :   if (!pk)
     726             :     {
     727          13 :       pk = xmalloc_clear (sizeof *pk);
     728          13 :       internal++;
     729             :     }
     730             : 
     731             : 
     732             :   /* Do a lookup.  */
     733             :   {
     734             :     struct getkey_ctx_s ctx;
     735         710 :     KBNODE kb = NULL;
     736         710 :     KBNODE found_key = NULL;
     737         710 :     memset (&ctx, 0, sizeof ctx);
     738         710 :     ctx.exact = 1; /* Use the key ID exactly as given.  */
     739         710 :     ctx.not_allocated = 1;
     740         710 :     ctx.kr_handle = keydb_new ();
     741         710 :     if (!ctx.kr_handle)
     742             :       {
     743           0 :         rc = gpg_error_from_syserror ();
     744           0 :         goto leave;
     745             :       }
     746         710 :     ctx.nitems = 1;
     747         710 :     ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
     748         710 :     ctx.items[0].u.kid[0] = keyid[0];
     749         710 :     ctx.items[0].u.kid[1] = keyid[1];
     750         710 :     ctx.req_usage = pk->req_usage;
     751         710 :     rc = lookup (&ctx, &kb, &found_key, 0);
     752         710 :     if (!rc)
     753             :       {
     754         701 :         pk_from_block (pk, kb, found_key);
     755             :       }
     756         710 :     getkey_end (&ctx);
     757         710 :     release_kbnode (kb);
     758             :   }
     759         710 :   if (!rc)
     760         701 :     goto leave;
     761             : 
     762           9 :   rc = GPG_ERR_NO_PUBKEY;
     763             : 
     764             : leave:
     765         710 :   if (!rc)
     766         701 :     cache_public_key (pk);
     767         710 :   if (internal)
     768          13 :     free_public_key (pk);
     769         710 :   return rc;
     770             : }
     771             : 
     772             : 
     773             : /* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
     774             :  * account nor does it merge in the self-signed data.  This function
     775             :  * also only considers primary keys.  It is intended to be used as a
     776             :  * quick check of the key to avoid recursion.  It should only be used
     777             :  * in very certain cases.  Like get_pubkey and unlike any of the other
     778             :  * lookup functions, this function also consults the user id cache
     779             :  * (see cache_public_key).
     780             :  *
     781             :  * Return the public key in *PK.  The resources in *PK should be
     782             :  * released using release_public_key_parts().  */
     783             : int
     784           3 : get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
     785             : {
     786           3 :   int rc = 0;
     787             :   KEYDB_HANDLE hd;
     788             :   KBNODE keyblock;
     789             :   u32 pkid[2];
     790             : 
     791           3 :   log_assert (pk);
     792             : #if MAX_PK_CACHE_ENTRIES
     793             :   {
     794             :     /* Try to get it from the cache */
     795             :     pk_cache_entry_t ce;
     796             : 
     797           3 :     for (ce = pk_cache; ce; ce = ce->next)
     798             :       {
     799           0 :         if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1]
     800             :             /* Only consider primary keys.  */
     801           0 :             && ce->pk->keyid[0] == ce->pk->main_keyid[0]
     802           0 :             && ce->pk->keyid[1] == ce->pk->main_keyid[1])
     803             :           {
     804           0 :             if (pk)
     805           0 :               copy_public_key (pk, ce->pk);
     806           0 :             return 0;
     807             :           }
     808             :       }
     809             :   }
     810             : #endif
     811             : 
     812           3 :   hd = keydb_new ();
     813           3 :   if (!hd)
     814           0 :     return gpg_error_from_syserror ();
     815           3 :   rc = keydb_search_kid (hd, keyid);
     816           3 :   if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
     817             :     {
     818           3 :       keydb_release (hd);
     819           3 :       return GPG_ERR_NO_PUBKEY;
     820             :     }
     821           0 :   rc = keydb_get_keyblock (hd, &keyblock);
     822           0 :   keydb_release (hd);
     823           0 :   if (rc)
     824             :     {
     825           0 :       log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
     826           0 :       return GPG_ERR_NO_PUBKEY;
     827             :     }
     828             : 
     829           0 :   log_assert (keyblock && keyblock->pkt
     830             :               && keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
     831             : 
     832             :   /* We return the primary key.  If KEYID matched a subkey, then we
     833             :      return an error.  */
     834           0 :   keyid_from_pk (keyblock->pkt->pkt.public_key, pkid);
     835           0 :   if (keyid[0] == pkid[0] && keyid[1] == pkid[1])
     836           0 :     copy_public_key (pk, keyblock->pkt->pkt.public_key);
     837             :   else
     838           0 :     rc = GPG_ERR_NO_PUBKEY;
     839             : 
     840           0 :   release_kbnode (keyblock);
     841             : 
     842             :   /* Not caching key here since it won't have all of the fields
     843             :      properly set. */
     844             : 
     845           0 :   return rc;
     846             : }
     847             : 
     848             : 
     849             : /* Return the key block for the key with key id KEYID or NULL, if an
     850             :  * error occurs.  Use release_kbnode() to release the key block.
     851             :  *
     852             :  * The self-signed data has already been merged into the public key
     853             :  * using merge_selfsigs.  */
     854             : kbnode_t
     855         704 : get_pubkeyblock (u32 * keyid)
     856             : {
     857             :   struct getkey_ctx_s ctx;
     858         704 :   int rc = 0;
     859         704 :   KBNODE keyblock = NULL;
     860             : 
     861         704 :   memset (&ctx, 0, sizeof ctx);
     862             :   /* No need to set exact here because we want the entire block.  */
     863         704 :   ctx.not_allocated = 1;
     864         704 :   ctx.kr_handle = keydb_new ();
     865         704 :   if (!ctx.kr_handle)
     866           0 :     return NULL;
     867         704 :   ctx.nitems = 1;
     868         704 :   ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
     869         704 :   ctx.items[0].u.kid[0] = keyid[0];
     870         704 :   ctx.items[0].u.kid[1] = keyid[1];
     871         704 :   rc = lookup (&ctx, &keyblock, NULL, 0);
     872         704 :   getkey_end (&ctx);
     873             : 
     874         704 :   return rc ? NULL : keyblock;
     875             : }
     876             : 
     877             : 
     878             : /* Return the public key with the key id KEYID iff the secret key is
     879             :  * available and store it at PK.  The resources should be released
     880             :  * using release_public_key_parts().
     881             :  *
     882             :  * Unlike other lookup functions, PK may not be NULL.  PK->REQ_USAGE
     883             :  * is passed through to the lookup function and is a mask of
     884             :  * PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.  Thus, it
     885             :  * must be valid!  If this is non-zero, only keys with the specified
     886             :  * usage will be returned.
     887             :  *
     888             :  * Returns 0 on success.  If a public key with the specified key id is
     889             :  * not found or a secret key is not available for that public key, an
     890             :  * error code is returned.  Note: this function ignores legacy keys.
     891             :  * An error code is also return if an error occurs.
     892             :  *
     893             :  * The self-signed data has already been merged into the public key
     894             :  * using merge_selfsigs.  */
     895             : gpg_error_t
     896         262 : get_seckey (PKT_public_key *pk, u32 *keyid)
     897             : {
     898             :   gpg_error_t err;
     899             :   struct getkey_ctx_s ctx;
     900         262 :   kbnode_t keyblock = NULL;
     901         262 :   kbnode_t found_key = NULL;
     902             : 
     903         262 :   memset (&ctx, 0, sizeof ctx);
     904         262 :   ctx.exact = 1; /* Use the key ID exactly as given.  */
     905         262 :   ctx.not_allocated = 1;
     906         262 :   ctx.kr_handle = keydb_new ();
     907         262 :   if (!ctx.kr_handle)
     908           0 :     return gpg_error_from_syserror ();
     909         262 :   ctx.nitems = 1;
     910         262 :   ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
     911         262 :   ctx.items[0].u.kid[0] = keyid[0];
     912         262 :   ctx.items[0].u.kid[1] = keyid[1];
     913         262 :   ctx.req_usage = pk->req_usage;
     914         262 :   err = lookup (&ctx, &keyblock, &found_key, 1);
     915         262 :   if (!err)
     916             :     {
     917         262 :       pk_from_block (pk, keyblock, found_key);
     918             :     }
     919         262 :   getkey_end (&ctx);
     920         262 :   release_kbnode (keyblock);
     921             : 
     922         262 :   if (!err)
     923             :     {
     924         262 :       err = agent_probe_secret_key (/*ctrl*/NULL, pk);
     925         262 :       if (err)
     926           0 :         release_public_key_parts (pk);
     927             :     }
     928             : 
     929         262 :   return err;
     930             : }
     931             : 
     932             : 
     933             : /* Skip unusable keys.  A key is unusable if it is revoked, expired or
     934             :    disabled or if the selected user id is revoked or expired.  */
     935             : static int
     936         210 : skip_unusable (void *dummy, u32 * keyid, int uid_no)
     937             : {
     938         210 :   int unusable = 0;
     939             :   KBNODE keyblock;
     940             :   PKT_public_key *pk;
     941             : 
     942             :   (void) dummy;
     943             : 
     944         210 :   keyblock = get_pubkeyblock (keyid);
     945         210 :   if (!keyblock)
     946             :     {
     947           0 :       log_error ("error checking usability status of %s\n", keystr (keyid));
     948           0 :       goto leave;
     949             :     }
     950             : 
     951         210 :   pk = keyblock->pkt->pkt.public_key;
     952             : 
     953             :   /* Is the key revoked or expired?  */
     954         210 :   if (pk->flags.revoked || pk->has_expired)
     955           0 :     unusable = 1;
     956             : 
     957             :   /* Is the user ID in question revoked or expired? */
     958         210 :   if (!unusable && uid_no)
     959             :     {
     960             :       KBNODE node;
     961         125 :       int uids_seen = 0;
     962             : 
     963         250 :       for (node = keyblock; node; node = node->next)
     964             :         {
     965         250 :           if (node->pkt->pkttype == PKT_USER_ID)
     966             :             {
     967         125 :               PKT_user_id *user_id = node->pkt->pkt.user_id;
     968             : 
     969         125 :               uids_seen ++;
     970         125 :               if (uids_seen != uid_no)
     971           0 :                 continue;
     972             : 
     973         125 :               if (user_id->is_revoked || user_id->is_expired)
     974           0 :                 unusable = 1;
     975             : 
     976         125 :               break;
     977             :             }
     978             :         }
     979             : 
     980             :       /* If UID_NO is non-zero, then the keyblock better have at least
     981             :          that many UIDs.  */
     982         125 :       log_assert (uids_seen == uid_no);
     983             :     }
     984             : 
     985         210 :   if (!unusable)
     986         210 :     unusable = pk_is_disabled (pk);
     987             : 
     988             : leave:
     989         210 :   release_kbnode (keyblock);
     990         210 :   return unusable;
     991             : }
     992             : 
     993             : 
     994             : /* Search for keys matching some criteria.
     995             : 
     996             :    If RETCTX is not NULL, then the constructed context is returned in
     997             :    *RETCTX so that getpubkey_next can be used to get subsequent
     998             :    results.  In this case, getkey_end() must be used to free the
     999             :    search context.  If RETCTX is not NULL, then RET_KDBHD must be
    1000             :    NULL.
    1001             : 
    1002             :    If NAMELIST is not NULL, then a search query is constructed using
    1003             :    classify_user_id on each of the strings in the list.  (Recall: the
    1004             :    database does an OR of the terms, not an AND.)  If NAMELIST is
    1005             :    NULL, then all results are returned.
    1006             : 
    1007             :    If PK is not NULL, the public key of the first result is returned
    1008             :    in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    1009             :    set, it is used to filter the search results.  See the
    1010             :    documentation for finish_lookup to understand exactly how this is
    1011             :    used.  Note: The self-signed data has already been merged into the
    1012             :    public key using merge_selfsigs.  Free *PK by calling
    1013             :    release_public_key_parts (or, if PK was allocated using xfree, you
    1014             :    can use free_public_key, which calls release_public_key_parts(PK)
    1015             :    and then xfree(PK)).
    1016             : 
    1017             :    If WANT_SECRET is set, then only keys with an available secret key
    1018             :    (either locally or via key registered on a smartcard) are returned.
    1019             : 
    1020             :    If INCLUDE_UNUSABLE is set, then unusable keys (see the
    1021             :    documentation for skip_unusable for an exact definition) are
    1022             :    skipped unless they are looked up by key id or by fingerprint.
    1023             : 
    1024             :    If RET_KB is not NULL, the keyblock is returned in *RET_KB.  This
    1025             :    should be freed using release_kbnode().
    1026             : 
    1027             :    If RET_KDBHD is not NULL, then the new database handle used to
    1028             :    conduct the search is returned in *RET_KDBHD.  This can be used to
    1029             :    get subsequent results using keydb_search_next.  Note: in this
    1030             :    case, no advanced filtering is done for subsequent results (e.g.,
    1031             :    WANT_SECRET and PK->REQ_USAGE are not respected).
    1032             : 
    1033             :    This function returns 0 on success.  Otherwise, an error code is
    1034             :    returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    1035             :    (if want_secret is set) is returned if the key is not found.  */
    1036             : static int
    1037         495 : key_byname (GETKEY_CTX *retctx, strlist_t namelist,
    1038             :             PKT_public_key *pk,
    1039             :             int want_secret, int include_unusable,
    1040             :             KBNODE * ret_kb, KEYDB_HANDLE * ret_kdbhd)
    1041             : {
    1042         495 :   int rc = 0;
    1043             :   int n;
    1044             :   strlist_t r;
    1045             :   GETKEY_CTX ctx;
    1046         495 :   KBNODE help_kb = NULL;
    1047         495 :   KBNODE found_key = NULL;
    1048             : 
    1049         495 :   if (retctx)
    1050             :     {
    1051             :       /* Reset the returned context in case of error.  */
    1052         359 :       log_assert (!ret_kdbhd); /* Not allowed because the handle is stored
    1053             :                                   in the context.  */
    1054         359 :       *retctx = NULL;
    1055             :     }
    1056         495 :   if (ret_kdbhd)
    1057           0 :     *ret_kdbhd = NULL;
    1058             : 
    1059         495 :   if (!namelist)
    1060             :     /* No search terms: iterate over the whole DB.  */
    1061             :     {
    1062          85 :       ctx = xmalloc_clear (sizeof *ctx);
    1063          85 :       ctx->nitems = 1;
    1064          85 :       ctx->items[0].mode = KEYDB_SEARCH_MODE_FIRST;
    1065          85 :       if (!include_unusable)
    1066          85 :         ctx->items[0].skipfnc = skip_unusable;
    1067             :     }
    1068             :   else
    1069             :     {
    1070             :       /* Build the search context.  */
    1071         823 :       for (n = 0, r = namelist; r; r = r->next)
    1072         413 :         n++;
    1073             : 
    1074             :       /* CTX has space for a single search term at the end.  Thus, we
    1075             :          need to allocate sizeof *CTX plus (n - 1) sizeof
    1076             :          CTX->ITEMS.  */
    1077         410 :       ctx = xmalloc_clear (sizeof *ctx + (n - 1) * sizeof ctx->items);
    1078         410 :       ctx->nitems = n;
    1079             : 
    1080         823 :       for (n = 0, r = namelist; r; r = r->next, n++)
    1081             :         {
    1082             :           gpg_error_t err;
    1083             : 
    1084         413 :           err = classify_user_id (r->d, &ctx->items[n], 1);
    1085             : 
    1086         413 :           if (ctx->items[n].exact)
    1087           3 :             ctx->exact = 1;
    1088         413 :           if (err)
    1089             :             {
    1090           0 :               xfree (ctx);
    1091           0 :               return gpg_err_code (err); /* FIXME: remove gpg_err_code.  */
    1092             :             }
    1093         413 :           if (!include_unusable
    1094         250 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
    1095         126 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_LONG_KID
    1096         126 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR16
    1097         126 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR20
    1098         125 :               && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR)
    1099         125 :             ctx->items[n].skipfnc = skip_unusable;
    1100             :         }
    1101             :     }
    1102             : 
    1103         495 :   ctx->want_secret = want_secret;
    1104         495 :   ctx->kr_handle = keydb_new ();
    1105         495 :   if (!ctx->kr_handle)
    1106             :     {
    1107           0 :       rc = gpg_error_from_syserror ();
    1108           0 :       getkey_end (ctx);
    1109           0 :       return rc;
    1110             :     }
    1111             : 
    1112         495 :   if (!ret_kb)
    1113         380 :     ret_kb = &help_kb;
    1114             : 
    1115         495 :   if (pk)
    1116             :     {
    1117         380 :       ctx->req_usage = pk->req_usage;
    1118             :     }
    1119             : 
    1120         495 :   rc = lookup (ctx, ret_kb, &found_key, want_secret);
    1121         495 :   if (!rc && pk)
    1122             :     {
    1123         380 :       pk_from_block (pk, *ret_kb, found_key);
    1124             :     }
    1125             : 
    1126         495 :   release_kbnode (help_kb);
    1127             : 
    1128         495 :   if (retctx) /* Caller wants the context.  */
    1129         359 :     *retctx = ctx;
    1130             :   else
    1131             :     {
    1132         136 :       if (ret_kdbhd)
    1133             :         {
    1134           0 :           *ret_kdbhd = ctx->kr_handle;
    1135           0 :           ctx->kr_handle = NULL;
    1136             :         }
    1137         136 :       getkey_end (ctx);
    1138             :     }
    1139             : 
    1140         495 :   return rc;
    1141             : }
    1142             : 
    1143             : 
    1144             : /* Find a public key identified by NAME.
    1145             :  *
    1146             :  * If name appears to be a valid valid RFC822 mailbox (i.e., email
    1147             :  * address) and auto key lookup is enabled (no_akl == 0), then the
    1148             :  * specified auto key lookup methods (--auto-key-lookup) are used to
    1149             :  * import the key into the local keyring.  Otherwise, just the local
    1150             :  * keyring is consulted.
    1151             :  *
    1152             :  * If RETCTX is not NULL, then the constructed context is returned in
    1153             :  * *RETCTX so that getpubkey_next can be used to get subsequent
    1154             :  * results.  In this case, getkey_end() must be used to free the
    1155             :  * search context.  If RETCTX is not NULL, then RET_KDBHD must be
    1156             :  * NULL.
    1157             :  *
    1158             :  * If PK is not NULL, the public key of the first result is returned
    1159             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  PK->REQ_USAGE is
    1160             :  * passed through to the lookup function and is a mask of
    1161             :  * PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.  If this
    1162             :  * is non-zero, only keys with the specified usage will be returned.
    1163             :  * Note: The self-signed data has already been merged into the public
    1164             :  * key using merge_selfsigs.  Free *PK by calling
    1165             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1166             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1167             :  * and then xfree(PK)).
    1168             :  *
    1169             :  * NAME is a string, which is turned into a search query using
    1170             :  * classify_user_id.
    1171             :  *
    1172             :  * If RET_KEYBLOCK is not NULL, the keyblock is returned in
    1173             :  * *RET_KEYBLOCK.  This should be freed using release_kbnode().
    1174             :  *
    1175             :  * If RET_KDBHD is not NULL, then the new database handle used to
    1176             :  * conduct the search is returned in *RET_KDBHD.  This can be used to
    1177             :  * get subsequent results using keydb_search_next or to modify the
    1178             :  * returned record.  Note: in this case, no advanced filtering is done
    1179             :  * for subsequent results (e.g., PK->REQ_USAGE is not respected).
    1180             :  * Unlike RETCTX, this is always returned.
    1181             :  *
    1182             :  * If INCLUDE_UNUSABLE is set, then unusable keys (see the
    1183             :  * documentation for skip_unusable for an exact definition) are
    1184             :  * skipped unless they are looked up by key id or by fingerprint.
    1185             :  *
    1186             :  * If NO_AKL is set, then the auto key locate functionality is
    1187             :  * disabled and only the local key ring is considered.  Note: the
    1188             :  * local key ring is consulted even if local is not in the
    1189             :  * --auto-key-locate option list!
    1190             :  *
    1191             :  * This function returns 0 on success.  Otherwise, an error code is
    1192             :  * returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    1193             :  * (if want_secret is set) is returned if the key is not found.  */
    1194             : int
    1195         281 : get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
    1196             :                    const char *name, KBNODE * ret_keyblock,
    1197             :                    KEYDB_HANDLE * ret_kdbhd, int include_unusable, int no_akl)
    1198             : {
    1199             :   int rc;
    1200         281 :   strlist_t namelist = NULL;
    1201             :   struct akl *akl;
    1202             :   int is_mbox;
    1203         281 :   int nodefault = 0;
    1204         281 :   int anylocalfirst = 0;
    1205             : 
    1206             :   /* If RETCTX is not NULL, then RET_KDBHD must be NULL.  */
    1207         281 :   log_assert (retctx == NULL || ret_kdbhd == NULL);
    1208             : 
    1209         281 :   if (retctx)
    1210         276 :     *retctx = NULL;
    1211             : 
    1212             :   /* Does NAME appear to be a mailbox (mail address)?  */
    1213         281 :   is_mbox = is_valid_mailbox (name);
    1214             : 
    1215             :   /* The auto-key-locate feature works as follows: there are a number
    1216             :    * of methods to look up keys.  By default, the local keyring is
    1217             :    * tried first.  Then, each method listed in the --auto-key-locate is
    1218             :    * tried in the order it appears.
    1219             :    *
    1220             :    * This can be changed as follows:
    1221             :    *
    1222             :    *   - if nodefault appears anywhere in the list of options, then
    1223             :    *     the local keyring is not tried first, or,
    1224             :    *
    1225             :    *   - if local appears anywhere in the list of options, then the
    1226             :    *     local keyring is not tried first, but in the order in which
    1227             :    *     it was listed in the --auto-key-locate option.
    1228             :    *
    1229             :    * Note: we only save the search context in RETCTX if the local
    1230             :    * method is the first method tried (either explicitly or
    1231             :    * implicitly).  */
    1232         281 :   if (!no_akl)
    1233             :     {
    1234             :       /* auto-key-locate is enabled.  */
    1235             : 
    1236             :       /* nodefault is true if "nodefault" or "local" appear.  */
    1237         275 :       for (akl = opt.auto_key_locate; akl; akl = akl->next)
    1238           0 :         if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
    1239             :           {
    1240           0 :             nodefault = 1;
    1241           0 :             break;
    1242             :           }
    1243             :       /* anylocalfirst is true if "local" appears before any other
    1244             :          search methods (except "nodefault").  */
    1245         275 :       for (akl = opt.auto_key_locate; akl; akl = akl->next)
    1246           0 :         if (akl->type != AKL_NODEFAULT)
    1247             :           {
    1248           0 :             if (akl->type == AKL_LOCAL)
    1249           0 :               anylocalfirst = 1;
    1250           0 :             break;
    1251             :           }
    1252             :     }
    1253             : 
    1254         281 :   if (!nodefault)
    1255             :     {
    1256             :       /* "nodefault" didn't occur.  Thus, "local" is implicitly the
    1257             :        *  first method to try.  */
    1258         281 :       anylocalfirst = 1;
    1259             :     }
    1260             : 
    1261         281 :   if (nodefault && is_mbox)
    1262             :     {
    1263             :       /* Either "nodefault" or "local" (explicitly) appeared in the
    1264             :        * auto key locate list and NAME appears to be an email address.
    1265             :        * Don't try the local keyring.  */
    1266           0 :       rc = GPG_ERR_NO_PUBKEY;
    1267             :     }
    1268             :   else
    1269             :     {
    1270             :       /* Either "nodefault" and "local" don't appear in the auto key
    1271             :        * locate list (in which case we try the local keyring first) or
    1272             :        * NAME does not appear to be an email address (in which case we
    1273             :        * only try the local keyring).  In this case, lookup NAME in
    1274             :        * the local keyring.  */
    1275         281 :       add_to_strlist (&namelist, name);
    1276         281 :       rc = key_byname (retctx, namelist, pk, 0,
    1277             :                        include_unusable, ret_keyblock, ret_kdbhd);
    1278             :     }
    1279             : 
    1280             :   /* If the requested name resembles a valid mailbox and automatic
    1281             :      retrieval has been enabled, we try to import the key. */
    1282         281 :   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && !no_akl && is_mbox)
    1283             :     {
    1284             :       /* NAME wasn't present in the local keyring (or we didn't try
    1285             :        * the local keyring).  Since the auto key locate feature is
    1286             :        * enabled and NAME appears to be an email address, try the auto
    1287             :        * locate feature.  */
    1288           0 :       for (akl = opt.auto_key_locate; akl; akl = akl->next)
    1289             :         {
    1290           0 :           unsigned char *fpr = NULL;
    1291             :           size_t fpr_len;
    1292           0 :           int did_akl_local = 0;
    1293           0 :           int no_fingerprint = 0;
    1294           0 :           const char *mechanism = "?";
    1295             : 
    1296           0 :           switch (akl->type)
    1297             :             {
    1298             :             case AKL_NODEFAULT:
    1299             :               /* This is a dummy mechanism.  */
    1300           0 :               mechanism = "None";
    1301           0 :               rc = GPG_ERR_NO_PUBKEY;
    1302           0 :               break;
    1303             : 
    1304             :             case AKL_LOCAL:
    1305           0 :               mechanism = "Local";
    1306           0 :               did_akl_local = 1;
    1307           0 :               if (retctx)
    1308             :                 {
    1309           0 :                   getkey_end (*retctx);
    1310           0 :                   *retctx = NULL;
    1311             :                 }
    1312           0 :               add_to_strlist (&namelist, name);
    1313           0 :               rc = key_byname (anylocalfirst ? retctx : NULL,
    1314             :                                namelist, pk, 0,
    1315             :                                include_unusable, ret_keyblock, ret_kdbhd);
    1316           0 :               break;
    1317             : 
    1318             :             case AKL_CERT:
    1319           0 :               mechanism = "DNS CERT";
    1320           0 :               glo_ctrl.in_auto_key_retrieve++;
    1321           0 :               rc = keyserver_import_cert (ctrl, name, 0, &fpr, &fpr_len);
    1322           0 :               glo_ctrl.in_auto_key_retrieve--;
    1323           0 :               break;
    1324             : 
    1325             :             case AKL_PKA:
    1326           0 :               mechanism = "PKA";
    1327           0 :               glo_ctrl.in_auto_key_retrieve++;
    1328           0 :               rc = keyserver_import_pka (ctrl, name, &fpr, &fpr_len);
    1329           0 :               glo_ctrl.in_auto_key_retrieve--;
    1330           0 :               break;
    1331             : 
    1332             :             case AKL_DANE:
    1333           0 :               mechanism = "DANE";
    1334           0 :               glo_ctrl.in_auto_key_retrieve++;
    1335           0 :               rc = keyserver_import_cert (ctrl, name, 1, &fpr, &fpr_len);
    1336           0 :               glo_ctrl.in_auto_key_retrieve--;
    1337           0 :               break;
    1338             : 
    1339             :             case AKL_WKD:
    1340           0 :               mechanism = "WKD";
    1341           0 :               glo_ctrl.in_auto_key_retrieve++;
    1342           0 :               rc = keyserver_import_wkd (ctrl, name, 0, &fpr, &fpr_len);
    1343           0 :               glo_ctrl.in_auto_key_retrieve--;
    1344           0 :               break;
    1345             : 
    1346             :             case AKL_LDAP:
    1347           0 :               mechanism = "LDAP";
    1348           0 :               glo_ctrl.in_auto_key_retrieve++;
    1349           0 :               rc = keyserver_import_ldap (ctrl, name, &fpr, &fpr_len);
    1350           0 :               glo_ctrl.in_auto_key_retrieve--;
    1351           0 :               break;
    1352             : 
    1353             :             case AKL_KEYSERVER:
    1354             :               /* Strictly speaking, we don't need to only use a valid
    1355             :                * mailbox for the getname search, but it helps cut down
    1356             :                * on the problem of searching for something like "john"
    1357             :                * and getting a whole lot of keys back. */
    1358           0 :               if (keyserver_any_configured (ctrl))
    1359             :                 {
    1360           0 :                   mechanism = "keyserver";
    1361           0 :                   glo_ctrl.in_auto_key_retrieve++;
    1362           0 :                   rc = keyserver_import_name (ctrl, name, &fpr, &fpr_len,
    1363             :                                               opt.keyserver);
    1364           0 :                   glo_ctrl.in_auto_key_retrieve--;
    1365             :                 }
    1366             :               else
    1367             :                 {
    1368           0 :                   mechanism = "Unconfigured keyserver";
    1369           0 :                   rc = GPG_ERR_NO_PUBKEY;
    1370             :                 }
    1371           0 :               break;
    1372             : 
    1373             :             case AKL_SPEC:
    1374             :               {
    1375             :                 struct keyserver_spec *keyserver;
    1376             : 
    1377           0 :                 mechanism = akl->spec->uri;
    1378           0 :                 keyserver = keyserver_match (akl->spec);
    1379           0 :                 glo_ctrl.in_auto_key_retrieve++;
    1380           0 :                 rc = keyserver_import_name (ctrl,
    1381             :                                             name, &fpr, &fpr_len, keyserver);
    1382           0 :                 glo_ctrl.in_auto_key_retrieve--;
    1383             :               }
    1384           0 :               break;
    1385             :             }
    1386             : 
    1387             :           /* Use the fingerprint of the key that we actually fetched.
    1388             :            * This helps prevent problems where the key that we fetched
    1389             :            * doesn't have the same name that we used to fetch it.  In
    1390             :            * the case of CERT and PKA, this is an actual security
    1391             :            * requirement as the URL might point to a key put in by an
    1392             :            * attacker.  By forcing the use of the fingerprint, we
    1393             :            * won't use the attacker's key here. */
    1394           0 :           if (!rc && fpr)
    1395           0 :             {
    1396             :               char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
    1397             : 
    1398           0 :               log_assert (fpr_len <= MAX_FINGERPRINT_LEN);
    1399             : 
    1400           0 :               free_strlist (namelist);
    1401           0 :               namelist = NULL;
    1402             : 
    1403           0 :               bin2hex (fpr, fpr_len, fpr_string);
    1404             : 
    1405           0 :               if (opt.verbose)
    1406           0 :                 log_info ("auto-key-locate found fingerprint %s\n",
    1407             :                           fpr_string);
    1408             : 
    1409           0 :               add_to_strlist (&namelist, fpr_string);
    1410             :             }
    1411           0 :           else if (!rc && !fpr && !did_akl_local)
    1412             :             { /* The acquisition method said no failure occurred, but
    1413             :                * it didn't return a fingerprint.  That's a failure.  */
    1414           0 :               no_fingerprint = 1;
    1415           0 :               rc = GPG_ERR_NO_PUBKEY;
    1416             :             }
    1417           0 :           xfree (fpr);
    1418           0 :           fpr = NULL;
    1419             : 
    1420           0 :           if (!rc && !did_akl_local)
    1421             :             { /* There was no error and we didn't do a local lookup.
    1422             :                * This means that we imported a key into the local
    1423             :                * keyring.  Try to read the imported key from the
    1424             :                * keyring.  */
    1425           0 :               if (retctx)
    1426             :                 {
    1427           0 :                   getkey_end (*retctx);
    1428           0 :                   *retctx = NULL;
    1429             :                 }
    1430           0 :               rc = key_byname (anylocalfirst ? retctx : NULL,
    1431             :                                namelist, pk, 0,
    1432             :                                include_unusable, ret_keyblock, ret_kdbhd);
    1433             :             }
    1434           0 :           if (!rc)
    1435             :             {
    1436             :               /* Key found.  */
    1437           0 :               log_info (_("automatically retrieved '%s' via %s\n"),
    1438             :                         name, mechanism);
    1439           0 :               break;
    1440             :             }
    1441           0 :           if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY
    1442           0 :               || opt.verbose || no_fingerprint)
    1443           0 :             log_info (_("error retrieving '%s' via %s: %s\n"),
    1444             :                       name, mechanism,
    1445           0 :                       no_fingerprint ? _("No fingerprint") : gpg_strerror (rc));
    1446             :         }
    1447             :     }
    1448             : 
    1449             : 
    1450         281 :   if (rc && retctx)
    1451             :     {
    1452           0 :       getkey_end (*retctx);
    1453           0 :       *retctx = NULL;
    1454             :     }
    1455             : 
    1456         281 :   if (retctx && *retctx)
    1457             :     {
    1458         276 :       log_assert (!(*retctx)->extra_list);
    1459         276 :       (*retctx)->extra_list = namelist;
    1460             :     }
    1461             :   else
    1462           5 :     free_strlist (namelist);
    1463             : 
    1464         281 :   return rc;
    1465             : }
    1466             : 
    1467             : 
    1468             : 
    1469             : 
    1470             : /* Comparison machinery for get_best_pubkey_byname.  */
    1471             : 
    1472             : /* First we have a struct to cache computed information about the key
    1473             :  * in question.  */
    1474             : struct pubkey_cmp_cookie
    1475             : {
    1476             :   int valid;                    /* Is this cookie valid?  */
    1477             :   PKT_public_key key;           /* The key.  */
    1478             :   PKT_user_id *uid;             /* The matching UID packet.  */
    1479             :   unsigned int validity;        /* Computed validity of (KEY, UID).  */
    1480             :   u32 creation_time;            /* Creation time of the newest subkey
    1481             :                                    capable of encryption.  */
    1482             : };
    1483             : 
    1484             : 
    1485             : /* Then we have a series of helper functions.  */
    1486             : static int
    1487          46 : key_is_ok (const PKT_public_key *key)
    1488             : {
    1489         131 :   return (! key->has_expired && ! key->flags.revoked
    1490          85 :           && key->flags.valid && ! key->flags.disabled);
    1491             : }
    1492             : 
    1493             : 
    1494             : static int
    1495          46 : uid_is_ok (const PKT_public_key *key, const PKT_user_id *uid)
    1496             : {
    1497          46 :   return key_is_ok (key) && ! uid->is_revoked;
    1498             : }
    1499             : 
    1500             : 
    1501             : static int
    1502          64 : subkey_is_ok (const PKT_public_key *sub)
    1503             : {
    1504          64 :   return ! sub->flags.revoked && sub->flags.valid && ! sub->flags.disabled;
    1505             : }
    1506             : 
    1507             : 
    1508             : /* Finally this function compares a NEW key to the former candidate
    1509             :  * OLD.  Returns < 0 if the old key is worse, > 0 if the old key is
    1510             :  * better, == 0 if it is a tie.  */
    1511             : static int
    1512          49 : pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
    1513             :             struct pubkey_cmp_cookie *new, KBNODE new_keyblock)
    1514             : {
    1515             :   kbnode_t n;
    1516             : 
    1517          49 :   new->creation_time = 0;
    1518         162 :   for (n = find_next_kbnode (new_keyblock, PKT_PUBLIC_SUBKEY);
    1519          64 :        n; n = find_next_kbnode (n, PKT_PUBLIC_SUBKEY))
    1520             :     {
    1521          64 :       PKT_public_key *sub = n->pkt->pkt.public_key;
    1522             : 
    1523          64 :       if ((sub->pubkey_usage & PUBKEY_USAGE_ENC) == 0)
    1524           0 :         continue;
    1525             : 
    1526          64 :       if (! subkey_is_ok (sub))
    1527           0 :         continue;
    1528             : 
    1529          64 :       if (sub->timestamp > new->creation_time)
    1530          64 :         new->creation_time = sub->timestamp;
    1531             :     }
    1532             : 
    1533          98 :   for (n = find_next_kbnode (new_keyblock, PKT_USER_ID);
    1534           0 :        n; n = find_next_kbnode (n, PKT_USER_ID))
    1535             :     {
    1536          49 :       PKT_user_id *uid = n->pkt->pkt.user_id;
    1537          49 :       char *mbox = mailbox_from_userid (uid->name);
    1538          49 :       int match = mbox ? strcasecmp (name, mbox) == 0 : 0;
    1539             : 
    1540          49 :       xfree (mbox);
    1541          49 :       if (! match)
    1542           0 :         continue;
    1543             : 
    1544          49 :       new->uid = scopy_user_id (uid);
    1545          49 :       new->validity =
    1546          49 :         get_validity (ctrl, new_keyblock, &new->key, uid, NULL, 0) & TRUST_MASK;
    1547          49 :       new->valid = 1;
    1548             : 
    1549          49 :       if (! old->valid)
    1550          26 :         return -1;      /* No OLD key.  */
    1551             : 
    1552          23 :       if (! uid_is_ok (&old->key, old->uid) && uid_is_ok (&new->key, uid))
    1553           7 :         return -1;      /* Validity of the NEW key is better.  */
    1554             : 
    1555          16 :       if (old->validity < new->validity)
    1556           0 :         return -1;      /* Validity of the NEW key is better.  */
    1557             : 
    1558          16 :       if (old->validity == new->validity && uid_is_ok (&new->key, uid)
    1559          16 :           && old->creation_time < new->creation_time)
    1560          16 :         return -1;      /* Both keys are of the same validity, but the
    1561             :                            NEW key is newer.  */
    1562             :     }
    1563             : 
    1564             :   /* Stick with the OLD key.  */
    1565           0 :   return 1;
    1566             : }
    1567             : 
    1568             : 
    1569             : /* This function works like get_pubkey_byname, but if the name
    1570             :  * resembles a mail address, the results are ranked and only the best
    1571             :  * result is returned.  */
    1572             : int
    1573         275 : get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
    1574             :                         const char *name, KBNODE *ret_keyblock,
    1575             :                         int include_unusable, int no_akl)
    1576             : {
    1577             :   int rc;
    1578         275 :   struct getkey_ctx_s *ctx = NULL;
    1579             : 
    1580         275 :   if (retctx)
    1581          31 :     *retctx = NULL;
    1582             : 
    1583         275 :   rc = get_pubkey_byname (ctrl, &ctx, pk, name, ret_keyblock,
    1584             :                           NULL, include_unusable, no_akl);
    1585         275 :   if (rc)
    1586             :     {
    1587           0 :       if (ctx)
    1588           0 :         getkey_end (ctx);
    1589           0 :       return rc;
    1590             :     }
    1591             : 
    1592         275 :   if (is_valid_mailbox (name) && ctx)
    1593             :     {
    1594             :       /* Rank results and return only the most relevant key.  */
    1595         156 :       struct pubkey_cmp_cookie best = { 0 }, new;
    1596             :       KBNODE new_keyblock;
    1597         361 :       while (getkey_next (ctx, &new.key, &new_keyblock) == 0)
    1598             :         {
    1599          49 :           int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
    1600          49 :           release_kbnode (new_keyblock);
    1601          49 :           if (diff < 0)
    1602             :             {
    1603             :               /* New key is better.  */
    1604          49 :               release_public_key_parts (&best.key);
    1605          49 :               free_user_id (best.uid);
    1606          49 :               best = new;
    1607             :             }
    1608           0 :           else if (diff > 0)
    1609             :             {
    1610             :               /* Old key is better.  */
    1611           0 :               release_public_key_parts (&new.key);
    1612           0 :               free_user_id (new.uid);
    1613             :             }
    1614             :           else
    1615             :             {
    1616             :               /* A tie.  Keep the old key.  */
    1617           0 :               release_public_key_parts (&new.key);
    1618           0 :               free_user_id (new.uid);
    1619             :             }
    1620             :         }
    1621         156 :       getkey_end (ctx);
    1622         156 :       ctx = NULL;
    1623         156 :       free_user_id (best.uid);
    1624             : 
    1625         156 :       if (best.valid)
    1626             :         {
    1627          26 :           if (retctx || ret_keyblock)
    1628             :             {
    1629          26 :               ctx = xtrycalloc (1, sizeof **retctx);
    1630          26 :               if (! ctx)
    1631           0 :                 rc = gpg_error_from_syserror ();
    1632             :               else
    1633             :                 {
    1634          26 :                   ctx->kr_handle = keydb_new ();
    1635          26 :                   if (! ctx->kr_handle)
    1636             :                     {
    1637           0 :                       xfree (ctx);
    1638           0 :                       *retctx = NULL;
    1639           0 :                       rc = gpg_error_from_syserror ();
    1640             :                     }
    1641             :                   else
    1642             :                     {
    1643          26 :                       u32 *keyid = pk_keyid (&best.key);
    1644          26 :                       ctx->exact = 1;
    1645          26 :                       ctx->nitems = 1;
    1646          26 :                       ctx->items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
    1647          26 :                       ctx->items[0].u.kid[0] = keyid[0];
    1648          26 :                       ctx->items[0].u.kid[1] = keyid[1];
    1649             : 
    1650          26 :                       if (ret_keyblock)
    1651             :                         {
    1652          26 :                           release_kbnode (*ret_keyblock);
    1653          26 :                           *ret_keyblock = NULL;
    1654          26 :                           rc = getkey_next (ctx, NULL, ret_keyblock);
    1655             :                         }
    1656             :                     }
    1657             :                 }
    1658             :             }
    1659             : 
    1660          26 :           if (pk)
    1661           0 :             *pk = best.key;
    1662             :           else
    1663          26 :             release_public_key_parts (&best.key);
    1664             :         }
    1665             :     }
    1666             : 
    1667         275 :   if (rc && ctx)
    1668             :     {
    1669           0 :       getkey_end (ctx);
    1670           0 :       ctx = NULL;
    1671             :     }
    1672             : 
    1673         275 :   if (retctx && ctx)
    1674          26 :     *retctx = ctx;
    1675             :   else
    1676         249 :     getkey_end (ctx);
    1677             : 
    1678         275 :   return rc;
    1679             : }
    1680             : 
    1681             : 
    1682             : 
    1683             : /* Get a public key from a file.
    1684             :  *
    1685             :  * PK is the buffer to store the key.  The caller needs to make sure
    1686             :  * that PK->REQ_USAGE is valid.  PK->REQ_USAGE is passed through to
    1687             :  * the lookup function and is a mask of PUBKEY_USAGE_SIG,
    1688             :  * PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT.  If this is non-zero, only
    1689             :  * keys with the specified usage will be returned.
    1690             :  *
    1691             :  * FNAME is the file name.  That file should contain exactly one
    1692             :  * keyblock.
    1693             :  *
    1694             :  * This function returns 0 on success.  Otherwise, an error code is
    1695             :  * returned.  In particular, GPG_ERR_NO_PUBKEY is returned if the key
    1696             :  * is not found.
    1697             :  *
    1698             :  * The self-signed data has already been merged into the public key
    1699             :  * using merge_selfsigs.  The caller must release the content of PK by
    1700             :  * calling release_public_key_parts (or, if PK was malloced, using
    1701             :  * free_public_key).
    1702             :  */
    1703             : gpg_error_t
    1704           6 : get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
    1705             : {
    1706             :   gpg_error_t err;
    1707             :   kbnode_t keyblock;
    1708             :   kbnode_t found_key;
    1709             :   unsigned int infoflags;
    1710             : 
    1711           6 :   err = read_key_from_file (ctrl, fname, &keyblock);
    1712           6 :   if (!err)
    1713             :     {
    1714             :       /* Warning: node flag bits 0 and 1 should be preserved by
    1715             :        * merge_selfsigs.  FIXME: Check whether this still holds. */
    1716           6 :       merge_selfsigs (keyblock);
    1717           6 :       found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags);
    1718           6 :       print_status_key_considered (keyblock, infoflags);
    1719           6 :       if (found_key)
    1720           6 :         pk_from_block (pk, keyblock, found_key);
    1721             :       else
    1722           0 :         err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
    1723             :     }
    1724             : 
    1725           6 :   release_kbnode (keyblock);
    1726           6 :   return err;
    1727             : }
    1728             : 
    1729             : 
    1730             : /* Lookup a key with the specified fingerprint.
    1731             :  *
    1732             :  * If PK is not NULL, the public key of the first result is returned
    1733             :  * in *PK.  Note: this function does an exact search and thus the
    1734             :  * returned public key may be a subkey rather than the primary key.
    1735             :  * Note: The self-signed data has already been merged into the public
    1736             :  * key using merge_selfsigs.  Free *PK by calling
    1737             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1738             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1739             :  * and then xfree(PK)).
    1740             :  *
    1741             :  * If PK->REQ_USAGE is set, it is used to filter the search results.
    1742             :  * (Thus, if PK is not NULL, PK->REQ_USAGE must be valid!!!)  See the
    1743             :  * documentation for finish_lookup to understand exactly how this is
    1744             :  * used.
    1745             :  *
    1746             :  * If R_KEYBLOCK is not NULL, then the first result's keyblock is
    1747             :  * returned in *R_KEYBLOCK.  This should be freed using
    1748             :  * release_kbnode().
    1749             :  *
    1750             :  * FPRINT is a byte array whose contents is the fingerprint to use as
    1751             :  * the search term.  FPRINT_LEN specifies the length of the
    1752             :  * fingerprint (in bytes).  Currently, only 16 and 20-byte
    1753             :  * fingerprints are supported.
    1754             :  *
    1755             :  * FIXME: We should replace this with the _byname function.  This can
    1756             :  * be done by creating a userID conforming to the unified fingerprint
    1757             :  * style.  */
    1758             : int
    1759         238 : get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
    1760             :                      const byte * fprint, size_t fprint_len)
    1761             : {
    1762             :   int rc;
    1763             : 
    1764         238 :   if (r_keyblock)
    1765          52 :     *r_keyblock = NULL;
    1766             : 
    1767         238 :   if (fprint_len == 20 || fprint_len == 16)
    1768         238 :     {
    1769             :       struct getkey_ctx_s ctx;
    1770         238 :       KBNODE kb = NULL;
    1771         238 :       KBNODE found_key = NULL;
    1772             : 
    1773         238 :       memset (&ctx, 0, sizeof ctx);
    1774         238 :       ctx.exact = 1;
    1775         238 :       ctx.not_allocated = 1;
    1776         238 :       ctx.kr_handle = keydb_new ();
    1777         238 :       if (!ctx.kr_handle)
    1778           0 :         return gpg_error_from_syserror ();
    1779             : 
    1780         238 :       ctx.nitems = 1;
    1781         238 :       ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
    1782             :         : KEYDB_SEARCH_MODE_FPR20;
    1783         238 :       memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
    1784         238 :       rc = lookup (&ctx, &kb, &found_key, 0);
    1785         238 :       if (!rc && pk)
    1786           0 :         pk_from_block (pk, kb, found_key);
    1787         238 :       if (!rc && r_keyblock)
    1788             :         {
    1789          52 :           *r_keyblock = kb;
    1790          52 :           kb = NULL;
    1791             :         }
    1792         238 :       release_kbnode (kb);
    1793         238 :       getkey_end (&ctx);
    1794             :     }
    1795             :   else
    1796           0 :     rc = GPG_ERR_GENERAL; /* Oops */
    1797         238 :   return rc;
    1798             : }
    1799             : 
    1800             : 
    1801             : /* This function is similar to get_pubkey_byfprint, but it doesn't
    1802             :  * merge the self-signed data into the public key and subkeys or into
    1803             :  * the user ids.  It also doesn't add the key to the user id cache.
    1804             :  * Further, this function ignores PK->REQ_USAGE.
    1805             :  *
    1806             :  * This function is intended to avoid recursion and, as such, should
    1807             :  * only be used in very specific situations.
    1808             :  *
    1809             :  * Like get_pubkey_byfprint, PK may be NULL.  In that case, this
    1810             :  * function effectively just checks for the existence of the key.  */
    1811             : int
    1812         196 : get_pubkey_byfprint_fast (PKT_public_key * pk,
    1813             :                           const byte * fprint, size_t fprint_len)
    1814             : {
    1815         196 :   int rc = 0;
    1816             :   KEYDB_HANDLE hd;
    1817             :   KBNODE keyblock;
    1818             :   byte fprbuf[MAX_FINGERPRINT_LEN];
    1819             :   int i;
    1820             : 
    1821        4116 :   for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
    1822        3920 :     fprbuf[i] = fprint[i];
    1823         392 :   while (i < MAX_FINGERPRINT_LEN)
    1824           0 :     fprbuf[i++] = 0;
    1825             : 
    1826         196 :   hd = keydb_new ();
    1827         196 :   if (!hd)
    1828           0 :     return gpg_error_from_syserror ();
    1829             : 
    1830         196 :   rc = keydb_search_fpr (hd, fprbuf);
    1831         196 :   if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
    1832             :     {
    1833         148 :       keydb_release (hd);
    1834         148 :       return GPG_ERR_NO_PUBKEY;
    1835             :     }
    1836          48 :   rc = keydb_get_keyblock (hd, &keyblock);
    1837          48 :   keydb_release (hd);
    1838          48 :   if (rc)
    1839             :     {
    1840           0 :       log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
    1841           0 :       return GPG_ERR_NO_PUBKEY;
    1842             :     }
    1843             : 
    1844          48 :   log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
    1845             :               || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
    1846          48 :   if (pk)
    1847          48 :     copy_public_key (pk, keyblock->pkt->pkt.public_key);
    1848          48 :   release_kbnode (keyblock);
    1849             : 
    1850             :   /* Not caching key here since it won't have all of the fields
    1851             :      properly set. */
    1852             : 
    1853          48 :   return 0;
    1854             : }
    1855             : 
    1856             : const char *
    1857          95 : parse_def_secret_key (ctrl_t ctrl)
    1858             : {
    1859          95 :   KEYDB_HANDLE hd = NULL;
    1860             :   strlist_t t;
    1861             :   static int warned;
    1862             : 
    1863          95 :   for (t = opt.def_secret_key; t; t = t->next)
    1864             :     {
    1865             :       gpg_error_t err;
    1866             :       KEYDB_SEARCH_DESC desc;
    1867             :       KBNODE kb;
    1868             :       KBNODE node;
    1869             : 
    1870          10 :       err = classify_user_id (t->d, &desc, 1);
    1871          10 :       if (err)
    1872             :         {
    1873           0 :           log_error (_("secret key \"%s\" not found: %s\n"),
    1874           0 :                      t->d, gpg_strerror (err));
    1875           0 :           if (!opt.quiet)
    1876           0 :             log_info (_("(check argument of option '%s')\n"), "--default-key");
    1877           0 :           continue;
    1878             :         }
    1879             : 
    1880          10 :       if (! hd)
    1881             :         {
    1882          10 :           hd = keydb_new ();
    1883          10 :           if (!hd)
    1884           0 :             return NULL;
    1885             :         }
    1886             :       else
    1887           0 :         keydb_search_reset (hd);
    1888             : 
    1889             : 
    1890          10 :       err = keydb_search (hd, &desc, 1, NULL);
    1891          10 :       if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
    1892           0 :         continue;
    1893             : 
    1894          10 :       if (err)
    1895             :         {
    1896           0 :           log_error (_("key \"%s\" not found: %s\n"), t->d, gpg_strerror (err));
    1897           0 :           t = NULL;
    1898          10 :           break;
    1899             :         }
    1900             : 
    1901          10 :       err = keydb_get_keyblock (hd, &kb);
    1902          10 :       if (err)
    1903             :         {
    1904           0 :           log_error (_("error reading keyblock: %s\n"),
    1905             :                      gpg_strerror (err));
    1906           0 :           continue;
    1907             :         }
    1908             : 
    1909          10 :       merge_selfsigs (kb);
    1910             : 
    1911          10 :       err = gpg_error (GPG_ERR_NO_SECKEY);
    1912          10 :       node = kb;
    1913             :       do
    1914             :         {
    1915          10 :           PKT_public_key *pk = node->pkt->pkt.public_key;
    1916             : 
    1917             :           /* Check that the key has the signing capability.  */
    1918          10 :           if (! (pk->pubkey_usage & PUBKEY_USAGE_SIG))
    1919           0 :             continue;
    1920             : 
    1921             :           /* Check if the key is valid.  */
    1922          10 :           if (pk->flags.revoked)
    1923             :             {
    1924           0 :               if (DBG_LOOKUP)
    1925           0 :                 log_debug ("not using %s as default key, %s",
    1926             :                            keystr_from_pk (pk), "revoked");
    1927           0 :               continue;
    1928             :             }
    1929          10 :           if (pk->has_expired)
    1930             :             {
    1931           0 :               if (DBG_LOOKUP)
    1932           0 :                 log_debug ("not using %s as default key, %s",
    1933             :                            keystr_from_pk (pk), "expired");
    1934           0 :               continue;
    1935             :             }
    1936          10 :           if (pk_is_disabled (pk))
    1937             :             {
    1938           0 :               if (DBG_LOOKUP)
    1939           0 :                 log_debug ("not using %s as default key, %s",
    1940             :                            keystr_from_pk (pk), "disabled");
    1941           0 :               continue;
    1942             :             }
    1943             : 
    1944          10 :           err = agent_probe_secret_key (ctrl, pk);
    1945          10 :           if (! err)
    1946             :             /* This is a valid key.  */
    1947          10 :             break;
    1948             :         }
    1949           0 :       while ((node = find_next_kbnode (node, PKT_PUBLIC_SUBKEY)));
    1950             : 
    1951          10 :       release_kbnode (kb);
    1952          10 :       if (err)
    1953             :         {
    1954           0 :           if (! warned && ! opt.quiet)
    1955             :             {
    1956           0 :               log_info (_("Warning: not using '%s' as default key: %s\n"),
    1957           0 :                         t->d, gpg_strerror (GPG_ERR_NO_SECKEY));
    1958           0 :               print_reported_error (err, GPG_ERR_NO_SECKEY);
    1959             :             }
    1960             :         }
    1961             :       else
    1962             :         {
    1963          10 :           if (! warned && ! opt.quiet)
    1964          10 :             log_info (_("using \"%s\" as default secret key for signing\n"),
    1965          10 :                       t->d);
    1966          10 :           break;
    1967             :         }
    1968             :     }
    1969             : 
    1970          95 :   if (! warned && opt.def_secret_key && ! t)
    1971           0 :     log_info (_("all values passed to '%s' ignored\n"),
    1972             :               "--default-key");
    1973             : 
    1974          95 :   warned = 1;
    1975             : 
    1976          95 :   if (hd)
    1977          10 :     keydb_release (hd);
    1978             : 
    1979          95 :   if (t)
    1980          10 :     return t->d;
    1981          85 :   return NULL;
    1982             : }
    1983             : 
    1984             : 
    1985             : /* Look up a secret key.
    1986             :  *
    1987             :  * If PK is not NULL, the public key of the first result is returned
    1988             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    1989             :  * set, it is used to filter the search results.  See the
    1990             :  * documentation for finish_lookup to understand exactly how this is
    1991             :  * used.  Note: The self-signed data has already been merged into the
    1992             :  * public key using merge_selfsigs.  Free *PK by calling
    1993             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    1994             :  * can use free_public_key, which calls release_public_key_parts(PK)
    1995             :  * and then xfree(PK)).
    1996             :  *
    1997             :  * If --default-key was set, then the specified key is looked up.  (In
    1998             :  * this case, the default key is returned even if it is considered
    1999             :  * unusable.  See the documentation for skip_unusable for exactly what
    2000             :  * this means.)
    2001             :  *
    2002             :  * Otherwise, this initiates a DB scan that returns all keys that are
    2003             :  * usable (see previous paragraph for exactly what usable means) and
    2004             :  * for which a secret key is available.
    2005             :  *
    2006             :  * This function returns the first match.  Additional results can be
    2007             :  * returned using getkey_next.  */
    2008             : gpg_error_t
    2009           0 : get_seckey_default (ctrl_t ctrl, PKT_public_key *pk)
    2010             : {
    2011             :   gpg_error_t err;
    2012           0 :   strlist_t namelist = NULL;
    2013           0 :   int include_unusable = 1;
    2014             : 
    2015             : 
    2016           0 :   const char *def_secret_key = parse_def_secret_key (ctrl);
    2017           0 :   if (def_secret_key)
    2018           0 :     add_to_strlist (&namelist, def_secret_key);
    2019             :   else
    2020           0 :     include_unusable = 0;
    2021             : 
    2022           0 :   err = key_byname (NULL, namelist, pk, 1, include_unusable, NULL, NULL);
    2023             : 
    2024           0 :   free_strlist (namelist);
    2025             : 
    2026           0 :   return err;
    2027             : }
    2028             : 
    2029             : 
    2030             : 
    2031             : /* Search for keys matching some criteria.
    2032             :  *
    2033             :  * If RETCTX is not NULL, then the constructed context is returned in
    2034             :  * *RETCTX so that getpubkey_next can be used to get subsequent
    2035             :  * results.  In this case, getkey_end() must be used to free the
    2036             :  * search context.  If RETCTX is not NULL, then RET_KDBHD must be
    2037             :  * NULL.
    2038             :  *
    2039             :  * If PK is not NULL, the public key of the first result is returned
    2040             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    2041             :  * set, it is used to filter the search results.  See the
    2042             :  * documentation for finish_lookup to understand exactly how this is
    2043             :  * used.  Note: The self-signed data has already been merged into the
    2044             :  * public key using merge_selfsigs.  Free *PK by calling
    2045             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    2046             :  * can use free_public_key, which calls release_public_key_parts(PK)
    2047             :  * and then xfree(PK)).
    2048             :  *
    2049             :  * If NAMES is not NULL, then a search query is constructed using
    2050             :  * classify_user_id on each of the strings in the list.  (Recall: the
    2051             :  * database does an OR of the terms, not an AND.)  If NAMES is
    2052             :  * NULL, then all results are returned.
    2053             :  *
    2054             :  * If WANT_SECRET is set, then only keys with an available secret key
    2055             :  * (either locally or via key registered on a smartcard) are returned.
    2056             :  *
    2057             :  * This function does not skip unusable keys (see the documentation
    2058             :  * for skip_unusable for an exact definition).
    2059             :  *
    2060             :  * If RET_KEYBLOCK is not NULL, the keyblock is returned in
    2061             :  * *RET_KEYBLOCK.  This should be freed using release_kbnode().
    2062             :  *
    2063             :  * This function returns 0 on success.  Otherwise, an error code is
    2064             :  * returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    2065             :  * (if want_secret is set) is returned if the key is not found.  */
    2066             : gpg_error_t
    2067          83 : getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
    2068             :                 strlist_t names, int want_secret, kbnode_t *ret_keyblock)
    2069             : {
    2070          83 :   return key_byname (retctx, names, pk, want_secret, 1,
    2071             :                      ret_keyblock, NULL);
    2072             : }
    2073             : 
    2074             : 
    2075             : /* Search for one key matching some criteria.
    2076             :  *
    2077             :  * If RETCTX is not NULL, then the constructed context is returned in
    2078             :  * *RETCTX so that getpubkey_next can be used to get subsequent
    2079             :  * results.  In this case, getkey_end() must be used to free the
    2080             :  * search context.  If RETCTX is not NULL, then RET_KDBHD must be
    2081             :  * NULL.
    2082             :  *
    2083             :  * If PK is not NULL, the public key of the first result is returned
    2084             :  * in *PK.  Note: PK->REQ_USAGE must be valid!!!  If PK->REQ_USAGE is
    2085             :  * set, it is used to filter the search results.  See the
    2086             :  * documentation for finish_lookup to understand exactly how this is
    2087             :  * used.  Note: The self-signed data has already been merged into the
    2088             :  * public key using merge_selfsigs.  Free *PK by calling
    2089             :  * release_public_key_parts (or, if PK was allocated using xfree, you
    2090             :  * can use free_public_key, which calls release_public_key_parts(PK)
    2091             :  * and then xfree(PK)).
    2092             :  *
    2093             :  * If NAME is not NULL, then a search query is constructed using
    2094             :  * classify_user_id on the string.  In this case, even unusable keys
    2095             :  * (see the documentation for skip_unusable for an exact definition of
    2096             :  * unusable) are returned.  Otherwise, if --default-key was set, then
    2097             :  * that key is returned (even if it is unusable).  If neither of these
    2098             :  * conditions holds, then the first usable key is returned.
    2099             :  *
    2100             :  * If WANT_SECRET is set, then only keys with an available secret key
    2101             :  * (either locally or via key registered on a smartcard) are returned.
    2102             :  *
    2103             :  * This function does not skip unusable keys (see the documentation
    2104             :  * for skip_unusable for an exact definition).
    2105             :  *
    2106             :  * If RET_KEYBLOCK is not NULL, the keyblock is returned in
    2107             :  * *RET_KEYBLOCK.  This should be freed using release_kbnode().
    2108             :  *
    2109             :  * This function returns 0 on success.  Otherwise, an error code is
    2110             :  * returned.  In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
    2111             :  * (if want_secret is set) is returned if the key is not found.
    2112             :  *
    2113             :  * FIXME: We also have the get_pubkey_byname function which has a
    2114             :  * different semantic.  Should be merged with this one.  */
    2115             : gpg_error_t
    2116         131 : getkey_byname (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
    2117             :                const char *name, int want_secret, kbnode_t *ret_keyblock)
    2118             : {
    2119             :   gpg_error_t err;
    2120         131 :   strlist_t namelist = NULL;
    2121         131 :   int with_unusable = 1;
    2122         131 :   const char *def_secret_key = NULL;
    2123             : 
    2124         131 :   if (want_secret && !name)
    2125          90 :     def_secret_key = parse_def_secret_key (ctrl);
    2126             : 
    2127         131 :   if (want_secret && !name && def_secret_key)
    2128           5 :     add_to_strlist (&namelist, def_secret_key);
    2129         126 :   else if (name)
    2130          41 :     add_to_strlist (&namelist, name);
    2131             :   else
    2132          85 :     with_unusable = 0;
    2133             : 
    2134         131 :   err = key_byname (retctx, namelist, pk, want_secret, with_unusable,
    2135             :                     ret_keyblock, NULL);
    2136             : 
    2137             :   /* FIXME: Check that we really return GPG_ERR_NO_SECKEY if
    2138             :      WANT_SECRET has been used.  */
    2139             : 
    2140         131 :   free_strlist (namelist);
    2141             : 
    2142         131 :   return err;
    2143             : }
    2144             : 
    2145             : 
    2146             : /* Return the next search result.
    2147             :  *
    2148             :  * If PK is not NULL, the public key of the next result is returned in
    2149             :  * *PK.  Note: The self-signed data has already been merged into the
    2150             :  * public key using merge_selfsigs.  Free *PK by calling
    2151             :  * release_public_key_parts (or, if PK was allocated using xmalloc, you
    2152             :  * can use free_public_key, which calls release_public_key_parts(PK)
    2153             :  * and then xfree(PK)).
    2154             :  *
    2155             :  * RET_KEYBLOCK can be given as NULL; if it is not NULL it the entire
    2156             :  * found keyblock is returned which must be released with
    2157             :  * release_kbnode.  If the function returns an error NULL is stored at
    2158             :  * RET_KEYBLOCK.
    2159             :  *
    2160             :  * The self-signed data has already been merged into the public key
    2161             :  * using merge_selfsigs.  */
    2162             : gpg_error_t
    2163         342 : getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
    2164             : {
    2165             :   int rc; /* Fixme:  Make sure this is proper gpg_error */
    2166         342 :   KBNODE keyblock = NULL;
    2167         342 :   KBNODE found_key = NULL;
    2168             : 
    2169             :   /* We need to disable the caching so that for an exact key search we
    2170             :      won't get the result back from the cache and thus end up in an
    2171             :      endless loop.  The endless loop can occur, because the cache is
    2172             :      used without respecting the current file pointer!  */
    2173         342 :   keydb_disable_caching (ctx->kr_handle);
    2174             : 
    2175             :   /* FOUND_KEY is only valid as long as RET_KEYBLOCK is.  If the
    2176             :    * caller wants PK, but not RET_KEYBLOCK, we need hand in our own
    2177             :    * keyblock.  */
    2178         342 :   if (pk && ret_keyblock == NULL)
    2179           0 :       ret_keyblock = &keyblock;
    2180             : 
    2181         342 :   rc = lookup (ctx, ret_keyblock, pk ? &found_key : NULL, ctx->want_secret);
    2182         342 :   if (!rc && pk)
    2183             :     {
    2184          49 :       log_assert (found_key);
    2185          49 :       pk_from_block (pk, NULL, found_key);
    2186          49 :       release_kbnode (keyblock);
    2187             :     }
    2188             : 
    2189         342 :   return rc;
    2190             : }
    2191             : 
    2192             : 
    2193             : /* Release any resources used by a key listing context.  This must be
    2194             :  * called on the context returned by, e.g., getkey_byname.  */
    2195             : void
    2196        2570 : getkey_end (getkey_ctx_t ctx)
    2197             : {
    2198        2570 :   if (ctx)
    2199             :     {
    2200        2435 :       keydb_release (ctx->kr_handle);
    2201        2435 :       free_strlist (ctx->extra_list);
    2202        2435 :       if (!ctx->not_allocated)
    2203         521 :         xfree (ctx);
    2204             :     }
    2205        2570 : }
    2206             : 
    2207             : 
    2208             : 
    2209             : /************************************************
    2210             :  ************* Merging stuff ********************
    2211             :  ************************************************/
    2212             : 
    2213             : /* Set the mainkey_id fields for all keys in KEYBLOCK.  This is
    2214             :  * usually done by merge_selfsigs but at some places we only need the
    2215             :  * main_kid not a full merge.  The function also guarantees that all
    2216             :  * pk->keyids are computed.  */
    2217             : void
    2218          19 : setup_main_keyids (kbnode_t keyblock)
    2219             : {
    2220             :   u32 kid[2], mainkid[2];
    2221             :   kbnode_t kbctx, node;
    2222             :   PKT_public_key *pk;
    2223             : 
    2224          19 :   if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
    2225           0 :     BUG ();
    2226          19 :   pk = keyblock->pkt->pkt.public_key;
    2227             : 
    2228          19 :   keyid_from_pk (pk, mainkid);
    2229         160 :   for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); )
    2230             :     {
    2231         225 :       if (!(node->pkt->pkttype == PKT_PUBLIC_KEY
    2232         103 :             || node->pkt->pkttype == PKT_PUBLIC_SUBKEY))
    2233          87 :         continue;
    2234          35 :       pk = node->pkt->pkt.public_key;
    2235          35 :       keyid_from_pk (pk, kid); /* Make sure pk->keyid is set.  */
    2236          35 :       if (!pk->main_keyid[0] && !pk->main_keyid[1])
    2237             :         {
    2238          31 :           pk->main_keyid[0] = mainkid[0];
    2239          31 :           pk->main_keyid[1] = mainkid[1];
    2240             :         }
    2241             :     }
    2242          19 : }
    2243             : 
    2244             : 
    2245             : /* KEYBLOCK corresponds to a public key block.  This function merges
    2246             :  * much of the information from the self-signed data into the public
    2247             :  * key, public subkey and user id data structures.  If you use the
    2248             :  * high-level search API (e.g., get_pubkey) for looking up key blocks,
    2249             :  * then you don't need to call this function.  This function is
    2250             :  * useful, however, if you change the keyblock, e.g., by adding or
    2251             :  * removing a self-signed data packet.  */
    2252             : void
    2253         126 : merge_keys_and_selfsig (KBNODE keyblock)
    2254             : {
    2255         126 :   if (!keyblock)
    2256             :     ;
    2257         126 :   else if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
    2258         126 :     merge_selfsigs (keyblock);
    2259             :   else
    2260           0 :     log_debug ("FIXME: merging secret key blocks is not anymore available\n");
    2261         126 : }
    2262             : 
    2263             : 
    2264             : static int
    2265        6222 : parse_key_usage (PKT_signature * sig)
    2266             : {
    2267        6222 :   int key_usage = 0;
    2268             :   const byte *p;
    2269             :   size_t n;
    2270             :   byte flags;
    2271             : 
    2272        6222 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n);
    2273        6222 :   if (p && n)
    2274             :     {
    2275             :       /* First octet of the keyflags.  */
    2276        3542 :       flags = *p;
    2277             : 
    2278        3542 :       if (flags & 1)
    2279             :         {
    2280        1733 :           key_usage |= PUBKEY_USAGE_CERT;
    2281        1733 :           flags &= ~1;
    2282             :         }
    2283             : 
    2284        3542 :       if (flags & 2)
    2285             :         {
    2286        1855 :           key_usage |= PUBKEY_USAGE_SIG;
    2287        1855 :           flags &= ~2;
    2288             :         }
    2289             : 
    2290             :       /* We do not distinguish between encrypting communications and
    2291             :          encrypting storage. */
    2292        3542 :       if (flags & (0x04 | 0x08))
    2293             :         {
    2294        1686 :           key_usage |= PUBKEY_USAGE_ENC;
    2295        1686 :           flags &= ~(0x04 | 0x08);
    2296             :         }
    2297             : 
    2298        3542 :       if (flags & 0x20)
    2299             :         {
    2300           5 :           key_usage |= PUBKEY_USAGE_AUTH;
    2301           5 :           flags &= ~0x20;
    2302             :         }
    2303             : 
    2304        3542 :       if (flags)
    2305           0 :         key_usage |= PUBKEY_USAGE_UNKNOWN;
    2306             : 
    2307        7084 :       if (!key_usage)
    2308           0 :         key_usage |= PUBKEY_USAGE_NONE;
    2309             :     }
    2310        2680 :   else if (p) /* Key flags of length zero.  */
    2311           0 :     key_usage |= PUBKEY_USAGE_NONE;
    2312             : 
    2313             :   /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a
    2314             :      capability that we do not handle.  This serves to distinguish
    2315             :      between a zero key usage which we handle as the default
    2316             :      capabilities for that algorithm, and a usage that we do not
    2317             :      handle.  Likewise we use PUBKEY_USAGE_NONE to indicate that
    2318             :      key_flags have been given but they do not specify any usage.  */
    2319             : 
    2320        6222 :   return key_usage;
    2321             : }
    2322             : 
    2323             : 
    2324             : /* Apply information from SIGNODE (which is the valid self-signature
    2325             :  * associated with that UID) to the UIDNODE:
    2326             :  * - weather the UID has been revoked
    2327             :  * - assumed creation date of the UID
    2328             :  * - temporary store the keyflags here
    2329             :  * - temporary store the key expiration time here
    2330             :  * - mark whether the primary user ID flag hat been set.
    2331             :  * - store the preferences
    2332             :  */
    2333             : static void
    2334        3452 : fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
    2335             : {
    2336        3452 :   PKT_user_id *uid = uidnode->pkt->pkt.user_id;
    2337        3452 :   PKT_signature *sig = signode->pkt->pkt.signature;
    2338             :   const byte *p, *sym, *hash, *zip;
    2339             :   size_t n, nsym, nhash, nzip;
    2340             : 
    2341        3452 :   sig->flags.chosen_selfsig = 1;/* We chose this one. */
    2342        3452 :   uid->created = 0;          /* Not created == invalid. */
    2343        3452 :   if (IS_UID_REV (sig))
    2344             :     {
    2345           2 :       uid->is_revoked = 1;
    2346           4 :       return; /* Has been revoked.  */
    2347             :     }
    2348             :   else
    2349        3450 :     uid->is_revoked = 0;
    2350             : 
    2351        3450 :   uid->expiredate = sig->expiredate;
    2352             : 
    2353        3450 :   if (sig->flags.expired)
    2354             :     {
    2355           0 :       uid->is_expired = 1;
    2356           0 :       return; /* Has expired.  */
    2357             :     }
    2358             :   else
    2359        3450 :     uid->is_expired = 0;
    2360             : 
    2361        3450 :   uid->created = sig->timestamp; /* This one is okay. */
    2362        3450 :   uid->selfsigversion = sig->version;
    2363             :   /* If we got this far, it's not expired :) */
    2364        3450 :   uid->is_expired = 0;
    2365             : 
    2366             :   /* Store the key flags in the helper variable for later processing.  */
    2367        3450 :   uid->help_key_usage = parse_key_usage (sig);
    2368             : 
    2369             :   /* Ditto for the key expiration.  */
    2370        3450 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
    2371        3450 :   if (p && buf32_to_u32 (p))
    2372         321 :     uid->help_key_expire = keycreated + buf32_to_u32 (p);
    2373             :   else
    2374        3129 :     uid->help_key_expire = 0;
    2375             : 
    2376             :   /* Set the primary user ID flag - we will later wipe out some
    2377             :    * of them to only have one in our keyblock.  */
    2378        3450 :   uid->is_primary = 0;
    2379        3450 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
    2380        3450 :   if (p && *p)
    2381         135 :     uid->is_primary = 2;
    2382             : 
    2383             :   /* We could also query this from the unhashed area if it is not in
    2384             :    * the hased area and then later try to decide which is the better
    2385             :    * there should be no security problem with this.
    2386             :    * For now we only look at the hashed one.  */
    2387             : 
    2388             :   /* Now build the preferences list.  These must come from the
    2389             :      hashed section so nobody can modify the ciphers a key is
    2390             :      willing to accept.  */
    2391        3450 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM, &n);
    2392        3450 :   sym = p;
    2393        3450 :   nsym = p ? n : 0;
    2394        3450 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH, &n);
    2395        3450 :   hash = p;
    2396        3450 :   nhash = p ? n : 0;
    2397        3450 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR, &n);
    2398        3450 :   zip = p;
    2399        3450 :   nzip = p ? n : 0;
    2400        3450 :   if (uid->prefs)
    2401          18 :     xfree (uid->prefs);
    2402        3450 :   n = nsym + nhash + nzip;
    2403        3450 :   if (!n)
    2404           0 :     uid->prefs = NULL;
    2405             :   else
    2406             :     {
    2407        3450 :       uid->prefs = xmalloc (sizeof (*uid->prefs) * (n + 1));
    2408        3450 :       n = 0;
    2409       15928 :       for (; nsym; nsym--, n++)
    2410             :         {
    2411       12478 :           uid->prefs[n].type = PREFTYPE_SYM;
    2412       12478 :           uid->prefs[n].value = *sym++;
    2413             :         }
    2414       11678 :       for (; nhash; nhash--, n++)
    2415             :         {
    2416        8228 :           uid->prefs[n].type = PREFTYPE_HASH;
    2417        8228 :           uid->prefs[n].value = *hash++;
    2418             :         }
    2419        9926 :       for (; nzip; nzip--, n++)
    2420             :         {
    2421        6476 :           uid->prefs[n].type = PREFTYPE_ZIP;
    2422        6476 :           uid->prefs[n].value = *zip++;
    2423             :         }
    2424        3450 :       uid->prefs[n].type = PREFTYPE_NONE; /* End of list marker  */
    2425        3450 :       uid->prefs[n].value = 0;
    2426             :     }
    2427             : 
    2428             :   /* See whether we have the MDC feature.  */
    2429        3450 :   uid->flags.mdc = 0;
    2430        3450 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
    2431        3450 :   if (p && n && (p[0] & 0x01))
    2432        1740 :     uid->flags.mdc = 1;
    2433             : 
    2434             :   /* And the keyserver modify flag.  */
    2435        3450 :   uid->flags.ks_modify = 1;
    2436        3450 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
    2437        3450 :   if (p && n && (p[0] & 0x80))
    2438        2794 :     uid->flags.ks_modify = 0;
    2439             : }
    2440             : 
    2441             : static void
    2442           0 : sig_to_revoke_info (PKT_signature * sig, struct revoke_info *rinfo)
    2443             : {
    2444           0 :   rinfo->date = sig->timestamp;
    2445           0 :   rinfo->algo = sig->pubkey_algo;
    2446           0 :   rinfo->keyid[0] = sig->keyid[0];
    2447           0 :   rinfo->keyid[1] = sig->keyid[1];
    2448           0 : }
    2449             : 
    2450             : 
    2451             : /* Given a keyblock, parse the key block and extract various pieces of
    2452             :    information and save them with the primary key packet and the user
    2453             :    id packets.  For instance, some information is stored in signature
    2454             :    packets.  We find the latest such valid packet (since the user can
    2455             :    change that information) and copy its contents into the
    2456             :    PKT_public_key.
    2457             : 
    2458             :    Note that R_REVOKED may be set to 0, 1 or 2.
    2459             : 
    2460             :    This function fills in the following fields in the primary key's
    2461             :    keyblock:
    2462             : 
    2463             :      main_keyid          (computed)
    2464             :      revkey / numrevkeys (derived from self signed key data)
    2465             :      flags.valid         (whether we have at least 1 self-sig)
    2466             :      flags.maybe_revoked (whether a designed revoked the key, but
    2467             :                           we are missing the key to check the sig)
    2468             :      selfsigversion      (highest version of any valid self-sig)
    2469             :      pubkey_usage        (derived from most recent self-sig or most
    2470             :                           recent user id)
    2471             :      has_expired         (various sources)
    2472             :      expiredate          (various sources)
    2473             : 
    2474             :   See the documentation for fixup_uidnode for how the user id packets
    2475             :   are modified.  In addition to that the primary user id's is_primary
    2476             :   field is set to 1 and the other user id's is_primary are set to
    2477             :   0.  */
    2478             : static void
    2479        2618 : merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
    2480             :                      struct revoke_info *rinfo)
    2481             : {
    2482        2618 :   PKT_public_key *pk = NULL;
    2483             :   KBNODE k;
    2484             :   u32 kid[2];
    2485             :   u32 sigdate, uiddate, uiddate2;
    2486             :   KBNODE signode, uidnode, uidnode2;
    2487        2618 :   u32 curtime = make_timestamp ();
    2488        2618 :   unsigned int key_usage = 0;
    2489        2618 :   u32 keytimestamp = 0;
    2490        2618 :   u32 key_expire = 0;
    2491        2618 :   int key_expire_seen = 0;
    2492        2618 :   byte sigversion = 0;
    2493             : 
    2494        2618 :   *r_revoked = 0;
    2495        2618 :   memset (rinfo, 0, sizeof (*rinfo));
    2496             : 
    2497             :   /* Section 11.1 of RFC 4880 determines the order of packets within a
    2498             :      message.  There are three sections, which must occur in the
    2499             :      following order: the public key, the user ids and user attributes
    2500             :      and the subkeys.  Within each section, each primary packet (e.g.,
    2501             :      a user id packet) is followed by one or more signature packets,
    2502             :      which modify that packet.  */
    2503             : 
    2504             :   /* According to Section 11.1 of RFC 4880, the public key must be the
    2505             :      first packet.  */
    2506        2618 :   if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
    2507             :     /* parse_keyblock_image ensures that the first packet is the
    2508             :        public key.  */
    2509           0 :     BUG ();
    2510        2618 :   pk = keyblock->pkt->pkt.public_key;
    2511        2618 :   keytimestamp = pk->timestamp;
    2512             : 
    2513        2618 :   keyid_from_pk (pk, kid);
    2514        2618 :   pk->main_keyid[0] = kid[0];
    2515        2618 :   pk->main_keyid[1] = kid[1];
    2516             : 
    2517        2618 :   if (pk->version < 4)
    2518             :     {
    2519             :       /* Before v4 the key packet itself contains the expiration date
    2520             :        * and there was no way to change it, so we start with the one
    2521             :        * from the key packet.  */
    2522           0 :       key_expire = pk->max_expiredate;
    2523           0 :       key_expire_seen = 1;
    2524             :     }
    2525             : 
    2526             :   /* First pass:
    2527             : 
    2528             :       - Find the latest direct key self-signature.  We assume that the
    2529             :         newest one overrides all others.
    2530             : 
    2531             :       - Determine whether the key has been revoked.
    2532             : 
    2533             :       - Gather all revocation keys (unlike other data, we don't just
    2534             :         take them from the latest self-signed packet).
    2535             : 
    2536             :       - Determine max (sig[...]->version).
    2537             :    */
    2538             : 
    2539             :   /* Reset this in case this key was already merged. */
    2540        2618 :   xfree (pk->revkey);
    2541        2618 :   pk->revkey = NULL;
    2542        2618 :   pk->numrevkeys = 0;
    2543             : 
    2544        2618 :   signode = NULL;
    2545        2618 :   sigdate = 0; /* Helper variable to find the latest signature.  */
    2546             : 
    2547             :   /* According to Section 11.1 of RFC 4880, the public key comes first
    2548             :      and is immediately followed by any signature packets that modify
    2549             :      it.  */
    2550        7856 :   for (k = keyblock;
    2551        5238 :        k && k->pkt->pkttype != PKT_USER_ID
    2552        2620 :          && k->pkt->pkttype != PKT_ATTRIBUTE
    2553        2620 :          && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2554        2620 :        k = k->next)
    2555             :     {
    2556        2620 :       if (k->pkt->pkttype == PKT_SIGNATURE)
    2557             :         {
    2558           2 :           PKT_signature *sig = k->pkt->pkt.signature;
    2559           2 :           if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
    2560             :             /* Self sig.  */
    2561             :             {
    2562           2 :               if (check_key_signature (keyblock, k, NULL))
    2563             :                 ; /* Signature did not verify.  */
    2564           2 :               else if (IS_KEY_REV (sig))
    2565             :                 {
    2566             :                   /* Key has been revoked - there is no way to
    2567             :                    * override such a revocation, so we theoretically
    2568             :                    * can stop now.  We should not cope with expiration
    2569             :                    * times for revocations here because we have to
    2570             :                    * assume that an attacker can generate all kinds of
    2571             :                    * signatures.  However due to the fact that the key
    2572             :                    * has been revoked it does not harm either and by
    2573             :                    * continuing we gather some more info on that
    2574             :                    * key.  */
    2575           0 :                   *r_revoked = 1;
    2576           0 :                   sig_to_revoke_info (sig, rinfo);
    2577             :                 }
    2578           2 :               else if (IS_KEY_SIG (sig))
    2579             :                 {
    2580             :                   /* Add the indicated revocations keys from all
    2581             :                      signatures not just the latest.  We do this
    2582             :                      because you need multiple 1F sigs to properly
    2583             :                      handle revocation keys (PGP does it this way, and
    2584             :                      a revocation key could be sensitive and hence in
    2585             :                      a different signature). */
    2586           2 :                   if (sig->revkey)
    2587             :                     {
    2588             :                       int i;
    2589             : 
    2590           2 :                       pk->revkey =
    2591           2 :                         xrealloc (pk->revkey, sizeof (struct revocation_key) *
    2592             :                                   (pk->numrevkeys + sig->numrevkeys));
    2593             : 
    2594           4 :                       for (i = 0; i < sig->numrevkeys; i++)
    2595           4 :                         memcpy (&pk->revkey[pk->numrevkeys++],
    2596           4 :                                 &sig->revkey[i],
    2597             :                                 sizeof (struct revocation_key));
    2598             :                     }
    2599             : 
    2600           2 :                   if (sig->timestamp >= sigdate)
    2601             :                     /* This is the latest signature so far.  */
    2602             :                     {
    2603           2 :                       if (sig->flags.expired)
    2604             :                         ; /* Signature has expired - ignore it.  */
    2605             :                       else
    2606             :                         {
    2607           2 :                           sigdate = sig->timestamp;
    2608           2 :                           signode = k;
    2609           2 :                           if (sig->version > sigversion)
    2610           2 :                             sigversion = sig->version;
    2611             : 
    2612             :                         }
    2613             :                     }
    2614             :                 }
    2615             :             }
    2616             :         }
    2617             :     }
    2618             : 
    2619             :   /* Remove dupes from the revocation keys.  */
    2620        2618 :   if (pk->revkey)
    2621             :     {
    2622           2 :       int i, j, x, changed = 0;
    2623             : 
    2624           4 :       for (i = 0; i < pk->numrevkeys; i++)
    2625             :         {
    2626           2 :           for (j = i + 1; j < pk->numrevkeys; j++)
    2627             :             {
    2628           0 :               if (memcmp (&pk->revkey[i], &pk->revkey[j],
    2629             :                           sizeof (struct revocation_key)) == 0)
    2630             :                 {
    2631             :                   /* remove j */
    2632             : 
    2633           0 :                   for (x = j; x < pk->numrevkeys - 1; x++)
    2634           0 :                     pk->revkey[x] = pk->revkey[x + 1];
    2635             : 
    2636           0 :                   pk->numrevkeys--;
    2637           0 :                   j--;
    2638           0 :                   changed = 1;
    2639             :                 }
    2640             :             }
    2641             :         }
    2642             : 
    2643           2 :       if (changed)
    2644           0 :         pk->revkey = xrealloc (pk->revkey,
    2645             :                                pk->numrevkeys *
    2646             :                                sizeof (struct revocation_key));
    2647             :     }
    2648             : 
    2649        2618 :   if (signode)
    2650             :     /* SIGNODE is the 1F signature packet with the latest creation
    2651             :        time.  Extract some information from it.  */
    2652             :     {
    2653             :       /* Some information from a direct key signature take precedence
    2654             :        * over the same information given in UID sigs.  */
    2655           2 :       PKT_signature *sig = signode->pkt->pkt.signature;
    2656             :       const byte *p;
    2657             : 
    2658           2 :       key_usage = parse_key_usage (sig);
    2659             : 
    2660           2 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
    2661           2 :       if (p && buf32_to_u32 (p))
    2662             :         {
    2663           0 :           key_expire = keytimestamp + buf32_to_u32 (p);
    2664           0 :           key_expire_seen = 1;
    2665             :         }
    2666             : 
    2667             :       /* Mark that key as valid: One direct key signature should
    2668             :        * render a key as valid.  */
    2669           2 :       pk->flags.valid = 1;
    2670             :     }
    2671             : 
    2672             :   /* Pass 1.5: Look for key revocation signatures that were not made
    2673             :      by the key (i.e. did a revocation key issue a revocation for
    2674             :      us?).  Only bother to do this if there is a revocation key in the
    2675             :      first place and we're not revoked already.  */
    2676             : 
    2677        2618 :   if (!*r_revoked && pk->revkey)
    2678           6 :     for (k = keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next)
    2679             :       {
    2680           4 :         if (k->pkt->pkttype == PKT_SIGNATURE)
    2681             :           {
    2682           2 :             PKT_signature *sig = k->pkt->pkt.signature;
    2683             : 
    2684           2 :             if (IS_KEY_REV (sig) &&
    2685           0 :                 (sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1]))
    2686             :               {
    2687           0 :                 int rc = check_revocation_keys (pk, sig);
    2688           0 :                 if (rc == 0)
    2689             :                   {
    2690           0 :                     *r_revoked = 2;
    2691           0 :                     sig_to_revoke_info (sig, rinfo);
    2692             :                     /* Don't continue checking since we can't be any
    2693             :                        more revoked than this.  */
    2694           0 :                     break;
    2695             :                   }
    2696           0 :                 else if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
    2697           0 :                   pk->flags.maybe_revoked = 1;
    2698             : 
    2699             :                 /* A failure here means the sig did not verify, was
    2700             :                    not issued by a revocation key, or a revocation
    2701             :                    key loop was broken.  If a revocation key isn't
    2702             :                    findable, however, the key might be revoked and
    2703             :                    we don't know it.  */
    2704             : 
    2705             :                 /* TODO: In the future handle subkey and cert
    2706             :                    revocations?  PGP doesn't, but it's in 2440. */
    2707             :               }
    2708             :           }
    2709             :       }
    2710             : 
    2711             :   /* Second pass: Look at the self-signature of all user IDs.  */
    2712             : 
    2713             :   /* According to RFC 4880 section 11.1, user id and attribute packets
    2714             :      are in the second section, after the public key packet and before
    2715             :      the subkey packets.  */
    2716        2618 :   signode = uidnode = NULL;
    2717        2618 :   sigdate = 0; /* Helper variable to find the latest signature in one UID. */
    2718       12519 :   for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
    2719             :     {
    2720        9901 :       if (k->pkt->pkttype == PKT_USER_ID || k->pkt->pkttype == PKT_ATTRIBUTE)
    2721             :         /* New user id packet.  */
    2722             :         {
    2723        3461 :           if (uidnode && signode)
    2724             :             /* Apply the data from the most recent self-signed packet
    2725             :                to the preceding user id packet.  */
    2726             :             {
    2727         841 :               fixup_uidnode (uidnode, signode, keytimestamp);
    2728         841 :               pk->flags.valid = 1;
    2729             :             }
    2730             :           /* Clear SIGNODE.  The only relevant self-signed data for
    2731             :              UIDNODE follows it.  */
    2732        3461 :           if (k->pkt->pkttype == PKT_USER_ID)
    2733        3461 :             uidnode = k;
    2734             :           else
    2735           0 :             uidnode = NULL;
    2736        3461 :           signode = NULL;
    2737        3461 :           sigdate = 0;
    2738             :         }
    2739        6440 :       else if (k->pkt->pkttype == PKT_SIGNATURE && uidnode)
    2740             :         {
    2741        3820 :           PKT_signature *sig = k->pkt->pkt.signature;
    2742        3820 :           if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
    2743             :             {
    2744        3504 :               if (check_key_signature (keyblock, k, NULL))
    2745             :                 ;               /* signature did not verify */
    2746        3504 :               else if ((IS_UID_SIG (sig) || IS_UID_REV (sig))
    2747        3504 :                        && sig->timestamp >= sigdate)
    2748             :                 {
    2749             :                   /* Note: we allow invalidation of cert revocations
    2750             :                    * by a newer signature.  An attacker can't use this
    2751             :                    * because a key should be revoked with a key revocation.
    2752             :                    * The reason why we have to allow for that is that at
    2753             :                    * one time an email address may become invalid but later
    2754             :                    * the same email address may become valid again (hired,
    2755             :                    * fired, hired again).  */
    2756             : 
    2757        3501 :                   sigdate = sig->timestamp;
    2758        3501 :                   signode = k;
    2759        3501 :                   signode->pkt->pkt.signature->flags.chosen_selfsig = 0;
    2760        3501 :                   if (sig->version > sigversion)
    2761        2609 :                     sigversion = sig->version;
    2762             :                 }
    2763             :             }
    2764             :         }
    2765             :     }
    2766        2618 :   if (uidnode && signode)
    2767             :     {
    2768        2611 :       fixup_uidnode (uidnode, signode, keytimestamp);
    2769        2611 :       pk->flags.valid = 1;
    2770             :     }
    2771             : 
    2772             :   /* If the key isn't valid yet, and we have
    2773             :      --allow-non-selfsigned-uid set, then force it valid. */
    2774        2618 :   if (!pk->flags.valid && opt.allow_non_selfsigned_uid)
    2775             :     {
    2776           4 :       if (opt.verbose)
    2777           0 :         log_info (_("Invalid key %s made valid by"
    2778             :                     " --allow-non-selfsigned-uid\n"), keystr_from_pk (pk));
    2779           4 :       pk->flags.valid = 1;
    2780             :     }
    2781             : 
    2782             :   /* The key STILL isn't valid, so try and find an ultimately
    2783             :      trusted signature. */
    2784        2618 :   if (!pk->flags.valid)
    2785             :     {
    2786           1 :       uidnode = NULL;
    2787             : 
    2788           9 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2789           7 :            k = k->next)
    2790             :         {
    2791           7 :           if (k->pkt->pkttype == PKT_USER_ID)
    2792           3 :             uidnode = k;
    2793           4 :           else if (k->pkt->pkttype == PKT_SIGNATURE && uidnode)
    2794             :             {
    2795           3 :               PKT_signature *sig = k->pkt->pkt.signature;
    2796             : 
    2797           3 :               if (sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1])
    2798             :                 {
    2799             :                   PKT_public_key *ultimate_pk;
    2800             : 
    2801           3 :                   ultimate_pk = xmalloc_clear (sizeof (*ultimate_pk));
    2802             : 
    2803             :                   /* We don't want to use the full get_pubkey to
    2804             :                      avoid infinite recursion in certain cases.
    2805             :                      There is no reason to check that an ultimately
    2806             :                      trusted key is still valid - if it has been
    2807             :                      revoked the user should also remove the
    2808             :                      ultimate trust flag.  */
    2809           3 :                   if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0
    2810           0 :                       && check_key_signature2 (keyblock, k, ultimate_pk,
    2811             :                                                NULL, NULL, NULL, NULL) == 0
    2812           0 :                       && get_ownertrust (ultimate_pk) == TRUST_ULTIMATE)
    2813             :                     {
    2814           0 :                       free_public_key (ultimate_pk);
    2815           0 :                       pk->flags.valid = 1;
    2816           0 :                       break;
    2817             :                     }
    2818             : 
    2819           3 :                   free_public_key (ultimate_pk);
    2820             :                 }
    2821             :             }
    2822             :         }
    2823             :     }
    2824             : 
    2825             :   /* Record the highest selfsig version so we know if this is a v3
    2826             :      key through and through, or a v3 key with a v4 selfsig
    2827             :      somewhere.  This is useful in a few places to know if the key
    2828             :      must be treated as PGP2-style or OpenPGP-style.  Note that a
    2829             :      selfsig revocation with a higher version number will also raise
    2830             :      this value.  This is okay since such a revocation must be
    2831             :      issued by the user (i.e. it cannot be issued by someone else to
    2832             :      modify the key behavior.) */
    2833             : 
    2834        2618 :   pk->selfsigversion = sigversion;
    2835             : 
    2836             :   /* Now that we had a look at all user IDs we can now get some information
    2837             :    * from those user IDs.
    2838             :    */
    2839             : 
    2840        2618 :   if (!key_usage)
    2841             :     {
    2842             :       /* Find the latest user ID with key flags set. */
    2843        2618 :       uiddate = 0; /* Helper to find the latest user ID.  */
    2844       15137 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2845        9901 :            k = k->next)
    2846             :         {
    2847        9901 :           if (k->pkt->pkttype == PKT_USER_ID)
    2848             :             {
    2849        3461 :               PKT_user_id *uid = k->pkt->pkt.user_id;
    2850        3461 :               if (uid->help_key_usage && uid->created > uiddate)
    2851             :                 {
    2852        1730 :                   key_usage = uid->help_key_usage;
    2853        1730 :                   uiddate = uid->created;
    2854             :                 }
    2855             :             }
    2856             :         }
    2857             :     }
    2858        2618 :   if (!key_usage)
    2859             :     {
    2860             :       /* No key flags at all: get it from the algo.  */
    2861         967 :       key_usage = openpgp_pk_algo_usage (pk->pubkey_algo);
    2862             :     }
    2863             :   else
    2864             :     {
    2865             :       /* Check that the usage matches the usage as given by the algo.  */
    2866        1651 :       int x = openpgp_pk_algo_usage (pk->pubkey_algo);
    2867        1651 :       if (x) /* Mask it down to the actual allowed usage.  */
    2868        1651 :         key_usage &= x;
    2869             :     }
    2870             : 
    2871             :   /* Whatever happens, it's a primary key, so it can certify. */
    2872        2618 :   pk->pubkey_usage = key_usage | PUBKEY_USAGE_CERT;
    2873             : 
    2874        2618 :   if (!key_expire_seen)
    2875             :     {
    2876             :       /* Find the latest valid user ID with a key expiration set
    2877             :        * Note, that this may be a different one from the above because
    2878             :        * some user IDs may have no expiration date set.  */
    2879        2618 :       uiddate = 0;
    2880       15137 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2881        9901 :            k = k->next)
    2882             :         {
    2883        9901 :           if (k->pkt->pkttype == PKT_USER_ID)
    2884             :             {
    2885        3461 :               PKT_user_id *uid = k->pkt->pkt.user_id;
    2886        3461 :               if (uid->help_key_expire && uid->created > uiddate)
    2887             :                 {
    2888         321 :                   key_expire = uid->help_key_expire;
    2889         321 :                   uiddate = uid->created;
    2890             :                 }
    2891             :             }
    2892             :         }
    2893             :     }
    2894             : 
    2895             :   /* Currently only v3 keys have a maximum expiration date, but I'll
    2896             :      bet v5 keys get this feature again. */
    2897        2618 :   if (key_expire == 0
    2898         321 :       || (pk->max_expiredate && key_expire > pk->max_expiredate))
    2899        2297 :     key_expire = pk->max_expiredate;
    2900             : 
    2901        2618 :   pk->has_expired = key_expire >= curtime ? 0 : key_expire;
    2902        2618 :   pk->expiredate = key_expire;
    2903             : 
    2904             :   /* Fixme: we should see how to get rid of the expiretime fields  but
    2905             :    * this needs changes at other places too. */
    2906             : 
    2907             :   /* And now find the real primary user ID and delete all others.  */
    2908        2618 :   uiddate = uiddate2 = 0;
    2909        2618 :   uidnode = uidnode2 = NULL;
    2910       12519 :   for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
    2911             :     {
    2912        9901 :       if (k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data)
    2913             :         {
    2914        3461 :           PKT_user_id *uid = k->pkt->pkt.user_id;
    2915        3461 :           if (uid->is_primary)
    2916             :             {
    2917         137 :               if (uid->created > uiddate)
    2918             :                 {
    2919         135 :                   uiddate = uid->created;
    2920         135 :                   uidnode = k;
    2921             :                 }
    2922           2 :               else if (uid->created == uiddate && uidnode)
    2923             :                 {
    2924             :                   /* The dates are equal, so we need to do a
    2925             :                      different (and arbitrary) comparison.  This
    2926             :                      should rarely, if ever, happen.  It's good to
    2927             :                      try and guarantee that two different GnuPG
    2928             :                      users with two different keyrings at least pick
    2929             :                      the same primary. */
    2930           0 :                   if (cmp_user_ids (uid, uidnode->pkt->pkt.user_id) > 0)
    2931           0 :                     uidnode = k;
    2932             :                 }
    2933             :             }
    2934             :           else
    2935             :             {
    2936        3324 :               if (uid->created > uiddate2)
    2937             :                 {
    2938        3312 :                   uiddate2 = uid->created;
    2939        3312 :                   uidnode2 = k;
    2940             :                 }
    2941          12 :               else if (uid->created == uiddate2 && uidnode2)
    2942             :                 {
    2943           2 :                   if (cmp_user_ids (uid, uidnode2->pkt->pkt.user_id) > 0)
    2944           2 :                     uidnode2 = k;
    2945             :                 }
    2946             :             }
    2947             :         }
    2948             :     }
    2949        2618 :   if (uidnode)
    2950             :     {
    2951         762 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2952         492 :            k = k->next)
    2953             :         {
    2954         628 :           if (k->pkt->pkttype == PKT_USER_ID &&
    2955         136 :               !k->pkt->pkt.user_id->attrib_data)
    2956             :             {
    2957         136 :               PKT_user_id *uid = k->pkt->pkt.user_id;
    2958         136 :               if (k != uidnode)
    2959           1 :                 uid->is_primary = 0;
    2960             :             }
    2961             :         }
    2962             :     }
    2963        2483 :   else if (uidnode2)
    2964             :     {
    2965             :       /* None is flagged primary - use the latest user ID we have,
    2966             :          and disambiguate with the arbitrary packet comparison. */
    2967        2476 :       uidnode2->pkt->pkt.user_id->is_primary = 1;
    2968             :     }
    2969             :   else
    2970             :     {
    2971             :       /* None of our uids were self-signed, so pick the one that
    2972             :          sorts first to be the primary.  This is the best we can do
    2973             :          here since there are no self sigs to date the uids. */
    2974             : 
    2975           7 :       uidnode = NULL;
    2976             : 
    2977          33 :       for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    2978          19 :            k = k->next)
    2979             :         {
    2980          19 :           if (k->pkt->pkttype == PKT_USER_ID
    2981           9 :               && !k->pkt->pkt.user_id->attrib_data)
    2982             :             {
    2983           9 :               if (!uidnode)
    2984             :                 {
    2985           7 :                   uidnode = k;
    2986           7 :                   uidnode->pkt->pkt.user_id->is_primary = 1;
    2987           7 :                   continue;
    2988             :                 }
    2989             :               else
    2990             :                 {
    2991           2 :                   if (cmp_user_ids (k->pkt->pkt.user_id,
    2992           2 :                                     uidnode->pkt->pkt.user_id) > 0)
    2993             :                     {
    2994           0 :                       uidnode->pkt->pkt.user_id->is_primary = 0;
    2995           0 :                       uidnode = k;
    2996           0 :                       uidnode->pkt->pkt.user_id->is_primary = 1;
    2997             :                     }
    2998             :                   else
    2999           2 :                     k->pkt->pkt.user_id->is_primary = 0;       /* just to be
    3000             :                                                                    safe */
    3001             :                 }
    3002             :             }
    3003             :         }
    3004             :     }
    3005        2618 : }
    3006             : 
    3007             : /* Convert a buffer to a signature.  Useful for 0x19 embedded sigs.
    3008             :    Caller must free the signature when they are done. */
    3009             : static PKT_signature *
    3010         126 : buf_to_sig (const byte * buf, size_t len)
    3011             : {
    3012         126 :   PKT_signature *sig = xmalloc_clear (sizeof (PKT_signature));
    3013         126 :   IOBUF iobuf = iobuf_temp_with_content (buf, len);
    3014         126 :   int save_mode = set_packet_list_mode (0);
    3015             : 
    3016         126 :   if (parse_signature (iobuf, PKT_SIGNATURE, len, sig) != 0)
    3017             :     {
    3018           0 :       xfree (sig);
    3019           0 :       sig = NULL;
    3020             :     }
    3021             : 
    3022         126 :   set_packet_list_mode (save_mode);
    3023         126 :   iobuf_close (iobuf);
    3024             : 
    3025         126 :   return sig;
    3026             : }
    3027             : 
    3028             : /* Use the self-signed data to fill in various fields in subkeys.
    3029             : 
    3030             :    KEYBLOCK is the whole keyblock.  SUBNODE is the subkey to fill in.
    3031             : 
    3032             :    Sets the following fields on the subkey:
    3033             : 
    3034             :      main_keyid
    3035             :      flags.valid        if the subkey has a valid self-sig binding
    3036             :      flags.revoked
    3037             :      flags.backsig
    3038             :      pubkey_usage
    3039             :      has_expired
    3040             :      expired_date
    3041             : 
    3042             :    On this subkey's most revent valid self-signed packet, the
    3043             :    following field is set:
    3044             : 
    3045             :      flags.chosen_selfsig
    3046             :   */
    3047             : static void
    3048        2771 : merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
    3049             : {
    3050        2771 :   PKT_public_key *mainpk = NULL, *subpk = NULL;
    3051             :   PKT_signature *sig;
    3052             :   KBNODE k;
    3053             :   u32 mainkid[2];
    3054        2771 :   u32 sigdate = 0;
    3055             :   KBNODE signode;
    3056        2771 :   u32 curtime = make_timestamp ();
    3057        2771 :   unsigned int key_usage = 0;
    3058        2771 :   u32 keytimestamp = 0;
    3059        2771 :   u32 key_expire = 0;
    3060             :   const byte *p;
    3061             : 
    3062        2771 :   if (subnode->pkt->pkttype != PKT_PUBLIC_SUBKEY)
    3063           0 :     BUG ();
    3064        2771 :   mainpk = keyblock->pkt->pkt.public_key;
    3065        2771 :   if (mainpk->version < 4)
    3066           1 :     return;/* (actually this should never happen) */
    3067        2771 :   keyid_from_pk (mainpk, mainkid);
    3068        2771 :   subpk = subnode->pkt->pkt.public_key;
    3069        2771 :   keytimestamp = subpk->timestamp;
    3070             : 
    3071        2771 :   subpk->flags.valid = 0;
    3072        2771 :   subpk->flags.exact = 0;
    3073        2771 :   subpk->main_keyid[0] = mainpk->main_keyid[0];
    3074        2771 :   subpk->main_keyid[1] = mainpk->main_keyid[1];
    3075             : 
    3076             :   /* Find the latest key binding self-signature.  */
    3077        2771 :   signode = NULL;
    3078        2771 :   sigdate = 0; /* Helper to find the latest signature.  */
    3079        8313 :   for (k = subnode->next; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
    3080        2771 :        k = k->next)
    3081             :     {
    3082        2771 :       if (k->pkt->pkttype == PKT_SIGNATURE)
    3083             :         {
    3084        2771 :           sig = k->pkt->pkt.signature;
    3085        2771 :           if (sig->keyid[0] == mainkid[0] && sig->keyid[1] == mainkid[1])
    3086             :             {
    3087        2770 :               if (check_key_signature (keyblock, k, NULL))
    3088             :                 ; /* Signature did not verify.  */
    3089        2770 :               else if (IS_SUBKEY_REV (sig))
    3090             :                 {
    3091             :                   /* Note that this means that the date on a
    3092             :                      revocation sig does not matter - even if the
    3093             :                      binding sig is dated after the revocation sig,
    3094             :                      the subkey is still marked as revoked.  This
    3095             :                      seems ok, as it is just as easy to make new
    3096             :                      subkeys rather than re-sign old ones as the
    3097             :                      problem is in the distribution.  Plus, PGP (7)
    3098             :                      does this the same way.  */
    3099           0 :                   subpk->flags.revoked = 1;
    3100           0 :                   sig_to_revoke_info (sig, &subpk->revoked);
    3101             :                   /* Although we could stop now, we continue to
    3102             :                    * figure out other information like the old expiration
    3103             :                    * time.  */
    3104             :                 }
    3105        2770 :               else if (IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate)
    3106             :                 {
    3107        2770 :                   if (sig->flags.expired)
    3108             :                     ; /* Signature has expired - ignore it.  */
    3109             :                   else
    3110             :                     {
    3111        2770 :                       sigdate = sig->timestamp;
    3112        2770 :                       signode = k;
    3113        2770 :                       signode->pkt->pkt.signature->flags.chosen_selfsig = 0;
    3114             :                     }
    3115             :                 }
    3116             :             }
    3117             :         }
    3118             :     }
    3119             : 
    3120             :   /* No valid key binding.  */
    3121        2771 :   if (!signode)
    3122           1 :     return;
    3123             : 
    3124        2770 :   sig = signode->pkt->pkt.signature;
    3125        2770 :   sig->flags.chosen_selfsig = 1; /* So we know which selfsig we chose later.  */
    3126             : 
    3127        2770 :   key_usage = parse_key_usage (sig);
    3128        2770 :   if (!key_usage)
    3129             :     {
    3130             :       /* No key flags at all: get it from the algo.  */
    3131         961 :       key_usage = openpgp_pk_algo_usage (subpk->pubkey_algo);
    3132             :     }
    3133             :   else
    3134             :     {
    3135             :       /* Check that the usage matches the usage as given by the algo.  */
    3136        1809 :       int x = openpgp_pk_algo_usage (subpk->pubkey_algo);
    3137        1809 :       if (x) /* Mask it down to the actual allowed usage.  */
    3138        1809 :         key_usage &= x;
    3139             :     }
    3140             : 
    3141        2770 :   subpk->pubkey_usage = key_usage;
    3142             : 
    3143        2770 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
    3144        2770 :   if (p && buf32_to_u32 (p))
    3145         326 :     key_expire = keytimestamp + buf32_to_u32 (p);
    3146             :   else
    3147        2444 :     key_expire = 0;
    3148        2770 :   subpk->has_expired = key_expire >= curtime ? 0 : key_expire;
    3149        2770 :   subpk->expiredate = key_expire;
    3150             : 
    3151             :   /* Algo doesn't exist.  */
    3152        2770 :   if (openpgp_pk_test_algo (subpk->pubkey_algo))
    3153           0 :     return;
    3154             : 
    3155        2770 :   subpk->flags.valid = 1;
    3156             : 
    3157             :   /* Find the most recent 0x19 embedded signature on our self-sig. */
    3158        2770 :   if (!subpk->flags.backsig)
    3159             :     {
    3160        2770 :       int seq = 0;
    3161             :       size_t n;
    3162        2770 :       PKT_signature *backsig = NULL;
    3163             : 
    3164        2770 :       sigdate = 0;
    3165             : 
    3166             :       /* We do this while() since there may be other embedded
    3167             :          signatures in the future.  We only want 0x19 here. */
    3168             : 
    3169        5540 :       while ((p = enum_sig_subpkt (sig->hashed,
    3170             :                                    SIGSUBPKT_SIGNATURE, &n, &seq, NULL)))
    3171           0 :         if (n > 3
    3172           0 :             && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
    3173             :           {
    3174           0 :             PKT_signature *tempsig = buf_to_sig (p, n);
    3175           0 :             if (tempsig)
    3176             :               {
    3177           0 :                 if (tempsig->timestamp > sigdate)
    3178             :                   {
    3179           0 :                     if (backsig)
    3180           0 :                       free_seckey_enc (backsig);
    3181             : 
    3182           0 :                     backsig = tempsig;
    3183           0 :                     sigdate = backsig->timestamp;
    3184             :                   }
    3185             :                 else
    3186           0 :                   free_seckey_enc (tempsig);
    3187             :               }
    3188             :           }
    3189             : 
    3190        2770 :       seq = 0;
    3191             : 
    3192             :       /* It is safe to have this in the unhashed area since the 0x19
    3193             :          is located on the selfsig for convenience, not security. */
    3194             : 
    3195        5666 :       while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE,
    3196             :                                    &n, &seq, NULL)))
    3197         126 :         if (n > 3
    3198         126 :             && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
    3199             :           {
    3200         126 :             PKT_signature *tempsig = buf_to_sig (p, n);
    3201         126 :             if (tempsig)
    3202             :               {
    3203         126 :                 if (tempsig->timestamp > sigdate)
    3204             :                   {
    3205         126 :                     if (backsig)
    3206           0 :                       free_seckey_enc (backsig);
    3207             : 
    3208         126 :                     backsig = tempsig;
    3209         126 :                     sigdate = backsig->timestamp;
    3210             :                   }
    3211             :                 else
    3212           0 :                   free_seckey_enc (tempsig);
    3213             :               }
    3214             :           }
    3215             : 
    3216        2770 :       if (backsig)
    3217             :         {
    3218             :           /* At this point, backsig contains the most recent 0x19 sig.
    3219             :              Let's see if it is good. */
    3220             : 
    3221             :           /* 2==valid, 1==invalid, 0==didn't check */
    3222         126 :           if (check_backsig (mainpk, subpk, backsig) == 0)
    3223         126 :             subpk->flags.backsig = 2;
    3224             :           else
    3225           0 :             subpk->flags.backsig = 1;
    3226             : 
    3227         126 :           free_seckey_enc (backsig);
    3228             :         }
    3229             :     }
    3230             : }
    3231             : 
    3232             : 
    3233             : /* Merge information from the self-signatures with the public key,
    3234             :    subkeys and user ids to make using them more easy.
    3235             : 
    3236             :    See documentation for merge_selfsigs_main, merge_selfsigs_subkey
    3237             :    and fixup_uidnode for exactly which fields are updated.  */
    3238             : static void
    3239        2618 : merge_selfsigs (KBNODE keyblock)
    3240             : {
    3241             :   KBNODE k;
    3242             :   int revoked;
    3243             :   struct revoke_info rinfo;
    3244             :   PKT_public_key *main_pk;
    3245             :   prefitem_t *prefs;
    3246             :   unsigned int mdc_feature;
    3247             : 
    3248        2618 :   if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
    3249             :     {
    3250           0 :       if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
    3251             :         {
    3252           0 :           log_error ("expected public key but found secret key "
    3253             :                      "- must stop\n");
    3254             :           /* We better exit here because a public key is expected at
    3255             :              other places too.  FIXME: Figure this out earlier and
    3256             :              don't get to here at all */
    3257           0 :           g10_exit (1);
    3258             :         }
    3259           0 :       BUG ();
    3260             :     }
    3261             : 
    3262        2618 :   merge_selfsigs_main (keyblock, &revoked, &rinfo);
    3263             : 
    3264             :   /* Now merge in the data from each of the subkeys.  */
    3265       18061 :   for (k = keyblock; k; k = k->next)
    3266             :     {
    3267       15443 :       if (k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3268             :         {
    3269        2771 :           merge_selfsigs_subkey (keyblock, k);
    3270             :         }
    3271             :     }
    3272             : 
    3273        2618 :   main_pk = keyblock->pkt->pkt.public_key;
    3274        2618 :   if (revoked || main_pk->has_expired || !main_pk->flags.valid)
    3275             :     {
    3276             :       /* If the primary key is revoked, expired, or invalid we
    3277             :        * better set the appropriate flags on that key and all
    3278             :        * subkeys.  */
    3279         282 :       for (k = keyblock; k; k = k->next)
    3280             :         {
    3281         233 :           if (k->pkt->pkttype == PKT_PUBLIC_KEY
    3282         184 :               || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3283             :             {
    3284          89 :               PKT_public_key *pk = k->pkt->pkt.public_key;
    3285          89 :               if (!main_pk->flags.valid)
    3286           2 :                 pk->flags.valid = 0;
    3287          89 :               if (revoked && !pk->flags.revoked)
    3288             :                 {
    3289           0 :                   pk->flags.revoked = revoked;
    3290           0 :                   memcpy (&pk->revoked, &rinfo, sizeof (rinfo));
    3291             :                 }
    3292          89 :               if (main_pk->has_expired)
    3293          87 :                 pk->has_expired = main_pk->has_expired;
    3294             :             }
    3295             :         }
    3296        2667 :       return;
    3297             :     }
    3298             : 
    3299             :   /* Set the preference list of all keys to those of the primary real
    3300             :    * user ID.  Note: we use these preferences when we don't know by
    3301             :    * which user ID the key has been selected.
    3302             :    * fixme: we should keep atoms of commonly used preferences or
    3303             :    * use reference counting to optimize the preference lists storage.
    3304             :    * FIXME: it might be better to use the intersection of
    3305             :    * all preferences.
    3306             :    * Do a similar thing for the MDC feature flag.  */
    3307        2569 :   prefs = NULL;
    3308        2569 :   mdc_feature = 0;
    3309        6932 :   for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
    3310             :     {
    3311        6932 :       if (k->pkt->pkttype == PKT_USER_ID
    3312        3408 :           && !k->pkt->pkt.user_id->attrib_data
    3313        3408 :           && k->pkt->pkt.user_id->is_primary)
    3314             :         {
    3315        2569 :           prefs = k->pkt->pkt.user_id->prefs;
    3316        2569 :           mdc_feature = k->pkt->pkt.user_id->flags.mdc;
    3317        2569 :           break;
    3318             :         }
    3319             :     }
    3320       17779 :   for (k = keyblock; k; k = k->next)
    3321             :     {
    3322       15210 :       if (k->pkt->pkttype == PKT_PUBLIC_KEY
    3323       12641 :           || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3324             :         {
    3325        5300 :           PKT_public_key *pk = k->pkt->pkt.public_key;
    3326        5300 :           if (pk->prefs)
    3327          29 :             xfree (pk->prefs);
    3328        5300 :           pk->prefs = copy_prefs (prefs);
    3329        5300 :           pk->flags.mdc = mdc_feature;
    3330             :         }
    3331             :     }
    3332             : }
    3333             : 
    3334             : 
    3335             : 
    3336             : /* See whether the key satisfies any additional requirements specified
    3337             :  * in CTX.  If so, return the node of an appropriate key or subkey.
    3338             :  * Otherwise, return NULL if there was no appropriate key.
    3339             :  *
    3340             :  * Note that we do not return a reference, i.e. the result must not be
    3341             :  * freed using 'release_kbnode'.
    3342             :  *
    3343             :  * In case the primary key is not required, select a suitable subkey.
    3344             :  * We need the primary key if PUBKEY_USAGE_CERT is set in REQ_USAGE or
    3345             :  * we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG is set in
    3346             :  * REQ_USAGE.
    3347             :  *
    3348             :  * If any of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT
    3349             :  * are set in REQ_USAGE, we filter by the key's function.  Concretely,
    3350             :  * if PUBKEY_USAGE_SIG and PUBKEY_USAGE_CERT are set, then we only
    3351             :  * return a key if it is (at least) either a signing or a
    3352             :  * certification key.
    3353             :  *
    3354             :  * If REQ_USAGE is set, then we reject any keys that are not good
    3355             :  * (i.e., valid, not revoked, not expired, etc.).  This allows the
    3356             :  * getkey functions to be used for plain key listings.
    3357             :  *
    3358             :  * Sets the matched key's user id field (pk->user_id) to the user id
    3359             :  * that matched the low-level search criteria or NULL.
    3360             :  *
    3361             :  * If R_FLAGS is not NULL set certain flags for more detailed error
    3362             :  * reporting.  Used flags are:
    3363             :  *
    3364             :  * - LOOKUP_ALL_SUBKEYS_EXPIRED :: All Subkeys are expired or have
    3365             :  *                                 been revoked.
    3366             :  * - LOOKUP_NOT_SELECTED :: No suitable key found
    3367             :  *
    3368             :  * This function needs to handle several different cases:
    3369             :  *
    3370             :  *  1. No requested usage and no primary key requested
    3371             :  *     Examples for this case are that we have a keyID to be used
    3372             :  *     for decrytion or verification.
    3373             :  *  2. No usage but primary key requested
    3374             :  *     This is the case for all functions which work on an
    3375             :  *     entire keyblock, e.g. for editing or listing
    3376             :  *  3. Usage and primary key requested
    3377             :  *     FIXME
    3378             :  *  4. Usage but no primary key requested
    3379             :  *     FIXME
    3380             :  *
    3381             :  */
    3382             : static kbnode_t
    3383        2482 : finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
    3384             :                unsigned int *r_flags)
    3385             : {
    3386             :   kbnode_t k;
    3387             : 
    3388             :   /* If WANT_EXACT is set, the key or subkey that actually matched the
    3389             :      low-level search criteria.  */
    3390        2482 :   kbnode_t foundk = NULL;
    3391             :   /* The user id (if any) that matched the low-level search criteria.  */
    3392        2482 :   PKT_user_id *foundu = NULL;
    3393             : 
    3394             :   u32 latest_date;
    3395             :   kbnode_t latest_key;
    3396             :   PKT_public_key *pk;
    3397             :   int req_prim;
    3398        2482 :   u32 curtime = make_timestamp ();
    3399             : 
    3400        2482 :   if (r_flags)
    3401        2482 :     *r_flags = 0;
    3402             : 
    3403             : #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
    3404        2482 :   req_usage &= USAGE_MASK;
    3405             : 
    3406             :   /* Request the primary if we're certifying another key, and also if
    3407             :    * signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 do
    3408             :    * not understand signatures made by a signing subkey.  PGP 8 does. */
    3409        4964 :   req_prim = ((req_usage & PUBKEY_USAGE_CERT)
    3410        2482 :               || ((PGP6 || PGP7) && (req_usage & PUBKEY_USAGE_SIG)));
    3411             : 
    3412             : 
    3413        2482 :   log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
    3414             : 
    3415             :   /* For an exact match mark the primary or subkey that matched the
    3416             :      low-level search criteria.  */
    3417        2482 :   if (want_exact)
    3418             :     {
    3419        2971 :       for (k = keyblock; k; k = k->next)
    3420             :         {
    3421        2971 :           if ((k->flag & 1))
    3422             :             {
    3423        1230 :               log_assert (k->pkt->pkttype == PKT_PUBLIC_KEY
    3424             :                           || k->pkt->pkttype == PKT_PUBLIC_SUBKEY);
    3425        1230 :               foundk = k;
    3426        1230 :               pk = k->pkt->pkt.public_key;
    3427        1230 :               pk->flags.exact = 1;
    3428        1230 :               break;
    3429             :             }
    3430             :         }
    3431             :     }
    3432             : 
    3433             :   /* Get the user id that matched that low-level search criteria.  */
    3434       16192 :   for (k = keyblock; k; k = k->next)
    3435             :     {
    3436       13934 :       if ((k->flag & 2))
    3437             :         {
    3438         224 :           log_assert (k->pkt->pkttype == PKT_USER_ID);
    3439         224 :           foundu = k->pkt->pkt.user_id;
    3440         224 :           break;
    3441             :         }
    3442             :     }
    3443             : 
    3444        2482 :   if (DBG_LOOKUP)
    3445           0 :     log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
    3446           0 :                (ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
    3447             :                foundk ? "one" : "all", req_usage);
    3448             : 
    3449        2482 :   if (!req_usage)
    3450             :     {
    3451        2096 :       latest_key = foundk ? foundk : keyblock;
    3452        2096 :       goto found;
    3453             :     }
    3454             : 
    3455         386 :   latest_date = 0;
    3456         386 :   latest_key = NULL;
    3457             :   /* Set LATEST_KEY to the latest (the one with the most recent
    3458             :    * timestamp) good (valid, not revoked, not expired, etc.) subkey.
    3459             :    *
    3460             :    * Don't bother if we are only looking for a primary key or we need
    3461             :    * an exact match and the exact match is not a subkey.  */
    3462         386 :   if (req_prim || (foundk && foundk->pkt->pkttype != PKT_PUBLIC_SUBKEY))
    3463             :     ;
    3464             :   else
    3465             :     {
    3466             :       kbnode_t nextk;
    3467         385 :       int n_subkeys = 0;
    3468         385 :       int n_revoked_or_expired = 0;
    3469             : 
    3470             :       /* Either start a loop or check just this one subkey.  */
    3471        2726 :       for (k = foundk ? foundk : keyblock; k; k = nextk)
    3472             :         {
    3473        2341 :           if (foundk)
    3474             :             {
    3475             :               /* If FOUNDK is not NULL, then only consider that exact
    3476             :                  key, i.e., don't iterate.  */
    3477           2 :               nextk = NULL;
    3478             :             }
    3479             :           else
    3480        2339 :             nextk = k->next;
    3481             : 
    3482        2341 :           if (k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
    3483        1914 :             continue;
    3484             : 
    3485         427 :           pk = k->pkt->pkt.public_key;
    3486         427 :           if (DBG_LOOKUP)
    3487           0 :             log_debug ("\tchecking subkey %08lX\n",
    3488           0 :                        (ulong) keyid_from_pk (pk, NULL));
    3489             : 
    3490         427 :           if (!pk->flags.valid)
    3491             :             {
    3492           0 :               if (DBG_LOOKUP)
    3493           0 :                 log_debug ("\tsubkey not valid\n");
    3494           0 :               continue;
    3495             :             }
    3496         427 :           if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
    3497             :             {
    3498         145 :               if (DBG_LOOKUP)
    3499           0 :                 log_debug ("\tusage does not match: want=%x have=%x\n",
    3500           0 :                            req_usage, pk->pubkey_usage);
    3501         145 :               continue;
    3502             :             }
    3503             : 
    3504         282 :           n_subkeys++;
    3505         282 :           if (pk->flags.revoked)
    3506             :             {
    3507           0 :               if (DBG_LOOKUP)
    3508           0 :                 log_debug ("\tsubkey has been revoked\n");
    3509           0 :               n_revoked_or_expired++;
    3510           0 :               continue;
    3511             :             }
    3512         282 :           if (pk->has_expired)
    3513             :             {
    3514           0 :               if (DBG_LOOKUP)
    3515           0 :                 log_debug ("\tsubkey has expired\n");
    3516           0 :               n_revoked_or_expired++;
    3517           0 :               continue;
    3518             :             }
    3519         282 :           if (pk->timestamp > curtime && !opt.ignore_valid_from)
    3520             :             {
    3521           0 :               if (DBG_LOOKUP)
    3522           0 :                 log_debug ("\tsubkey not yet valid\n");
    3523           0 :               continue;
    3524             :             }
    3525             : 
    3526         282 :           if (DBG_LOOKUP)
    3527           0 :             log_debug ("\tsubkey might be fine\n");
    3528             :           /* In case a key has a timestamp of 0 set, we make sure
    3529             :              that it is used.  A better change would be to compare
    3530             :              ">=" but that might also change the selected keys and
    3531             :              is as such a more intrusive change.  */
    3532         282 :           if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
    3533             :             {
    3534         282 :               latest_date = pk->timestamp;
    3535         282 :               latest_key = k;
    3536             :             }
    3537             :         }
    3538         385 :       if (n_subkeys == n_revoked_or_expired && r_flags)
    3539         118 :         *r_flags |= LOOKUP_ALL_SUBKEYS_EXPIRED;
    3540             :     }
    3541             : 
    3542             :   /* Check if the primary key is ok (valid, not revoke, not expire,
    3543             :    * matches requested usage) if:
    3544             :    *
    3545             :    *   - we didn't find an appropriate subkey and we're not doing an
    3546             :    *     exact search,
    3547             :    *
    3548             :    *   - we're doing an exact match and the exact match was the
    3549             :    *     primary key, or,
    3550             :    *
    3551             :    *   - we're just considering the primary key.  */
    3552         386 :   if ((!latest_key && !want_exact) || foundk == keyblock || req_prim)
    3553             :     {
    3554         119 :       if (DBG_LOOKUP && !foundk && !req_prim)
    3555           0 :         log_debug ("\tno suitable subkeys found - trying primary\n");
    3556         119 :       pk = keyblock->pkt->pkt.public_key;
    3557         119 :       if (!pk->flags.valid)
    3558             :         {
    3559           0 :           if (DBG_LOOKUP)
    3560           0 :             log_debug ("\tprimary key not valid\n");
    3561             :         }
    3562         119 :       else if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
    3563             :         {
    3564           0 :           if (DBG_LOOKUP)
    3565           0 :             log_debug ("\tprimary key usage does not match: "
    3566           0 :                        "want=%x have=%x\n", req_usage, pk->pubkey_usage);
    3567             :         }
    3568         119 :       else if (pk->flags.revoked)
    3569             :         {
    3570           0 :           if (DBG_LOOKUP)
    3571           0 :             log_debug ("\tprimary key has been revoked\n");
    3572             :         }
    3573         119 :       else if (pk->has_expired)
    3574             :         {
    3575           0 :           if (DBG_LOOKUP)
    3576           0 :             log_debug ("\tprimary key has expired\n");
    3577             :         }
    3578             :       else /* Okay.  */
    3579             :         {
    3580         119 :           if (DBG_LOOKUP)
    3581           0 :             log_debug ("\tprimary key may be used\n");
    3582         119 :           latest_key = keyblock;
    3583             :         }
    3584             :     }
    3585             : 
    3586         386 :   if (!latest_key)
    3587             :     {
    3588           0 :       if (DBG_LOOKUP)
    3589           0 :         log_debug ("\tno suitable key found -  giving up\n");
    3590           0 :       if (r_flags)
    3591           0 :         *r_flags |= LOOKUP_NOT_SELECTED;
    3592           0 :       return NULL; /* Not found.  */
    3593             :     }
    3594             : 
    3595             :  found:
    3596        2482 :   if (DBG_LOOKUP)
    3597           0 :     log_debug ("\tusing key %08lX\n",
    3598           0 :                (ulong) keyid_from_pk (latest_key->pkt->pkt.public_key, NULL));
    3599             : 
    3600        2482 :   if (latest_key)
    3601             :     {
    3602        2482 :       pk = latest_key->pkt->pkt.public_key;
    3603        2482 :       free_user_id (pk->user_id);
    3604        2482 :       pk->user_id = scopy_user_id (foundu);
    3605             :     }
    3606             : 
    3607        2482 :   if (latest_key != keyblock && opt.verbose)
    3608             :     {
    3609           6 :       char *tempkeystr =
    3610           6 :         xstrdup (keystr_from_pk (latest_key->pkt->pkt.public_key));
    3611           6 :       log_info (_("using subkey %s instead of primary key %s\n"),
    3612           6 :                 tempkeystr, keystr_from_pk (keyblock->pkt->pkt.public_key));
    3613           6 :       xfree (tempkeystr);
    3614             :     }
    3615             : 
    3616        2482 :   cache_user_id (keyblock);
    3617             : 
    3618        2482 :   return latest_key ? latest_key : keyblock; /* Found.  */
    3619             : }
    3620             : 
    3621             : 
    3622             : /* Print a KEY_CONSIDERED status line.  */
    3623             : static void
    3624        2482 : print_status_key_considered (kbnode_t keyblock, unsigned int flags)
    3625             : {
    3626             :   char hexfpr[2*MAX_FINGERPRINT_LEN + 1];
    3627             :   kbnode_t node;
    3628             :   char flagbuf[20];
    3629             : 
    3630        2482 :   if (!is_status_enabled ())
    3631        4908 :     return;
    3632             : 
    3633          28 :   for (node=keyblock; node; node = node->next)
    3634          28 :     if (node->pkt->pkttype == PKT_PUBLIC_KEY
    3635           0 :         || node->pkt->pkttype == PKT_SECRET_KEY)
    3636             :       break;
    3637          28 :   if (!node)
    3638             :     {
    3639           0 :       log_error ("%s: keyblock w/o primary key\n", __func__);
    3640           0 :       return;
    3641             :     }
    3642             : 
    3643          28 :   hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr);
    3644          28 :   snprintf (flagbuf, sizeof flagbuf, " %u", flags);
    3645          28 :   write_status_strings (STATUS_KEY_CONSIDERED, hexfpr, flagbuf, NULL);
    3646             : }
    3647             : 
    3648             : 
    3649             : 
    3650             : /* A high-level function to lookup keys.
    3651             : 
    3652             :    This function builds on top of the low-level keydb API.  It first
    3653             :    searches the database using the description stored in CTX->ITEMS,
    3654             :    then it filters the results using CTX and, finally, if WANT_SECRET
    3655             :    is set, it ignores any keys for which no secret key is available.
    3656             : 
    3657             :    Unlike the low-level search functions, this function also merges
    3658             :    all of the self-signed data into the keys, subkeys and user id
    3659             :    packets (see the merge_selfsigs for details).
    3660             : 
    3661             :    On success the key's keyblock is stored at *RET_KEYBLOCK, and the
    3662             :    specific subkey is stored at *RET_FOUND_KEY.  Note that we do not
    3663             :    return a reference in *RET_FOUND_KEY, i.e. the result must not be
    3664             :    freed using 'release_kbnode', and it is only valid until
    3665             :    *RET_KEYBLOCK is deallocated.  Therefore, if RET_FOUND_KEY is not
    3666             :    NULL, then RET_KEYBLOCK must not be NULL.  */
    3667             : static int
    3668        2751 : lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
    3669             :         int want_secret)
    3670             : {
    3671             :   int rc;
    3672        2751 :   int no_suitable_key = 0;
    3673        2751 :   KBNODE keyblock = NULL;
    3674        2751 :   KBNODE found_key = NULL;
    3675             :   unsigned int infoflags;
    3676             : 
    3677        2751 :   log_assert (ret_found_key == NULL || ret_keyblock != NULL);
    3678        2751 :   if (ret_keyblock)
    3679        2750 :     *ret_keyblock = NULL;
    3680             : 
    3681             :   for (;;)
    3682             :     {
    3683        2751 :       rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL);
    3684        2751 :       if (rc)
    3685         275 :         break;
    3686             : 
    3687             :       /* If we are iterating over the entire database, then we need to
    3688             :          change from KEYDB_SEARCH_MODE_FIRST, which does an implicit
    3689             :          reset, to KEYDB_SEARCH_MODE_NEXT, which gets the next
    3690             :          record.  */
    3691        2476 :       if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
    3692          85 :         ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
    3693             : 
    3694        2476 :       rc = keydb_get_keyblock (ctx->kr_handle, &keyblock);
    3695        2476 :       if (rc)
    3696             :         {
    3697           0 :           log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
    3698           0 :           goto skip;
    3699             :         }
    3700             : 
    3701        2476 :       if (want_secret && agent_probe_any_secret_key (NULL, keyblock))
    3702           0 :         goto skip; /* No secret key available.  */
    3703             : 
    3704             :       /* Warning: node flag bits 0 and 1 should be preserved by
    3705             :        * merge_selfsigs.  */
    3706        2476 :       merge_selfsigs (keyblock);
    3707        2476 :       found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact,
    3708             :                                  &infoflags);
    3709        2476 :       print_status_key_considered (keyblock, infoflags);
    3710        2476 :       if (found_key)
    3711             :         {
    3712        2476 :           no_suitable_key = 0;
    3713        2476 :           goto found;
    3714             :         }
    3715             :       else
    3716             :         {
    3717           0 :           no_suitable_key = 1;
    3718             :         }
    3719             : 
    3720             :     skip:
    3721             :       /* Release resources and continue search. */
    3722           0 :       release_kbnode (keyblock);
    3723           0 :       keyblock = NULL;
    3724             :       /* The keyblock cache ignores the current "file position".
    3725             :          Thus, if we request the next result and the cache matches
    3726             :          (and it will since it is what we just looked for), we'll get
    3727             :          the same entry back!  We can avoid this infinite loop by
    3728             :          disabling the cache.  */
    3729           0 :       keydb_disable_caching (ctx->kr_handle);
    3730           0 :     }
    3731             : 
    3732             :  found:
    3733        2751 :   if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
    3734           0 :     log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
    3735             : 
    3736        2751 :   if (!rc)
    3737             :     {
    3738        2476 :       if (ret_keyblock)
    3739             :         {
    3740        2476 :           *ret_keyblock = keyblock; /* Return the keyblock.  */
    3741        2476 :           keyblock = NULL;
    3742             :         }
    3743             :     }
    3744         275 :   else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && no_suitable_key)
    3745           0 :     rc = want_secret? GPG_ERR_UNUSABLE_SECKEY : GPG_ERR_UNUSABLE_PUBKEY;
    3746         275 :   else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
    3747         275 :     rc = want_secret? GPG_ERR_NO_SECKEY : GPG_ERR_NO_PUBKEY;
    3748             : 
    3749        2751 :   release_kbnode (keyblock);
    3750             : 
    3751        2751 :   if (ret_found_key)
    3752             :     {
    3753        1910 :       if (! rc)
    3754        1745 :         *ret_found_key = found_key;
    3755             :       else
    3756         165 :         *ret_found_key = NULL;
    3757             :     }
    3758             : 
    3759        2751 :   return rc;
    3760             : }
    3761             : 
    3762             : 
    3763             : /* Enumerate some secret keys (specifically, those specified with
    3764             :  * --default-key and --try-secret-key).  Use the following procedure:
    3765             :  *
    3766             :  *  1) Initialize a void pointer to NULL
    3767             :  *  2) Pass a reference to this pointer to this function (content)
    3768             :  *     and provide space for the secret key (sk)
    3769             :  *  3) Call this function as long as it does not return an error (or
    3770             :  *     until you are done).  The error code GPG_ERR_EOF indicates the
    3771             :  *     end of the listing.
    3772             :  *  4) Call this function a last time with SK set to NULL,
    3773             :  *     so that can free it's context.
    3774             :  *
    3775             :  * In pseudo-code:
    3776             :  *
    3777             :  *   void *ctx = NULL;
    3778             :  *   PKT_public_key *sk = xmalloc_clear (sizeof (*sk));
    3779             :  *
    3780             :  *   while ((err = enum_secret_keys (&ctx, sk)))
    3781             :  *     { // Process SK.
    3782             :  *       if (done)
    3783             :  *         break;
    3784             :  *       free_public_key (sk);
    3785             :  *       sk = xmalloc_clear (sizeof (*sk));
    3786             :  *     }
    3787             :  *
    3788             :  *   // Release any resources used by CTX.
    3789             :  *   enum_secret_keys (&ctx, NULL);
    3790             :  *   free_public_key (sk);
    3791             :  *
    3792             :  *   if (gpg_err_code (err) != GPG_ERR_EOF)
    3793             :  *     ; // An error occurred.
    3794             :  */
    3795             : gpg_error_t
    3796           0 : enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
    3797             : {
    3798           0 :   gpg_error_t err = 0;
    3799             :   const char *name;
    3800             :   kbnode_t keyblock;
    3801             :   struct
    3802             :   {
    3803             :     int eof;
    3804             :     int state;
    3805             :     strlist_t sl;
    3806             :     kbnode_t keyblock;
    3807             :     kbnode_t node;
    3808             :     getkey_ctx_t ctx;
    3809           0 :   } *c = *context;
    3810             : 
    3811           0 :   if (!c)
    3812             :     {
    3813             :       /* Make a new context.  */
    3814           0 :       c = xtrycalloc (1, sizeof *c);
    3815           0 :       if (!c)
    3816           0 :         return gpg_error_from_syserror ();
    3817           0 :       *context = c;
    3818             :     }
    3819             : 
    3820           0 :   if (!sk)
    3821             :     {
    3822             :       /* Free the context.  */
    3823           0 :       release_kbnode (c->keyblock);
    3824           0 :       getkey_end (c->ctx);
    3825           0 :       xfree (c);
    3826           0 :       *context = NULL;
    3827           0 :       return 0;
    3828             :     }
    3829             : 
    3830           0 :   if (c->eof)
    3831           0 :     return gpg_error (GPG_ERR_EOF);
    3832             : 
    3833             :   for (;;)
    3834             :     {
    3835             :       /* Loop until we have a keyblock.  */
    3836           0 :       while (!c->keyblock)
    3837             :         {
    3838             :           /* Loop over the list of secret keys.  */
    3839             :           do
    3840             :             {
    3841           0 :               name = NULL;
    3842           0 :               keyblock = NULL;
    3843           0 :               switch (c->state)
    3844             :                 {
    3845             :                 case 0: /* First try to use the --default-key.  */
    3846           0 :                   name = parse_def_secret_key (ctrl);
    3847           0 :                   c->state = 1;
    3848           0 :                   break;
    3849             : 
    3850             :                 case 1: /* Init list of keys to try.  */
    3851           0 :                   c->sl = opt.secret_keys_to_try;
    3852           0 :                   c->state++;
    3853           0 :                   break;
    3854             : 
    3855             :                 case 2: /* Get next item from list.  */
    3856           0 :                   if (c->sl)
    3857             :                     {
    3858           0 :                       name = c->sl->d;
    3859           0 :                       c->sl = c->sl->next;
    3860             :                     }
    3861             :                   else
    3862           0 :                     c->state++;
    3863           0 :                   break;
    3864             : 
    3865             :                 case 3: /* Init search context to enum all secret keys.  */
    3866           0 :                   err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock);
    3867           0 :                   if (err)
    3868             :                     {
    3869           0 :                       release_kbnode (keyblock);
    3870           0 :                       keyblock = NULL;
    3871           0 :                       getkey_end (c->ctx);
    3872           0 :                       c->ctx = NULL;
    3873             :                     }
    3874           0 :                   c->state++;
    3875           0 :                   break;
    3876             : 
    3877             :                 case 4: /* Get next item from the context.  */
    3878           0 :                   if (c->ctx)
    3879             :                     {
    3880           0 :                       err = getkey_next (c->ctx, NULL, &keyblock);
    3881           0 :                       if (err)
    3882             :                         {
    3883           0 :                           release_kbnode (keyblock);
    3884           0 :                           keyblock = NULL;
    3885           0 :                           getkey_end (c->ctx);
    3886           0 :                           c->ctx = NULL;
    3887             :                         }
    3888             :                     }
    3889             :                   else
    3890           0 :                     c->state++;
    3891           0 :                   break;
    3892             : 
    3893             :                 default: /* No more names to check - stop.  */
    3894           0 :                   c->eof = 1;
    3895           0 :                   return gpg_error (GPG_ERR_EOF);
    3896             :                 }
    3897             :             }
    3898           0 :           while ((!name || !*name) && !keyblock);
    3899             : 
    3900           0 :           if (keyblock)
    3901           0 :             c->node = c->keyblock = keyblock;
    3902             :           else
    3903             :             {
    3904           0 :               err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
    3905           0 :               if (err)
    3906             :                 {
    3907             :                   /* getkey_byname might return a keyblock even in the
    3908             :                      error case - I have not checked.  Thus better release
    3909             :                      it.  */
    3910           0 :                   release_kbnode (c->keyblock);
    3911           0 :                   c->keyblock = NULL;
    3912             :                 }
    3913             :               else
    3914           0 :                 c->node = c->keyblock;
    3915             :             }
    3916             :         }
    3917             : 
    3918             :       /* Get the next key from the current keyblock.  */
    3919           0 :       for (; c->node; c->node = c->node->next)
    3920             :         {
    3921           0 :           if (c->node->pkt->pkttype == PKT_PUBLIC_KEY
    3922           0 :               || c->node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    3923             :             {
    3924           0 :               copy_public_key (sk, c->node->pkt->pkt.public_key);
    3925           0 :               c->node = c->node->next;
    3926           0 :               return 0; /* Found.  */
    3927             :             }
    3928             :         }
    3929             : 
    3930             :       /* Dispose the keyblock and continue.  */
    3931           0 :       release_kbnode (c->keyblock);
    3932           0 :       c->keyblock = NULL;
    3933           0 :     }
    3934             : }
    3935             : 
    3936             : 
    3937             : /*********************************************
    3938             :  ***********  User ID printing helpers *******
    3939             :  *********************************************/
    3940             : 
    3941             : /* Return a string with a printable representation of the user_id.
    3942             :  * this string must be freed by xfree.   */
    3943             : static char *
    3944         718 : get_user_id_string (u32 * keyid, int mode, size_t *r_len)
    3945             : {
    3946             :   user_id_db_t r;
    3947             :   keyid_list_t a;
    3948         718 :   int pass = 0;
    3949             :   char *p;
    3950             : 
    3951             :   /* Try it two times; second pass reads from the database.  */
    3952             :   do
    3953             :     {
    3954         753 :       for (r = user_id_db; r; r = r->next)
    3955             :         {
    3956        1280 :           for (a = r->keyids; a; a = a->next)
    3957             :             {
    3958        1253 :               if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
    3959             :                 {
    3960         713 :                   if (mode == 2)
    3961             :                     {
    3962             :                       /* An empty string as user id is possible.  Make
    3963             :                          sure that the malloc allocates one byte and
    3964             :                          does not bail out.  */
    3965         706 :                       p = xmalloc (r->len? r->len : 1);
    3966         706 :                       memcpy (p, r->name, r->len);
    3967         706 :                       if (r_len)
    3968         706 :                         *r_len = r->len;
    3969             :                     }
    3970             :                   else
    3971             :                     {
    3972           7 :                       if (mode)
    3973           3 :                         p = xasprintf ("%08lX%08lX %.*s",
    3974           2 :                                        (ulong) keyid[0], (ulong) keyid[1],
    3975           1 :                                        r->len, r->name);
    3976             :                       else
    3977           6 :                         p = xasprintf ("%s %.*s", keystr (keyid),
    3978           6 :                                        r->len, r->name);
    3979           7 :                       if (r_len)
    3980           0 :                         *r_len = strlen (p);
    3981             :                     }
    3982             : 
    3983         713 :                   return p;
    3984             :                 }
    3985             :             }
    3986             :         }
    3987             :     }
    3988          13 :   while (++pass < 2 && !get_pubkey (NULL, keyid));
    3989             : 
    3990           5 :   if (mode == 2)
    3991           5 :     p = xstrdup (user_id_not_found_utf8 ());
    3992           0 :   else if (mode)
    3993           0 :     p = xasprintf ("%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]);
    3994             :   else
    3995           0 :     p = xasprintf ("%s [?]", keystr (keyid));
    3996             : 
    3997           5 :   if (r_len)
    3998           5 :     *r_len = strlen (p);
    3999           5 :   return p;
    4000             : }
    4001             : 
    4002             : 
    4003             : char *
    4004           6 : get_user_id_string_native (u32 * keyid)
    4005             : {
    4006           6 :   char *p = get_user_id_string (keyid, 0, NULL);
    4007           6 :   char *p2 = utf8_to_native (p, strlen (p), 0);
    4008           6 :   xfree (p);
    4009           6 :   return p2;
    4010             : }
    4011             : 
    4012             : 
    4013             : char *
    4014           1 : get_long_user_id_string (u32 * keyid)
    4015             : {
    4016           1 :   return get_user_id_string (keyid, 1, NULL);
    4017             : }
    4018             : 
    4019             : 
    4020             : /* Please try to use get_user_byfpr instead of this one.  */
    4021             : char *
    4022         711 : get_user_id (u32 * keyid, size_t * rn)
    4023             : {
    4024         711 :   return get_user_id_string (keyid, 2, rn);
    4025             : }
    4026             : 
    4027             : 
    4028             : /* Please try to use get_user_id_byfpr_native instead of this one.  */
    4029             : char *
    4030         267 : get_user_id_native (u32 * keyid)
    4031             : {
    4032             :   size_t rn;
    4033         267 :   char *p = get_user_id (keyid, &rn);
    4034         267 :   char *p2 = utf8_to_native (p, rn, 0);
    4035         267 :   xfree (p);
    4036         267 :   return p2;
    4037             : }
    4038             : 
    4039             : 
    4040             : /* Return the user id for a key designated by its fingerprint, FPR,
    4041             :    which must be MAX_FINGERPRINT_LEN bytes in size.  Note: the
    4042             :    returned string, which must be freed using xfree, may not be NUL
    4043             :    terminated.  To determine the length of the string, you must use
    4044             :    *RN.  */
    4045             : char *
    4046         186 : get_user_id_byfpr (const byte *fpr, size_t *rn)
    4047             : {
    4048             :   user_id_db_t r;
    4049             :   char *p;
    4050         186 :   int pass = 0;
    4051             : 
    4052             :   /* Try it two times; second pass reads from the database.  */
    4053             :   do
    4054             :     {
    4055        1601 :       for (r = user_id_db; r; r = r->next)
    4056             :         {
    4057             :           keyid_list_t a;
    4058        3952 :           for (a = r->keyids; a; a = a->next)
    4059             :             {
    4060        2723 :               if (!memcmp (a->fpr, fpr, MAX_FINGERPRINT_LEN))
    4061             :                 {
    4062             :                   /* An empty string as user id is possible.  Make
    4063             :                      sure that the malloc allocates one byte and does
    4064             :                      not bail out.  */
    4065         186 :                   p = xmalloc (r->len? r->len : 1);
    4066         186 :                   memcpy (p, r->name, r->len);
    4067         186 :                   *rn = r->len;
    4068         186 :                   return p;
    4069             :                 }
    4070             :             }
    4071             :         }
    4072             :     }
    4073             :   while (++pass < 2
    4074         186 :          && !get_pubkey_byfprint (NULL, NULL, fpr, MAX_FINGERPRINT_LEN));
    4075           0 :   p = xstrdup (user_id_not_found_utf8 ());
    4076           0 :   *rn = strlen (p);
    4077           0 :   return p;
    4078             : }
    4079             : 
    4080             : /* Like get_user_id_byfpr, but convert the string to the native
    4081             :    encoding.  The returned string needs to be freed.  Unlike
    4082             :    get_user_id_byfpr, the returned string is NUL terminated.  */
    4083             : char *
    4084         186 : get_user_id_byfpr_native (const byte *fpr)
    4085             : {
    4086             :   size_t rn;
    4087         186 :   char *p = get_user_id_byfpr (fpr, &rn);
    4088         186 :   char *p2 = utf8_to_native (p, rn, 0);
    4089         186 :   xfree (p);
    4090         186 :   return p2;
    4091             : }
    4092             : 
    4093             : 
    4094             : /* Return the database handle used by this context.  The context still
    4095             :    owns the handle.  */
    4096             : KEYDB_HANDLE
    4097           0 : get_ctx_handle (GETKEY_CTX ctx)
    4098             : {
    4099           0 :   return ctx->kr_handle;
    4100             : }
    4101             : 
    4102             : static void
    4103           0 : free_akl (struct akl *akl)
    4104             : {
    4105           0 :   if (! akl)
    4106           0 :     return;
    4107             : 
    4108           0 :   if (akl->spec)
    4109           0 :     free_keyserver_spec (akl->spec);
    4110             : 
    4111           0 :   xfree (akl);
    4112             : }
    4113             : 
    4114             : void
    4115           0 : release_akl (void)
    4116             : {
    4117           0 :   while (opt.auto_key_locate)
    4118             :     {
    4119           0 :       struct akl *akl2 = opt.auto_key_locate;
    4120           0 :       opt.auto_key_locate = opt.auto_key_locate->next;
    4121           0 :       free_akl (akl2);
    4122             :     }
    4123           0 : }
    4124             : 
    4125             : /* Returns false on error. */
    4126             : int
    4127           0 : parse_auto_key_locate (char *options)
    4128             : {
    4129             :   char *tok;
    4130             : 
    4131           0 :   while ((tok = optsep (&options)))
    4132             :     {
    4133           0 :       struct akl *akl, *check, *last = NULL;
    4134           0 :       int dupe = 0;
    4135             : 
    4136           0 :       if (tok[0] == '\0')
    4137           0 :         continue;
    4138             : 
    4139           0 :       akl = xmalloc_clear (sizeof (*akl));
    4140             : 
    4141           0 :       if (ascii_strcasecmp (tok, "clear") == 0)
    4142             :         {
    4143           0 :           xfree (akl);
    4144           0 :           free_akl (opt.auto_key_locate);
    4145           0 :           opt.auto_key_locate = NULL;
    4146           0 :           continue;
    4147             :         }
    4148           0 :       else if (ascii_strcasecmp (tok, "nodefault") == 0)
    4149           0 :         akl->type = AKL_NODEFAULT;
    4150           0 :       else if (ascii_strcasecmp (tok, "local") == 0)
    4151           0 :         akl->type = AKL_LOCAL;
    4152           0 :       else if (ascii_strcasecmp (tok, "ldap") == 0)
    4153           0 :         akl->type = AKL_LDAP;
    4154           0 :       else if (ascii_strcasecmp (tok, "keyserver") == 0)
    4155           0 :         akl->type = AKL_KEYSERVER;
    4156             : #ifdef USE_DNS_CERT
    4157           0 :       else if (ascii_strcasecmp (tok, "cert") == 0)
    4158           0 :         akl->type = AKL_CERT;
    4159             : #endif
    4160           0 :       else if (ascii_strcasecmp (tok, "pka") == 0)
    4161           0 :         akl->type = AKL_PKA;
    4162           0 :       else if (ascii_strcasecmp (tok, "dane") == 0)
    4163           0 :         akl->type = AKL_DANE;
    4164           0 :       else if (ascii_strcasecmp (tok, "wkd") == 0)
    4165           0 :         akl->type = AKL_WKD;
    4166           0 :       else if ((akl->spec = parse_keyserver_uri (tok, 1)))
    4167           0 :         akl->type = AKL_SPEC;
    4168             :       else
    4169             :         {
    4170           0 :           free_akl (akl);
    4171           0 :           return 0;
    4172             :         }
    4173             : 
    4174             :       /* We must maintain the order the user gave us */
    4175           0 :       for (check = opt.auto_key_locate; check;
    4176           0 :            last = check, check = check->next)
    4177             :         {
    4178             :           /* Check for duplicates */
    4179           0 :           if (check->type == akl->type
    4180           0 :               && (akl->type != AKL_SPEC
    4181           0 :                   || (akl->type == AKL_SPEC
    4182           0 :                       && strcmp (check->spec->uri, akl->spec->uri) == 0)))
    4183             :             {
    4184           0 :               dupe = 1;
    4185           0 :               free_akl (akl);
    4186           0 :               break;
    4187             :             }
    4188             :         }
    4189             : 
    4190           0 :       if (!dupe)
    4191             :         {
    4192           0 :           if (last)
    4193           0 :             last->next = akl;
    4194             :           else
    4195           0 :             opt.auto_key_locate = akl;
    4196             :         }
    4197             :     }
    4198             : 
    4199           0 :   return 1;
    4200             : }
    4201             : 
    4202             : 
    4203             : /* Returns true if a secret key is available for the public key with
    4204             :    key id KEYID; returns false if not.  This function ignores legacy
    4205             :    keys.  Note: this is just a fast check and does not tell us whether
    4206             :    the secret key is valid; this check merely indicates whether there
    4207             :    is some secret key with the specified key id.  */
    4208             : int
    4209         501 : have_secret_key_with_kid (u32 *keyid)
    4210             : {
    4211             :   gpg_error_t err;
    4212             :   KEYDB_HANDLE kdbhd;
    4213             :   KEYDB_SEARCH_DESC desc;
    4214             :   kbnode_t keyblock;
    4215             :   kbnode_t node;
    4216         501 :   int result = 0;
    4217             : 
    4218         501 :   kdbhd = keydb_new ();
    4219         501 :   if (!kdbhd)
    4220           0 :     return 0;
    4221         501 :   memset (&desc, 0, sizeof desc);
    4222         501 :   desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
    4223         501 :   desc.u.kid[0] = keyid[0];
    4224         501 :   desc.u.kid[1] = keyid[1];
    4225        1504 :   while (!result)
    4226             :     {
    4227         732 :       err = keydb_search (kdbhd, &desc, 1, NULL);
    4228         732 :       if (err)
    4229         230 :         break;
    4230             : 
    4231         502 :       err = keydb_get_keyblock (kdbhd, &keyblock);
    4232         502 :       if (err)
    4233             :         {
    4234           0 :           log_error (_("error reading keyblock: %s\n"), gpg_strerror (err));
    4235           0 :           break;
    4236             :         }
    4237             : 
    4238        1300 :       for (node = keyblock; node; node = node->next)
    4239             :         {
    4240             :           /* Bit 0 of the flags is set if the search found the key
    4241             :              using that key or subkey.  Note: a search will only ever
    4242             :              match a single key or subkey.  */
    4243        1300 :           if ((node->flag & 1))
    4244             :             {
    4245         502 :               log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
    4246             :                           || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
    4247             : 
    4248         502 :               if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
    4249         271 :                 result = 1; /* Secret key available.  */
    4250             :               else
    4251         231 :                 result = 0;
    4252             : 
    4253         502 :               break;
    4254             :             }
    4255             :         }
    4256         502 :       release_kbnode (keyblock);
    4257             :     }
    4258             : 
    4259         501 :   keydb_release (kdbhd);
    4260         501 :   return result;
    4261             : }

Generated by: LCOV version 1.11