LCOV - code coverage report
Current view: top level - g10 - mainproc.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 588 1152 51.0 %
Date: 2016-11-29 15:00:56 Functions: 23 33 69.7 %

          Line data    Source code
       1             : /* mainproc.c - handle packets
       2             :  * Copyright (C) 1998-2009 Free Software Foundation, Inc.
       3             :  * Copyright (C) 2013-2014 Werner Koch
       4             :  *
       5             :  * This file is part of GnuPG.
       6             :  *
       7             :  * GnuPG is free software; you can redistribute it and/or modify
       8             :  * it under the terms of the GNU General Public License as published by
       9             :  * the Free Software Foundation; either version 3 of the License, or
      10             :  * (at your option) any later version.
      11             :  *
      12             :  * GnuPG is distributed in the hope that it will be useful,
      13             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :  * GNU General Public License for more details.
      16             :  *
      17             :  * You should have received a copy of the GNU General Public License
      18             :  * along with this program; if not, see <https://www.gnu.org/licenses/>.
      19             :  */
      20             : 
      21             : #include <config.h>
      22             : #include <stdio.h>
      23             : #include <stdlib.h>
      24             : #include <string.h>
      25             : #include <time.h>
      26             : 
      27             : #include "gpg.h"
      28             : #include "util.h"
      29             : #include "packet.h"
      30             : #include "iobuf.h"
      31             : #include "options.h"
      32             : #include "keydb.h"
      33             : #include "filter.h"
      34             : #include "main.h"
      35             : #include "status.h"
      36             : #include "i18n.h"
      37             : #include "trustdb.h"
      38             : #include "keyserver-internal.h"
      39             : #include "photoid.h"
      40             : #include "mbox-util.h"
      41             : #include "call-dirmngr.h"
      42             : 
      43             : /* Put an upper limit on nested packets.  The 32 is an arbitrary
      44             :    value, a much lower should actually be sufficient.  */
      45             : #define MAX_NESTING_DEPTH 32
      46             : 
      47             : 
      48             : /* An object to build a list of keyid related info.  */
      49             : struct kidlist_item
      50             : {
      51             :   struct kidlist_item *next;
      52             :   u32 kid[2];
      53             :   int pubkey_algo;
      54             :   int reason;
      55             : };
      56             : 
      57             : 
      58             : /*
      59             :  * Object to hold the processing context.
      60             :  */
      61             : typedef struct mainproc_context *CTX;
      62             : struct mainproc_context
      63             : {
      64             :   ctrl_t ctrl;
      65             :   struct mainproc_context *anchor;  /* May be useful in the future. */
      66             :   PKT_public_key *last_pubkey;
      67             :   PKT_user_id     *last_user_id;
      68             :   md_filter_context_t mfx;
      69             :   int sigs_only;    /* Process only signatures and reject all other stuff. */
      70             :   int encrypt_only; /* Process only encryption messages. */
      71             : 
      72             :   /* Name of the file with the complete signature or the file with the
      73             :      detached signature.  This is currently only used to deduce the
      74             :      file name of the data file if that has not been given. */
      75             :   const char *sigfilename;
      76             : 
      77             :   /* A structure to describe the signed data in case of a detached
      78             :      signature. */
      79             :   struct
      80             :   {
      81             :     /* A file descriptor of the the signed data.  Only used if not -1. */
      82             :     int data_fd;
      83             :     /* A list of filenames with the data files or NULL. This is only
      84             :        used if DATA_FD is -1. */
      85             :     strlist_t data_names;
      86             :     /* Flag to indicated that either one of the next previous fields
      87             :        is used.  This is only needed for better readability. */
      88             :     int used;
      89             :   } signed_data;
      90             : 
      91             :   DEK *dek;
      92             :   int last_was_session_key;
      93             :   kbnode_t list;    /* The current list of packets. */
      94             :   iobuf_t iobuf;    /* Used to get the filename etc. */
      95             :   int trustletter;  /* Temporary usage in list_node. */
      96             :   ulong symkeys;
      97             :   struct kidlist_item *pkenc_list; /* List of encryption packets. */
      98             :   struct {
      99             :     unsigned int sig_seen:1;      /* Set to true if a signature packet
     100             :                                      has been seen. */
     101             :     unsigned int data:1;          /* Any data packet seen */
     102             :     unsigned int uncompress_failed:1;
     103             :   } any;
     104             : };
     105             : 
     106             : 
     107             : /*** Local prototypes.  ***/
     108             : static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
     109             : static void list_node (CTX c, kbnode_t node);
     110             : static void proc_tree (CTX c, kbnode_t node);
     111             : static int literals_seen;
     112             : 
     113             : 
     114             : /*** Functions.  ***/
     115             : 
     116             : 
     117             : void
     118           3 : reset_literals_seen(void)
     119             : {
     120           3 :   literals_seen = 0;
     121           3 : }
     122             : 
     123             : 
     124             : static void
     125        1242 : release_list( CTX c )
     126             : {
     127        1242 :   proc_tree (c, c->list);
     128        1239 :   release_kbnode (c->list);
     129        2749 :   while (c->pkenc_list)
     130             :     {
     131         271 :       struct kidlist_item *tmp = c->pkenc_list->next;
     132         271 :       xfree (c->pkenc_list);
     133         271 :       c->pkenc_list = tmp;
     134             :     }
     135        1239 :   c->pkenc_list = NULL;
     136        1239 :   c->list = NULL;
     137        1239 :   c->any.data = 0;
     138        1239 :   c->any.uncompress_failed = 0;
     139        1239 :   c->last_was_session_key = 0;
     140        1239 :   xfree (c->dek);
     141        1239 :   c->dek = NULL;
     142        1239 : }
     143             : 
     144             : 
     145             : static int
     146         154 : add_onepass_sig (CTX c, PACKET *pkt)
     147             : {
     148             :   kbnode_t node;
     149             : 
     150         154 :   if (c->list) /* Add another packet. */
     151           5 :     add_kbnode (c->list, new_kbnode (pkt));
     152             :   else /* Insert the first one.  */
     153         149 :     c->list = node = new_kbnode (pkt);
     154             : 
     155         154 :   return 1;
     156             : }
     157             : 
     158             : 
     159             : static int
     160          17 : add_gpg_control (CTX c, PACKET *pkt)
     161             : {
     162          17 :   if ( pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
     163             :     {
     164             :       /* New clear text signature.
     165             :        * Process the last one and reset everything */
     166          17 :       release_list(c);
     167             :     }
     168             : 
     169          17 :   if (c->list)  /* Add another packet.  */
     170           0 :     add_kbnode (c->list, new_kbnode (pkt));
     171             :   else /* Insert the first one. */
     172          17 :     c->list = new_kbnode (pkt);
     173             : 
     174          17 :   return 1;
     175             : }
     176             : 
     177             : 
     178             : static int
     179           0 : add_user_id (CTX c, PACKET *pkt)
     180             : {
     181           0 :   if (!c->list)
     182             :     {
     183           0 :       log_error ("orphaned user ID\n");
     184           0 :       return 0;
     185             :     }
     186           0 :   add_kbnode (c->list, new_kbnode (pkt));
     187           0 :   return 1;
     188             : }
     189             : 
     190             : 
     191             : static int
     192           0 : add_subkey (CTX c, PACKET *pkt)
     193             : {
     194           0 :   if (!c->list)
     195             :     {
     196           0 :       log_error ("subkey w/o mainkey\n");
     197           0 :       return 0;
     198             :     }
     199           0 :   add_kbnode (c->list, new_kbnode (pkt));
     200           0 :   return 1;
     201             : }
     202             : 
     203             : 
     204             : static int
     205           0 : add_ring_trust (CTX c, PACKET *pkt)
     206             : {
     207           0 :   if (!c->list)
     208             :     {
     209           0 :       log_error ("ring trust w/o key\n");
     210           0 :       return 0;
     211             :     }
     212           0 :   add_kbnode (c->list, new_kbnode (pkt));
     213           0 :   return 1;
     214             : }
     215             : 
     216             : 
     217             : static int
     218         199 : add_signature (CTX c, PACKET *pkt)
     219             : {
     220             :   kbnode_t node;
     221             : 
     222         199 :   c->any.sig_seen = 1;
     223         199 :   if (pkt->pkttype == PKT_SIGNATURE && !c->list)
     224             :     {
     225             :       /* This is the first signature for the following datafile.
     226             :        * GPG does not write such packets; instead it always uses
     227             :        * onepass-sig packets.  The drawback of PGP's method
     228             :        * of prepending the signature to the data is
     229             :        * that it is not possible to make a signature from data read
     230             :        * from stdin.    (GPG is able to read PGP stuff anyway.) */
     231          19 :       node = new_kbnode (pkt);
     232          19 :       c->list = node;
     233          19 :       return 1;
     234             :     }
     235         180 :   else if (!c->list)
     236           0 :     return 0; /* oops (invalid packet sequence)*/
     237         180 :   else if (!c->list->pkt)
     238           0 :     BUG();    /* so nicht */
     239             : 
     240             :   /* Add a new signature node item at the end. */
     241         180 :   node = new_kbnode (pkt);
     242         180 :   add_kbnode (c->list, node);
     243             : 
     244         180 :   return 1;
     245             : }
     246             : 
     247             : static int
     248           0 : symkey_decrypt_seskey (DEK *dek, byte *seskey, size_t slen)
     249             : {
     250             :   gcry_cipher_hd_t hd;
     251             : 
     252           0 :   if(slen < 17 || slen > 33)
     253             :     {
     254           0 :       log_error ( _("weird size for an encrypted session key (%d)\n"),
     255             :                   (int)slen);
     256           0 :       return GPG_ERR_BAD_KEY;
     257             :     }
     258             : 
     259           0 :   if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
     260           0 :       BUG ();
     261           0 :   if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
     262           0 :     BUG ();
     263           0 :   gcry_cipher_setiv ( hd, NULL, 0 );
     264           0 :   gcry_cipher_decrypt ( hd, seskey, slen, NULL, 0 );
     265           0 :   gcry_cipher_close ( hd );
     266             : 
     267             :   /* Now we replace the dek components with the real session key to
     268             :      decrypt the contents of the sequencing packet. */
     269             : 
     270           0 :   dek->keylen=slen-1;
     271           0 :   dek->algo=seskey[0];
     272             : 
     273           0 :   if(dek->keylen > DIM(dek->key))
     274           0 :     BUG ();
     275             : 
     276           0 :   memcpy(dek->key, seskey + 1, dek->keylen);
     277             : 
     278             :   /*log_hexdump( "thekey", dek->key, dek->keylen );*/
     279             : 
     280           0 :   return 0;
     281             : }
     282             : 
     283             : 
     284             : static void
     285          59 : proc_symkey_enc (CTX c, PACKET *pkt)
     286             : {
     287             :   PKT_symkey_enc *enc;
     288             : 
     289          59 :   enc = pkt->pkt.symkey_enc;
     290          59 :   if (!enc)
     291           0 :     log_error ("invalid symkey encrypted packet\n");
     292          59 :   else if(!c->dek)
     293             :     {
     294          57 :       int algo = enc->cipher_algo;
     295          57 :       const char *s = openpgp_cipher_algo_name (algo);
     296             : 
     297          57 :       if (!openpgp_cipher_test_algo (algo))
     298             :         {
     299          57 :           if (!opt.quiet)
     300             :             {
     301          57 :               if (enc->seskeylen)
     302           0 :                 log_info (_("%s encrypted session key\n"), s );
     303             :               else
     304          57 :                 log_info (_("%s encrypted data\n"), s );
     305             :             }
     306             :         }
     307             :       else
     308           0 :         log_error (_("encrypted with unknown algorithm %d\n"), algo);
     309             : 
     310          57 :       if (openpgp_md_test_algo (enc->s2k.hash_algo))
     311             :         {
     312           0 :           log_error(_("passphrase generated with unknown digest"
     313           0 :                       " algorithm %d\n"),enc->s2k.hash_algo);
     314           0 :           s = NULL;
     315             :         }
     316             : 
     317          57 :       c->last_was_session_key = 2;
     318          57 :       if (!s || opt.list_only)
     319             :         goto leave;
     320             : 
     321          57 :       if (opt.override_session_key)
     322             :         {
     323           0 :           c->dek = xmalloc_clear (sizeof *c->dek);
     324           0 :           if (get_override_session_key (c->dek, opt.override_session_key))
     325             :             {
     326           0 :               xfree (c->dek);
     327           0 :               c->dek = NULL;
     328             :             }
     329             :         }
     330             :       else
     331             :         {
     332          57 :           c->dek = passphrase_to_dek (algo, &enc->s2k, 0, 0, NULL, NULL);
     333          57 :           if (c->dek)
     334             :             {
     335          57 :               c->dek->symmetric = 1;
     336             : 
     337             :               /* FIXME: This doesn't work perfectly if a symmetric key
     338             :                  comes before a public key in the message - if the
     339             :                  user doesn't know the passphrase, then there is a
     340             :                  chance that the "decrypted" algorithm will happen to
     341             :                  be a valid one, which will make the returned dek
     342             :                  appear valid, so we won't try any public keys that
     343             :                  come later. */
     344          57 :               if (enc->seskeylen)
     345             :                 {
     346           0 :                   if (symkey_decrypt_seskey (c->dek,
     347           0 :                                              enc->seskey, enc->seskeylen))
     348             :                     {
     349           0 :                       xfree (c->dek);
     350           0 :                       c->dek = NULL;
     351             :                     }
     352             :                 }
     353             :               else
     354          57 :                 c->dek->algo_info_printed = 1;
     355             :             }
     356             :         }
     357             :     }
     358             : 
     359             :  leave:
     360          59 :   c->symkeys++;
     361          59 :   free_packet (pkt);
     362          59 : }
     363             : 
     364             : 
     365             : static void
     366         271 : proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
     367             : {
     368             :   PKT_pubkey_enc *enc;
     369         271 :   int result = 0;
     370             : 
     371             :   /* Check whether the secret key is available and store in this case.  */
     372         271 :   c->last_was_session_key = 1;
     373         271 :   enc = pkt->pkt.pubkey_enc;
     374             :   /*printf("enc: encrypted by a pubkey with keyid %08lX\n", enc->keyid[1] );*/
     375             :   /* Hmmm: why do I have this algo check here - anyway there is
     376             :    * function to check it. */
     377         271 :   if (opt.verbose)
     378           0 :     log_info (_("public key is %s\n"), keystr (enc->keyid));
     379             : 
     380         271 :   if (is_status_enabled())
     381             :     {
     382             :       char buf[50];
     383             :       /* FIXME: For ECC support we need to map the OpenPGP algo number
     384             :          to the Libgcrypt defined one.  This is due a chicken-egg
     385             :          problem: We need to have code in Libgcrypt for a new
     386             :          algorithm so to implement a proposed new algorithm before the
     387             :          IANA will finally assign an OpenPGP identifier.  */
     388           0 :       snprintf (buf, sizeof buf, "%08lX%08lX %d 0",
     389           0 :                 (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo);
     390           0 :       write_status_text (STATUS_ENC_TO, buf);
     391             :     }
     392             : 
     393         271 :   if (!opt.list_only && opt.override_session_key)
     394             :     {
     395             :       /* It does not make much sense to store the session key in
     396             :        * secure memory because it has already been passed on the
     397             :        * command line and the GCHQ knows about it.  */
     398           0 :       c->dek = xmalloc_clear (sizeof *c->dek);
     399           0 :       result = get_override_session_key (c->dek, opt.override_session_key);
     400           0 :       if (result)
     401             :         {
     402           0 :           xfree (c->dek);
     403           0 :           c->dek = NULL;
     404             :         }
     405             :     }
     406         271 :   else if (enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
     407          36 :            || enc->pubkey_algo == PUBKEY_ALGO_ECDH
     408           9 :            || enc->pubkey_algo == PUBKEY_ALGO_RSA
     409           0 :            || enc->pubkey_algo == PUBKEY_ALGO_RSA_E
     410           0 :            || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)
     411             :     {
     412             :       /* Note that we also allow type 20 Elgamal keys for decryption.
     413             :          There are still a couple of those keys in active use as a
     414             :          subkey.  */
     415             : 
     416             :       /* FIXME: Store this all in a list and process it later so that
     417             :          we can prioritize what key to use.  This gives a better user
     418             :          experience if wildcard keyids are used.  */
     419         542 :       if  (!c->dek && ((!enc->keyid[0] && !enc->keyid[1])
     420         262 :                        || opt.try_all_secrets
     421         262 :                        || have_secret_key_with_kid (enc->keyid)))
     422             :         {
     423         524 :           if(opt.list_only)
     424           0 :             result = -1;
     425             :           else
     426             :             {
     427         262 :               c->dek = xmalloc_secure_clear (sizeof *c->dek);
     428         262 :               if ((result = get_session_key (ctrl, enc, c->dek)))
     429             :                 {
     430             :                   /* Error: Delete the DEK. */
     431           0 :                   xfree (c->dek);
     432           0 :                   c->dek = NULL;
     433             :                 }
     434             :             }
     435             :         }
     436             :       else
     437           9 :         result = GPG_ERR_NO_SECKEY;
     438             :     }
     439             :   else
     440           0 :     result = GPG_ERR_PUBKEY_ALGO;
     441             : 
     442         271 :   if (result == -1)
     443             :     ;
     444             :   else
     445             :     {
     446             :       /* Store it for later display.  */
     447         271 :       struct kidlist_item *x = xmalloc (sizeof *x);
     448         271 :       x->kid[0] = enc->keyid[0];
     449         271 :       x->kid[1] = enc->keyid[1];
     450         271 :       x->pubkey_algo = enc->pubkey_algo;
     451         271 :       x->reason = result;
     452         271 :       x->next = c->pkenc_list;
     453         271 :       c->pkenc_list = x;
     454             : 
     455         271 :       if (!result && opt.verbose > 1)
     456           0 :         log_info (_("public key encrypted data: good DEK\n"));
     457             :     }
     458             : 
     459         271 :   free_packet(pkt);
     460         271 : }
     461             : 
     462             : 
     463             : /*
     464             :  * Print the list of public key encrypted packets which we could
     465             :  * not decrypt.
     466             :  */
     467             : static void
     468         638 : print_pkenc_list (struct kidlist_item *list, int failed)
     469             : {
     470        1180 :   for (; list; list = list->next)
     471             :     {
     472             :       PKT_public_key *pk;
     473             :       const char *algstr;
     474             : 
     475         542 :       if (failed && !list->reason)
     476         262 :         continue;
     477         280 :       if (!failed && list->reason)
     478           9 :         continue;
     479             : 
     480         271 :       algstr = openpgp_pk_algo_name (list->pubkey_algo);
     481         271 :       pk = xmalloc_clear (sizeof *pk);
     482             : 
     483         271 :       if (!algstr)
     484           0 :         algstr = "[?]";
     485         271 :       pk->pubkey_algo = list->pubkey_algo;
     486         271 :       if (!get_pubkey (pk, list->kid))
     487             :         {
     488             :           char *p;
     489         267 :           log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"),
     490             :                     nbits_from_pk (pk), algstr, keystr_from_pk(pk),
     491             :                     strtimestamp (pk->timestamp));
     492         267 :           p = get_user_id_native (list->kid);
     493         267 :           log_printf (_("      \"%s\"\n"), p);
     494         267 :           xfree (p);
     495             :         }
     496             :       else
     497           4 :         log_info (_("encrypted with %s key, ID %s\n"),
     498           4 :                   algstr, keystr(list->kid));
     499             : 
     500         271 :       free_public_key (pk);
     501             : 
     502         271 :       if (gpg_err_code (list->reason) == GPG_ERR_NO_SECKEY)
     503             :         {
     504           9 :           if (is_status_enabled())
     505             :             {
     506             :               char buf[20];
     507           0 :               snprintf (buf, sizeof buf, "%08lX%08lX",
     508           0 :                         (ulong)list->kid[0], (ulong)list->kid[1]);
     509           0 :               write_status_text (STATUS_NO_SECKEY, buf);
     510             :             }
     511             :         }
     512         262 :       else if (list->reason)
     513             :         {
     514           0 :           log_info (_("public key decryption failed: %s\n"),
     515           0 :                     gpg_strerror (list->reason));
     516           0 :           write_status_error ("pkdecrypt_failed", list->reason);
     517             :         }
     518             :     }
     519         638 : }
     520             : 
     521             : 
     522             : static void
     523         319 : proc_encrypted (CTX c, PACKET *pkt)
     524             : {
     525         319 :   int result = 0;
     526             : 
     527         319 :   if (!opt.quiet)
     528             :     {
     529         319 :       if (c->symkeys>1)
     530           0 :         log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
     531         319 :       else if (c->symkeys == 1)
     532          59 :         log_info (_("encrypted with 1 passphrase\n"));
     533         319 :       print_pkenc_list ( c->pkenc_list, 1 );
     534         319 :       print_pkenc_list ( c->pkenc_list, 0 );
     535             :     }
     536             : 
     537             :   /* FIXME: Figure out the session key by looking at all pkenc packets. */
     538             : 
     539         319 :   write_status (STATUS_BEGIN_DECRYPTION);
     540             : 
     541             :   /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
     542         319 :   if (opt.list_only)
     543           0 :     result = -1;
     544         319 :   else if (!c->dek && !c->last_was_session_key)
     545           0 :     {
     546             :       int algo;
     547             :       STRING2KEY s2kbuf;
     548           0 :       STRING2KEY *s2k = NULL;
     549             :       int canceled;
     550             : 
     551           0 :       if (opt.override_session_key)
     552             :         {
     553           0 :           c->dek = xmalloc_clear (sizeof *c->dek);
     554           0 :           result = get_override_session_key (c->dek, opt.override_session_key);
     555           0 :           if (result)
     556             :             {
     557           0 :               xfree (c->dek);
     558           0 :               c->dek = NULL;
     559             :             }
     560             :         }
     561             :       else
     562             :         {
     563             :           /* Assume this is old style conventional encrypted data. */
     564           0 :           algo = opt.def_cipher_algo;
     565           0 :           if (algo)
     566           0 :             log_info (_("assuming %s encrypted data\n"),
     567             :                       openpgp_cipher_algo_name (algo));
     568           0 :           else if (openpgp_cipher_test_algo (CIPHER_ALGO_IDEA))
     569             :             {
     570           0 :               algo = opt.def_cipher_algo;
     571           0 :               if (!algo)
     572           0 :                 algo = opt.s2k_cipher_algo;
     573           0 :               log_info (_("IDEA cipher unavailable, "
     574             :                           "optimistically attempting to use %s instead\n"),
     575             :                         openpgp_cipher_algo_name (algo));
     576             :             }
     577             :           else
     578             :             {
     579           0 :               algo = CIPHER_ALGO_IDEA;
     580           0 :               if (!opt.s2k_digest_algo)
     581             :                 {
     582             :                   /* If no digest is given we assume SHA-1. */
     583           0 :                   s2kbuf.mode = 0;
     584           0 :                   s2kbuf.hash_algo = DIGEST_ALGO_SHA1;
     585           0 :                   s2k = &s2kbuf;
     586             :                 }
     587           0 :               log_info (_("assuming %s encrypted data\n"), "IDEA");
     588             :             }
     589             : 
     590           0 :           c->dek = passphrase_to_dek (algo, s2k, 0, 0, NULL, &canceled);
     591           0 :           if (c->dek)
     592           0 :             c->dek->algo_info_printed = 1;
     593           0 :           else if (canceled)
     594           0 :             result = gpg_error (GPG_ERR_CANCELED);
     595             :           else
     596           0 :             result = gpg_error (GPG_ERR_INV_PASSPHRASE);
     597             :         }
     598             :     }
     599         319 :   else if (!c->dek)
     600           0 :     result = GPG_ERR_NO_SECKEY;
     601             : 
     602         319 :   if (!result)
     603         319 :     result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek );
     604             : 
     605         319 :   if (result == -1)
     606             :     ;
     607         319 :   else if (!result
     608         319 :            && !opt.ignore_mdc_error
     609         319 :            && !pkt->pkt.encrypted->mdc_method
     610          60 :            && openpgp_cipher_get_algo_blklen (c->dek->algo) != 8
     611           0 :            && c->dek->algo != CIPHER_ALGO_TWOFISH)
     612             :     {
     613             :       /* The message has been decrypted but has no MDC despite that a
     614             :          modern cipher (blocklength != 64 bit, except for Twofish) is
     615             :          used and the option to ignore MDC errors is not used: To
     616             :          avoid attacks changing an MDC message to a non-MDC message,
     617             :          we fail here.  */
     618           0 :       log_error (_("WARNING: message was not integrity protected\n"));
     619           0 :       if (opt.verbose > 1)
     620           0 :         log_info ("decryption forced to fail\n");
     621           0 :       write_status (STATUS_DECRYPTION_FAILED);
     622             :     }
     623         319 :   else if (!result || (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE
     624           0 :                        && opt.ignore_mdc_error))
     625             :     {
     626         319 :       write_status (STATUS_DECRYPTION_OKAY);
     627         319 :       if (opt.verbose > 1)
     628           0 :         log_info(_("decryption okay\n"));
     629         638 :       if (pkt->pkt.encrypted->mdc_method && !result)
     630         259 :         write_status (STATUS_GOODMDC);
     631          60 :       else if (!opt.no_mdc_warn)
     632          60 :         log_info (_("WARNING: message was not integrity protected\n"));
     633             :     }
     634           0 :   else if (gpg_err_code (result) == GPG_ERR_BAD_SIGNATURE)
     635             :     {
     636           0 :       glo_ctrl.lasterr = result;
     637           0 :       log_error (_("WARNING: encrypted message has been manipulated!\n"));
     638           0 :       write_status (STATUS_BADMDC);
     639           0 :       write_status (STATUS_DECRYPTION_FAILED);
     640             :     }
     641             :   else
     642             :     {
     643           0 :       if (gpg_err_code (result) == GPG_ERR_BAD_KEY
     644           0 :           && *c->dek->s2k_cacheid != '\0')
     645             :         {
     646           0 :           if (opt.debug)
     647           0 :             log_debug ("cleared passphrase cached with ID: %s\n",
     648           0 :                        c->dek->s2k_cacheid);
     649           0 :           passphrase_clear_cache (c->dek->s2k_cacheid);
     650             :         }
     651           0 :       glo_ctrl.lasterr = result;
     652           0 :       write_status (STATUS_DECRYPTION_FAILED);
     653           0 :       log_error (_("decryption failed: %s\n"), gpg_strerror (result));
     654             :       /* Hmmm: does this work when we have encrypted using multiple
     655             :        * ways to specify the session key (symmmetric and PK). */
     656             :     }
     657             : 
     658         319 :   xfree (c->dek);
     659         319 :   c->dek = NULL;
     660         319 :   free_packet (pkt);
     661         319 :   c->last_was_session_key = 0;
     662         319 :   write_status (STATUS_END_DECRYPTION);
     663         319 : }
     664             : 
     665             : 
     666             : static void
     667         457 : proc_plaintext( CTX c, PACKET *pkt )
     668             : {
     669         457 :   PKT_plaintext *pt = pkt->pkt.plaintext;
     670             :   int any, clearsig, rc;
     671             :   kbnode_t n;
     672             : 
     673         457 :   literals_seen++;
     674             : 
     675         457 :   if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))
     676           0 :     log_info (_("Note: sender requested \"for-your-eyes-only\"\n"));
     677         457 :   else if (opt.verbose)
     678           0 :     log_info (_("original file name='%.*s'\n"), pt->namelen, pt->name);
     679             : 
     680         457 :   free_md_filter_context (&c->mfx);
     681         457 :   if (gcry_md_open (&c->mfx.md, 0, 0))
     682           0 :     BUG ();
     683             :   /* fixme: we may need to push the textfilter if we have sigclass 1
     684             :    * and no armoring - Not yet tested
     685             :    * Hmmm, why don't we need it at all if we have sigclass 1
     686             :    * Should we assume that plaintext in mode 't' has always sigclass 1??
     687             :    * See: Russ Allbery's mail 1999-02-09
     688             :    */
     689         457 :   any = clearsig = 0;
     690         632 :   for (n=c->list; n; n = n->next )
     691             :     {
     692         192 :       if (n->pkt->pkttype == PKT_ONEPASS_SIG)
     693             :         {
     694             :           /* The onepass signature case. */
     695         158 :           if (n->pkt->pkt.onepass_sig->digest_algo)
     696             :             {
     697         158 :               gcry_md_enable (c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo);
     698         158 :               any = 1;
     699             :             }
     700             :         }
     701          34 :       else if (n->pkt->pkttype == PKT_GPG_CONTROL
     702          24 :                && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
     703             :         {
     704             :           /* The clearsigned message case. */
     705          17 :           size_t datalen = n->pkt->pkt.gpg_control->datalen;
     706          17 :           const byte *data = n->pkt->pkt.gpg_control->data;
     707             : 
     708             :           /* Check that we have at least the sigclass and one hash.  */
     709          17 :           if  (datalen < 2)
     710           0 :             log_fatal ("invalid control packet CTRLPKT_CLEARSIGN_START\n");
     711             :           /* Note that we don't set the clearsig flag for not-dash-escaped
     712             :            * documents.  */
     713          17 :           clearsig = (*data == 0x01);
     714          34 :           for (data++, datalen--; datalen; datalen--, data++)
     715          17 :             gcry_md_enable (c->mfx.md, *data);
     716          17 :           any = 1;
     717          17 :           break;  /* Stop here as one-pass signature packets are not
     718             :                      expected.  */
     719             :         }
     720          17 :       else if (n->pkt->pkttype == PKT_SIGNATURE)
     721             :         {
     722             :           /* The SIG+LITERAL case that PGP used to use.  */
     723          10 :           gcry_md_enable ( c->mfx.md, n->pkt->pkt.signature->digest_algo );
     724          10 :           any = 1;
     725             :         }
     726             :     }
     727             : 
     728         457 :   if (!any && !opt.skip_verify)
     729             :     {
     730             :       /* This is for the old GPG LITERAL+SIG case.  It's not legal
     731             :          according to 2440, so hopefully it won't come up that often.
     732             :          There is no good way to specify what algorithms to use in
     733             :          that case, so these there are the historical answer. */
     734         281 :         gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160);
     735         281 :         gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1);
     736             :     }
     737         457 :   if (DBG_HASHING)
     738             :     {
     739           0 :       gcry_md_debug (c->mfx.md, "verify");
     740           0 :       if (c->mfx.md2)
     741           0 :         gcry_md_debug (c->mfx.md2, "verify2");
     742             :     }
     743             : 
     744         457 :   rc=0;
     745             : 
     746         457 :   if (literals_seen > 1)
     747             :     {
     748           8 :       log_info (_("WARNING: multiple plaintexts seen\n"));
     749             : 
     750           8 :       if (!opt.flags.allow_multiple_messages)
     751             :         {
     752           6 :           write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
     753           6 :           log_inc_errorcount ();
     754           6 :           rc = gpg_error (GPG_ERR_UNEXPECTED);
     755             :         }
     756             :     }
     757             : 
     758         457 :   if (!rc)
     759             :     {
     760             :       /* It we are in --verify mode, we do not want to output the
     761             :        * signed text.  However, if --output is also used we do what
     762             :        * has been requested and write out the signed data.  */
     763         507 :       rc = handle_plaintext (pt, &c->mfx,
     764         902 :                              (opt.outfp || opt.outfile)? 0 :  c->sigs_only,
     765             :                              clearsig);
     766         451 :       if (gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only)
     767             :         {
     768             :           /* Can't write output but we hash it anyway to check the
     769             :              signature. */
     770           0 :           rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
     771             :         }
     772             :     }
     773             : 
     774         457 :   if (rc)
     775           6 :     log_error ("handle plaintext failed: %s\n", gpg_strerror (rc));
     776             : 
     777         457 :   free_packet(pkt);
     778         457 :   c->last_was_session_key = 0;
     779             : 
     780             :   /* We add a marker control packet instead of the plaintext packet.
     781             :    * This is so that we can later detect invalid packet sequences.  */
     782         457 :   n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0));
     783         457 :   if (c->list)
     784         176 :     add_kbnode (c->list, n);
     785             :   else
     786         281 :     c->list = n;
     787         457 : }
     788             : 
     789             : 
     790             : static int
     791          43 : proc_compressed_cb (iobuf_t a, void *info)
     792             : {
     793          43 :   if ( ((CTX)info)->signed_data.used
     794           0 :        && ((CTX)info)->signed_data.data_fd != -1)
     795           0 :     return proc_signature_packets_by_fd (((CTX)info)->ctrl, info, a,
     796             :                                          ((CTX)info)->signed_data.data_fd);
     797             :   else
     798          43 :     return proc_signature_packets (((CTX)info)->ctrl, info, a,
     799             :                                    ((CTX)info)->signed_data.data_names,
     800             :                                    ((CTX)info)->sigfilename );
     801             : }
     802             : 
     803             : 
     804             : static int
     805           2 : proc_encrypt_cb (iobuf_t a, void *info )
     806             : {
     807           2 :   CTX c = info;
     808           2 :   return proc_encryption_packets (c->ctrl, info, a );
     809             : }
     810             : 
     811             : 
     812             : static int
     813         424 : proc_compressed (CTX c, PACKET *pkt)
     814             : {
     815         424 :   PKT_compressed *zd = pkt->pkt.compressed;
     816             :   int rc;
     817             : 
     818             :   /*printf("zip: compressed data packet\n");*/
     819         424 :   if (c->sigs_only)
     820          43 :     rc = handle_compressed (c->ctrl, c, zd, proc_compressed_cb, c);
     821         381 :   else if( c->encrypt_only )
     822           2 :     rc = handle_compressed (c->ctrl, c, zd, proc_encrypt_cb, c);
     823             :   else
     824         379 :     rc = handle_compressed (c->ctrl, c, zd, NULL, NULL);
     825             : 
     826         424 :   if (gpg_err_code (rc) == GPG_ERR_BAD_DATA)
     827             :     {
     828           0 :       if  (!c->any.uncompress_failed)
     829             :         {
     830             :           CTX cc;
     831             : 
     832           0 :           for (cc=c; cc; cc = cc->anchor)
     833           0 :             cc->any.uncompress_failed = 1;
     834           0 :           log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
     835             :         }
     836             :     }
     837         424 :   else if (rc)
     838           0 :     log_error ("uncompressing failed: %s\n", gpg_strerror (rc));
     839             : 
     840         424 :   free_packet(pkt);
     841         424 :   c->last_was_session_key = 0;
     842         424 :   return rc;
     843             : }
     844             : 
     845             : 
     846             : /*
     847             :  * Check the signature.  If R_PK is not NULL a copy of the public key
     848             :  * used to verify the signature will be stored tehre, or NULL if not
     849             :  * found.  Returns: 0 = valid signature or an error code
     850             :  */
     851             : static int
     852         187 : do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
     853             :               int *is_expkey, int *is_revkey, PKT_public_key **r_pk)
     854             : {
     855             :   PKT_signature *sig;
     856         187 :   gcry_md_hd_t md = NULL;
     857         187 :   gcry_md_hd_t md2 = NULL;
     858         187 :   gcry_md_hd_t md_good = NULL;
     859             :   int algo, rc;
     860             : 
     861         187 :   if (r_pk)
     862         187 :     *r_pk = NULL;
     863             : 
     864         187 :   log_assert (node->pkt->pkttype == PKT_SIGNATURE);
     865         187 :   if (is_selfsig)
     866           0 :     *is_selfsig = 0;
     867         187 :   sig = node->pkt->pkt.signature;
     868             : 
     869         187 :   algo = sig->digest_algo;
     870         187 :   rc = openpgp_md_test_algo (algo);
     871         187 :   if (rc)
     872           0 :     return rc;
     873             : 
     874         187 :   if (sig->sig_class == 0x00)
     875             :     {
     876         165 :       if (c->mfx.md)
     877             :         {
     878         165 :           if (gcry_md_copy (&md, c->mfx.md ))
     879           0 :             BUG ();
     880             :         }
     881             :       else /* detached signature */
     882             :         {
     883             :           /* check_signature() will enable the md. */
     884           0 :           if (gcry_md_open (&md, 0, 0 ))
     885           0 :             BUG ();
     886             :         }
     887             :     }
     888          22 :   else if (sig->sig_class == 0x01)
     889             :     {
     890             :       /* How do we know that we have to hash the (already hashed) text
     891             :          in canonical mode ??? (calculating both modes???) */
     892          22 :       if (c->mfx.md)
     893             :         {
     894          22 :           if (gcry_md_copy (&md, c->mfx.md ))
     895           0 :             BUG ();
     896          22 :           if (c->mfx.md2 && gcry_md_copy (&md2, c->mfx.md2))
     897           0 :             BUG ();
     898             :         }
     899             :       else /* detached signature */
     900             :         {
     901           0 :           log_debug ("Do we really need this here?");
     902             :           /* check_signature() will enable the md*/
     903           0 :           if (gcry_md_open (&md, 0, 0 ))
     904           0 :             BUG ();
     905           0 :           if (gcry_md_open (&md2, 0, 0 ))
     906           0 :             BUG ();
     907             :         }
     908             :     }
     909           0 :   else if ((sig->sig_class&~3) == 0x10
     910           0 :            ||   sig->sig_class == 0x18
     911           0 :            ||   sig->sig_class == 0x1f
     912           0 :            ||   sig->sig_class == 0x20
     913           0 :            ||   sig->sig_class == 0x28
     914           0 :            ||   sig->sig_class == 0x30)
     915             :     {
     916           0 :       if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
     917           0 :           || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY)
     918             :         {
     919           0 :           return check_key_signature( c->list, node, is_selfsig );
     920             :         }
     921           0 :       else if (sig->sig_class == 0x20)
     922             :         {
     923           0 :           log_error (_("standalone revocation - "
     924             :                        "use \"gpg --import\" to apply\n"));
     925           0 :           return GPG_ERR_NOT_PROCESSED;
     926             :         }
     927             :       else
     928             :         {
     929           0 :           log_error ("invalid root packet for sigclass %02x\n", sig->sig_class);
     930           0 :           return GPG_ERR_SIG_CLASS;
     931             :         }
     932             :     }
     933             :   else
     934           0 :     return GPG_ERR_SIG_CLASS;
     935             : 
     936             :   /* We only get here if we are checking the signature of a binary
     937             :      (0x00) or text document (0x01).  */
     938         187 :   rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, r_pk);
     939         187 :   if (! rc)
     940         183 :     md_good = md;
     941           4 :   else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
     942             :     {
     943             :       PKT_public_key *pk2;
     944             : 
     945           0 :       rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey,
     946             :                              r_pk? &pk2 : NULL);
     947           0 :       if (!rc)
     948             :         {
     949           0 :           md_good = md2;
     950           0 :           if (r_pk)
     951             :             {
     952           0 :               free_public_key (*r_pk);
     953           0 :               *r_pk = pk2;
     954             :             }
     955             :         }
     956             :     }
     957             : 
     958         187 :   if (md_good)
     959             :     {
     960         183 :       unsigned char *buffer = gcry_md_read (md_good, sig->digest_algo);
     961         183 :       sig->digest_len = gcry_md_get_algo_dlen (map_md_openpgp_to_gcry (algo));
     962         183 :       memcpy (sig->digest, buffer, sig->digest_len);
     963             :     }
     964             : 
     965         187 :   gcry_md_close (md);
     966         187 :   gcry_md_close (md2);
     967             : 
     968         187 :   return rc;
     969             : }
     970             : 
     971             : 
     972             : static void
     973           0 : print_userid (PACKET *pkt)
     974             : {
     975           0 :   if (!pkt)
     976           0 :     BUG();
     977             : 
     978           0 :   if (pkt->pkttype != PKT_USER_ID)
     979             :     {
     980           0 :       es_printf ("ERROR: unexpected packet type %d", pkt->pkttype );
     981           0 :       return;
     982             :     }
     983           0 :   if (opt.with_colons)
     984             :     {
     985           0 :       if (pkt->pkt.user_id->attrib_data)
     986           0 :         es_printf("%u %lu",
     987           0 :                   pkt->pkt.user_id->numattribs,
     988           0 :                   pkt->pkt.user_id->attrib_len);
     989             :       else
     990           0 :         es_write_sanitized (es_stdout, pkt->pkt.user_id->name,
     991           0 :                             pkt->pkt.user_id->len, ":", NULL);
     992             :     }
     993             :   else
     994           0 :     print_utf8_buffer (es_stdout, pkt->pkt.user_id->name,
     995           0 :                        pkt->pkt.user_id->len );
     996             : }
     997             : 
     998             : 
     999             : /*
    1000             :  * List the keyblock in a user friendly way
    1001             :  */
    1002             : static void
    1003           0 : list_node (CTX c, kbnode_t node)
    1004             : {
    1005           0 :   if (!node)
    1006             :     ;
    1007           0 :   else if (node->pkt->pkttype == PKT_PUBLIC_KEY
    1008           0 :            || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    1009           0 :     {
    1010           0 :       PKT_public_key *pk = node->pkt->pkt.public_key;
    1011             : 
    1012           0 :       if (opt.with_colons)
    1013             :         {
    1014             :           u32 keyid[2];
    1015             : 
    1016           0 :           keyid_from_pk( pk, keyid );
    1017           0 :           if (pk->flags.primary)
    1018           0 :             c->trustletter = (opt.fast_list_mode
    1019             :                               ? 0
    1020           0 :                               : get_validity_info
    1021             :                                   (c->ctrl,
    1022           0 :                                    node->pkt->pkttype == PKT_PUBLIC_KEY
    1023             :                                    ? node : NULL,
    1024             :                                    pk, NULL));
    1025           0 :           es_printf ("%s:", pk->flags.primary? "pub":"sub" );
    1026           0 :           if (c->trustletter)
    1027           0 :             es_putc (c->trustletter, es_stdout);
    1028           0 :           es_printf (":%u:%d:%08lX%08lX:%s:%s::",
    1029             :                      nbits_from_pk( pk ),
    1030           0 :                      pk->pubkey_algo,
    1031           0 :                      (ulong)keyid[0],(ulong)keyid[1],
    1032             :                      colon_datestr_from_pk( pk ),
    1033             :                      colon_strtime (pk->expiredate) );
    1034           0 :           if (pk->flags.primary && !opt.fast_list_mode)
    1035           0 :             es_putc (get_ownertrust_info (pk), es_stdout);
    1036           0 :           es_putc (':', es_stdout);
    1037           0 :           es_putc ('\n', es_stdout);
    1038             :         }
    1039             :       else
    1040             :         {
    1041           0 :           print_key_line (es_stdout, pk, 0);
    1042             :         }
    1043             : 
    1044           0 :       if (opt.keyid_format == KF_NONE && !opt.with_colons)
    1045             :         ; /* Already printed.  */
    1046           0 :       else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1)
    1047           0 :         print_fingerprint (NULL, pk, 0);
    1048             : 
    1049           0 :       if (opt.with_colons)
    1050             :         {
    1051           0 :           if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
    1052           0 :             es_printf ("rtv:1:%u:\n",
    1053           0 :                        node->next->pkt->pkt.ring_trust->trustval);
    1054             :         }
    1055             : 
    1056           0 :       if (pk->flags.primary)
    1057             :         {
    1058           0 :           int kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
    1059             : 
    1060             :           /* Now list all userids with their signatures. */
    1061           0 :           for (node = node->next; node; node = node->next)
    1062             :             {
    1063           0 :               if (node->pkt->pkttype == PKT_SIGNATURE)
    1064             :                 {
    1065           0 :                   list_node (c,  node );
    1066             :                 }
    1067           0 :               else if (node->pkt->pkttype == PKT_USER_ID)
    1068             :                 {
    1069           0 :                   if (opt.with_colons)
    1070           0 :                     es_printf ("%s:::::::::",
    1071           0 :                                node->pkt->pkt.user_id->attrib_data?"uat":"uid");
    1072             :                   else
    1073           0 :                     es_printf ("uid%*s",
    1074           0 :                                kl + (opt.legacy_list_mode? 9:11),
    1075             :                                "" );
    1076           0 :                   print_userid (node->pkt);
    1077           0 :                   if (opt.with_colons)
    1078           0 :                     es_putc (':', es_stdout);
    1079           0 :                   es_putc ('\n', es_stdout);
    1080           0 :                   if (opt.with_colons
    1081           0 :                       && node->next
    1082           0 :                       && node->next->pkt->pkttype == PKT_RING_TRUST)
    1083             :                     {
    1084           0 :                       es_printf ("rtv:2:%u:\n",
    1085           0 :                                  node->next->pkt->pkt.ring_trust?
    1086           0 :                                  node->next->pkt->pkt.ring_trust->trustval : 0);
    1087             :                     }
    1088             :                 }
    1089           0 :               else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    1090             :                 {
    1091           0 :                   list_node(c,  node );
    1092             :                 }
    1093             :             }
    1094             :         }
    1095             :     }
    1096           0 :   else if (node->pkt->pkttype == PKT_SECRET_KEY
    1097           0 :            || node->pkt->pkttype == PKT_SECRET_SUBKEY)
    1098             :     {
    1099             : 
    1100           0 :       log_debug ("FIXME: No way to print secret key packets here\n");
    1101             :       /* fixme: We may use a function to turn a secret key packet into
    1102             :          a public key one and use that here.  */
    1103             :     }
    1104           0 :   else if (node->pkt->pkttype == PKT_SIGNATURE)
    1105             :     {
    1106           0 :       PKT_signature *sig = node->pkt->pkt.signature;
    1107           0 :       int is_selfsig = 0;
    1108           0 :       int rc2 = 0;
    1109             :       size_t n;
    1110             :       char *p;
    1111           0 :       int sigrc = ' ';
    1112             : 
    1113           0 :       if (!opt.verbose)
    1114           0 :         return;
    1115             : 
    1116           0 :       if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
    1117           0 :         es_fputs ("rev", es_stdout);
    1118             :       else
    1119           0 :         es_fputs ("sig", es_stdout);
    1120           0 :       if (opt.check_sigs)
    1121             :         {
    1122           0 :           fflush (stdout);
    1123           0 :           rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL, NULL);
    1124           0 :           switch (gpg_err_code (rc2))
    1125             :             {
    1126           0 :             case 0:                       sigrc = '!'; break;
    1127           0 :             case GPG_ERR_BAD_SIGNATURE:   sigrc = '-'; break;
    1128             :             case GPG_ERR_NO_PUBKEY:
    1129           0 :             case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
    1130           0 :             default:                      sigrc = '%'; break;
    1131             :             }
    1132             :         }
    1133             :       else /* Check whether this is a self signature.  */
    1134             :         {
    1135             :           u32 keyid[2];
    1136             : 
    1137           0 :           if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
    1138           0 :               || c->list->pkt->pkttype == PKT_SECRET_KEY )
    1139             :             {
    1140           0 :               keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
    1141             : 
    1142           0 :               if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
    1143           0 :                 is_selfsig = 1;
    1144             :             }
    1145             :         }
    1146             : 
    1147           0 :       if (opt.with_colons)
    1148             :         {
    1149           0 :           es_putc (':', es_stdout);
    1150           0 :           if (sigrc != ' ')
    1151           0 :             es_putc (sigrc, es_stdout);
    1152           0 :           es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
    1153           0 :                      (ulong)sig->keyid[0], (ulong)sig->keyid[1],
    1154             :                      colon_datestr_from_sig (sig),
    1155             :                      colon_expirestr_from_sig (sig));
    1156             : 
    1157           0 :           if (sig->trust_depth || sig->trust_value)
    1158           0 :             es_printf ("%d %d",sig->trust_depth,sig->trust_value);
    1159           0 :           es_putc (':', es_stdout);
    1160             : 
    1161           0 :           if (sig->trust_regexp)
    1162           0 :             es_write_sanitized (es_stdout, sig->trust_regexp,
    1163           0 :                                 strlen (sig->trust_regexp), ":", NULL);
    1164           0 :           es_putc (':', es_stdout);
    1165             :         }
    1166             :       else
    1167           0 :         es_printf ("%c       %s %s   ",
    1168           0 :                    sigrc, keystr (sig->keyid), datestr_from_sig(sig));
    1169           0 :       if (sigrc == '%')
    1170           0 :         es_printf ("[%s] ", gpg_strerror (rc2) );
    1171           0 :       else if (sigrc == '?')
    1172             :         ;
    1173           0 :       else if (is_selfsig)
    1174             :         {
    1175           0 :           if (opt.with_colons)
    1176           0 :             es_putc (':', es_stdout);
    1177           0 :           es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
    1178           0 :           if (opt.with_colons)
    1179           0 :             es_putc (':', es_stdout);
    1180             :         }
    1181           0 :       else if (!opt.fast_list_mode)
    1182             :         {
    1183           0 :           p = get_user_id (sig->keyid, &n);
    1184           0 :           es_write_sanitized (es_stdout, p, n,
    1185           0 :                               opt.with_colons?":":NULL, NULL );
    1186           0 :           xfree (p);
    1187             :         }
    1188           0 :       if (opt.with_colons)
    1189           0 :         es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
    1190           0 :       es_putc ('\n', es_stdout);
    1191             :     }
    1192             :   else
    1193           0 :     log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
    1194             : }
    1195             : 
    1196             : 
    1197             : int
    1198        1100 : proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
    1199             : {
    1200             :   int rc;
    1201        1100 :   CTX c = xmalloc_clear (sizeof *c);
    1202             : 
    1203        1100 :   c->ctrl = ctrl;
    1204        1100 :   c->anchor = anchor;
    1205        1100 :   rc = do_proc_packets (ctrl, c, a);
    1206        1100 :   xfree (c);
    1207             : 
    1208        1100 :   return rc;
    1209             : }
    1210             : 
    1211             : 
    1212             : int
    1213         111 : proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a,
    1214             :                         strlist_t signedfiles, const char *sigfilename )
    1215             : {
    1216         111 :   CTX c = xmalloc_clear (sizeof *c);
    1217             :   int rc;
    1218             : 
    1219         111 :   c->ctrl = ctrl;
    1220         111 :   c->anchor = anchor;
    1221         111 :   c->sigs_only = 1;
    1222             : 
    1223         111 :   c->signed_data.data_fd = -1;
    1224         111 :   c->signed_data.data_names = signedfiles;
    1225         111 :   c->signed_data.used = !!signedfiles;
    1226             : 
    1227         111 :   c->sigfilename = sigfilename;
    1228         111 :   rc = do_proc_packets (ctrl, c, a);
    1229             : 
    1230             :   /* If we have not encountered any signature we print an error
    1231             :      messages, send a NODATA status back and return an error code.
    1232             :      Using log_error is required because verify_files does not check
    1233             :      error codes for each file but we want to terminate the process
    1234             :      with an error. */
    1235         108 :   if (!rc && !c->any.sig_seen)
    1236             :     {
    1237           1 :       write_status_text (STATUS_NODATA, "4");
    1238           1 :       log_error (_("no signature found\n"));
    1239           1 :       rc = GPG_ERR_NO_DATA;
    1240             :     }
    1241             : 
    1242             :   /* Propagate the signature seen flag upward. Do this only on success
    1243             :      so that we won't issue the nodata status several times.  */
    1244         108 :   if (!rc && c->anchor && c->any.sig_seen)
    1245          43 :     c->anchor->any.sig_seen = 1;
    1246             : 
    1247         108 :   xfree (c);
    1248         108 :   return rc;
    1249             : }
    1250             : 
    1251             : 
    1252             : int
    1253           0 : proc_signature_packets_by_fd (ctrl_t ctrl,
    1254             :                               void *anchor, iobuf_t a, int signed_data_fd )
    1255             : {
    1256             :   int rc;
    1257             :   CTX c;
    1258             : 
    1259           0 :   c = xtrycalloc (1, sizeof *c);
    1260           0 :   if (!c)
    1261           0 :     return gpg_error_from_syserror ();
    1262             : 
    1263           0 :   c->ctrl = ctrl;
    1264           0 :   c->anchor = anchor;
    1265           0 :   c->sigs_only = 1;
    1266             : 
    1267           0 :   c->signed_data.data_fd = signed_data_fd;
    1268           0 :   c->signed_data.data_names = NULL;
    1269           0 :   c->signed_data.used = (signed_data_fd != -1);
    1270             : 
    1271           0 :   rc = do_proc_packets (ctrl, c, a);
    1272             : 
    1273             :   /* If we have not encountered any signature we print an error
    1274             :      messages, send a NODATA status back and return an error code.
    1275             :      Using log_error is required because verify_files does not check
    1276             :      error codes for each file but we want to terminate the process
    1277             :      with an error. */
    1278           0 :   if (!rc && !c->any.sig_seen)
    1279             :     {
    1280           0 :       write_status_text (STATUS_NODATA, "4");
    1281           0 :       log_error (_("no signature found\n"));
    1282           0 :       rc = gpg_error (GPG_ERR_NO_DATA);
    1283             :     }
    1284             : 
    1285             :   /* Propagate the signature seen flag upward. Do this only on success
    1286             :      so that we won't issue the nodata status several times. */
    1287           0 :   if (!rc && c->anchor && c->any.sig_seen)
    1288           0 :     c->anchor->any.sig_seen = 1;
    1289             : 
    1290           0 :   xfree ( c );
    1291           0 :   return rc;
    1292             : }
    1293             : 
    1294             : 
    1295             : int
    1296          14 : proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a )
    1297             : {
    1298          14 :   CTX c = xmalloc_clear (sizeof *c);
    1299             :   int rc;
    1300             : 
    1301          14 :   c->ctrl = ctrl;
    1302          14 :   c->anchor = anchor;
    1303          14 :   c->encrypt_only = 1;
    1304          14 :   rc = do_proc_packets (ctrl, c, a);
    1305          14 :   xfree (c);
    1306          14 :   return rc;
    1307             : }
    1308             : 
    1309             : 
    1310             : static int
    1311        1225 : check_nesting (CTX c)
    1312             : {
    1313             :   int level;
    1314             : 
    1315        3512 :   for (level=0; c; c = c->anchor)
    1316        2287 :     level++;
    1317             : 
    1318        1225 :   if (level > MAX_NESTING_DEPTH)
    1319             :     {
    1320           0 :       log_error ("input data with too deeply nested packets\n");
    1321           0 :       write_status_text (STATUS_UNEXPECTED, "1");
    1322           0 :       return GPG_ERR_BAD_DATA;
    1323             :     }
    1324             : 
    1325        1225 :   return 0;
    1326             : }
    1327             : 
    1328             : 
    1329             : static int
    1330        1225 : do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a)
    1331             : {
    1332             :   PACKET *pkt;
    1333        1225 :   int rc = 0;
    1334        1225 :   int any_data = 0;
    1335             :   int newpkt;
    1336             : 
    1337        1225 :   rc = check_nesting (c);
    1338        1225 :   if (rc)
    1339           0 :     return rc;
    1340             : 
    1341        1225 :   pkt = xmalloc( sizeof *pkt );
    1342        1225 :   c->iobuf = a;
    1343        1225 :   init_packet(pkt);
    1344        4393 :   while ((rc=parse_packet(a, pkt)) != -1)
    1345             :     {
    1346        1944 :       any_data = 1;
    1347        1944 :       if (rc)
    1348             :         {
    1349           2 :           free_packet (pkt);
    1350             :           /* Stop processing when an invalid packet has been encountered
    1351             :            * but don't do so when we are doing a --list-packets.  */
    1352           2 :           if (gpg_err_code (rc) == GPG_ERR_INV_PACKET
    1353           2 :               && opt.list_packets == 0)
    1354           1 :             break;
    1355           1 :           continue;
    1356             :         }
    1357        1942 :       newpkt = -1;
    1358        1942 :       if (opt.list_packets)
    1359             :         {
    1360          57 :           switch (pkt->pkttype)
    1361             :             {
    1362          10 :             case PKT_PUBKEY_ENC:    proc_pubkey_enc (ctrl, c, pkt); break;
    1363           0 :             case PKT_SYMKEY_ENC:    proc_symkey_enc (c, pkt); break;
    1364             :             case PKT_ENCRYPTED:
    1365           5 :             case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
    1366           6 :             case PKT_COMPRESSED:    rc = proc_compressed (c, pkt); break;
    1367          36 :             default: newpkt = 0; break;
    1368             :             }
    1369             :         }
    1370        1885 :       else if (c->sigs_only)
    1371             :         {
    1372         253 :           switch (pkt->pkttype)
    1373             :             {
    1374             :             case PKT_PUBLIC_KEY:
    1375             :             case PKT_SECRET_KEY:
    1376             :             case PKT_USER_ID:
    1377             :             case PKT_SYMKEY_ENC:
    1378             :             case PKT_PUBKEY_ENC:
    1379             :             case PKT_ENCRYPTED:
    1380             :             case PKT_ENCRYPTED_MDC:
    1381           0 :               write_status_text( STATUS_UNEXPECTED, "0" );
    1382           0 :               rc = GPG_ERR_UNEXPECTED;
    1383           0 :               goto leave;
    1384             : 
    1385          74 :             case PKT_SIGNATURE:   newpkt = add_signature (c, pkt); break;
    1386          72 :             case PKT_PLAINTEXT:   proc_plaintext (c, pkt); break;
    1387          43 :             case PKT_COMPRESSED:  rc = proc_compressed (c, pkt); break;
    1388          55 :             case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
    1389           7 :             case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
    1390           2 :             default: newpkt = 0; break;
    1391             :             }
    1392             :         }
    1393        1632 :       else if (c->encrypt_only)
    1394             :         {
    1395          30 :           switch (pkt->pkttype)
    1396             :             {
    1397             :             case PKT_PUBLIC_KEY:
    1398             :             case PKT_SECRET_KEY:
    1399             :             case PKT_USER_ID:
    1400           0 :               write_status_text (STATUS_UNEXPECTED, "0");
    1401           0 :               rc = GPG_ERR_UNEXPECTED;
    1402           0 :               goto leave;
    1403             : 
    1404           2 :             case PKT_SIGNATURE:   newpkt = add_signature (c, pkt); break;
    1405           6 :             case PKT_SYMKEY_ENC:  proc_symkey_enc (c, pkt); break;
    1406           6 :             case PKT_PUBKEY_ENC:  proc_pubkey_enc (ctrl, c, pkt); break;
    1407             :             case PKT_ENCRYPTED:
    1408          10 :             case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
    1409           2 :             case PKT_PLAINTEXT:   proc_plaintext (c, pkt); break;
    1410           2 :             case PKT_COMPRESSED:  rc = proc_compressed (c, pkt); break;
    1411           2 :             case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
    1412           0 :             case PKT_GPG_CONTROL: newpkt = add_gpg_control (c, pkt); break;
    1413           0 :             default: newpkt = 0; break;
    1414             :             }
    1415             :         }
    1416             :       else
    1417             :         {
    1418        1602 :           switch (pkt->pkttype)
    1419             :             {
    1420             :             case PKT_PUBLIC_KEY:
    1421             :             case PKT_SECRET_KEY:
    1422           0 :               release_list (c);
    1423           0 :               c->list = new_kbnode (pkt);
    1424           0 :               newpkt = 1;
    1425           0 :               break;
    1426             :             case PKT_PUBLIC_SUBKEY:
    1427             :             case PKT_SECRET_SUBKEY:
    1428           0 :               newpkt = add_subkey (c, pkt);
    1429           0 :               break;
    1430           0 :             case PKT_USER_ID:     newpkt = add_user_id (c, pkt); break;
    1431         123 :             case PKT_SIGNATURE:   newpkt = add_signature (c, pkt); break;
    1432         255 :             case PKT_PUBKEY_ENC:  proc_pubkey_enc (ctrl, c, pkt); break;
    1433          53 :             case PKT_SYMKEY_ENC:  proc_symkey_enc (c, pkt); break;
    1434             :             case PKT_ENCRYPTED:
    1435         304 :             case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break;
    1436         383 :             case PKT_PLAINTEXT:   proc_plaintext (c, pkt); break;
    1437         373 :             case PKT_COMPRESSED:  rc = proc_compressed (c, pkt); break;
    1438          97 :             case PKT_ONEPASS_SIG: newpkt = add_onepass_sig (c, pkt); break;
    1439          10 :             case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break;
    1440           0 :             case PKT_RING_TRUST:  newpkt = add_ring_trust (c, pkt); break;
    1441           4 :             default: newpkt = 0; break;
    1442             :             }
    1443             :         }
    1444             : 
    1445        1942 :       if (rc)
    1446           0 :         goto leave;
    1447             : 
    1448             :       /* This is a very ugly construct and frankly, I don't remember why
    1449             :        * I used it.  Adding the MDC check here is a hack.
    1450             :        * The right solution is to initiate another context for encrypted
    1451             :        * packet and not to reuse the current one ...  It works right
    1452             :        * when there is a compression packet between which adds just
    1453             :        * an extra layer.
    1454             :        * Hmmm: Rewrite this whole module here??
    1455             :        */
    1456        1942 :       if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
    1457        1730 :         c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
    1458             : 
    1459        1942 :       if (newpkt == -1)
    1460             :         ;
    1461         412 :       else if (newpkt)
    1462             :         {
    1463         370 :           pkt = xmalloc (sizeof *pkt);
    1464         370 :           init_packet (pkt);
    1465             :         }
    1466             :       else
    1467          42 :         free_packet(pkt);
    1468             :     }
    1469             : 
    1470        1225 :   if (rc == GPG_ERR_INV_PACKET)
    1471           1 :     write_status_text (STATUS_NODATA, "3");
    1472             : 
    1473        1225 :   if (any_data)
    1474        1222 :     rc = 0;
    1475           3 :   else if (rc == -1)
    1476           3 :     write_status_text (STATUS_NODATA, "2");
    1477             : 
    1478             : 
    1479             :  leave:
    1480        1225 :   release_list (c);
    1481        1222 :   xfree(c->dek);
    1482        1222 :   free_packet (pkt);
    1483        1222 :   xfree (pkt);
    1484        1222 :   free_md_filter_context (&c->mfx);
    1485        1222 :   return rc;
    1486             : }
    1487             : 
    1488             : 
    1489             : /* Helper for pka_uri_from_sig to parse the to-be-verified address out
    1490             :    of the notation data. */
    1491             : static pka_info_t *
    1492           0 : get_pka_address (PKT_signature *sig)
    1493             : {
    1494           0 :   pka_info_t *pka = NULL;
    1495             :   struct notation *nd,*notation;
    1496             : 
    1497           0 :   notation=sig_to_notation(sig);
    1498             : 
    1499           0 :   for(nd=notation;nd;nd=nd->next)
    1500             :     {
    1501           0 :       if(strcmp(nd->name,"pka-address@gnupg.org")!=0)
    1502           0 :         continue; /* Not the notation we want. */
    1503             : 
    1504             :       /* For now we only use the first valid PKA notation. In future
    1505             :          we might want to keep additional PKA notations in a linked
    1506             :          list. */
    1507           0 :       if (is_valid_mailbox (nd->value))
    1508             :         {
    1509           0 :           pka = xmalloc (sizeof *pka + strlen(nd->value));
    1510           0 :           pka->valid = 0;
    1511           0 :           pka->checked = 0;
    1512           0 :           pka->uri = NULL;
    1513           0 :           strcpy (pka->email, nd->value);
    1514           0 :           break;
    1515             :         }
    1516             :     }
    1517             : 
    1518           0 :   free_notation(notation);
    1519             : 
    1520           0 :   return pka;
    1521             : }
    1522             : 
    1523             : 
    1524             : /* Return the URI from a DNS PKA record.  If this record has already
    1525             :    be retrieved for the signature we merely return it; if not we go
    1526             :    out and try to get that DNS record. */
    1527             : static const char *
    1528           0 : pka_uri_from_sig (CTX c, PKT_signature *sig)
    1529             : {
    1530           0 :   if (!sig->flags.pka_tried)
    1531             :     {
    1532           0 :       log_assert (!sig->pka_info);
    1533           0 :       sig->flags.pka_tried = 1;
    1534           0 :       sig->pka_info = get_pka_address (sig);
    1535           0 :       if (sig->pka_info)
    1536             :         {
    1537             :           char *url;
    1538             :           unsigned char *fpr;
    1539             :           size_t fprlen;
    1540             : 
    1541           0 :           if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email,
    1542             :                                     &fpr, &fprlen, &url))
    1543             :             {
    1544           0 :               if (fpr && fprlen == sizeof sig->pka_info->fpr)
    1545             :                 {
    1546           0 :                   memcpy (sig->pka_info->fpr, fpr, fprlen);
    1547           0 :                   if (url)
    1548             :                     {
    1549           0 :                       sig->pka_info->valid = 1;
    1550           0 :                       if (!*url)
    1551           0 :                         xfree (url);
    1552             :                       else
    1553           0 :                         sig->pka_info->uri = url;
    1554           0 :                       url = NULL;
    1555             :                     }
    1556             :                 }
    1557           0 :               xfree (fpr);
    1558           0 :               xfree (url);
    1559             :             }
    1560             :         }
    1561             :     }
    1562           0 :   return sig->pka_info? sig->pka_info->uri : NULL;
    1563             : }
    1564             : 
    1565             : 
    1566             : /* Return true if the AKL has the WKD method specified.  */
    1567             : static int
    1568           0 : akl_has_wkd_method (void)
    1569             : {
    1570             :   struct akl *akl;
    1571             : 
    1572           0 :   for (akl = opt.auto_key_locate; akl; akl = akl->next)
    1573           0 :     if (akl->type == AKL_WKD)
    1574           0 :       return 1;
    1575           0 :   return 0;
    1576             : }
    1577             : 
    1578             : 
    1579             : /* Return the ISSUER fingerprint string in human readbale format if
    1580             :  * available.  Caller must release the string.  */
    1581             : static char *
    1582         187 : issuer_fpr_string (PKT_signature *sig)
    1583             : {
    1584             :   const byte *p;
    1585             :   size_t n;
    1586             : 
    1587         187 :   p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
    1588         187 :   if (p && n == 21 && p[0] == 4)
    1589         136 :     return bin2hex (p+1, n-1, NULL);
    1590          51 :   return NULL;
    1591             : }
    1592             : 
    1593             : 
    1594             : static void
    1595         186 : print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
    1596             :                           PKT_signature *sig, int rc)
    1597             : {
    1598             :   char *p;
    1599             : 
    1600         558 :   write_status_text_and_buffer (statno, keyid_str,
    1601         186 :                                 un? un->pkt->pkt.user_id->name:"[?]",
    1602         186 :                                 un? un->pkt->pkt.user_id->len:3,
    1603             :                                 -1);
    1604             : 
    1605         186 :   if (un)
    1606         186 :     p = utf8_to_native (un->pkt->pkt.user_id->name,
    1607         186 :                         un->pkt->pkt.user_id->len, 0);
    1608             :   else
    1609           0 :     p = xstrdup ("[?]");
    1610             : 
    1611         186 :   if (rc)
    1612           3 :     log_info (_("BAD signature from \"%s\""), p);
    1613         183 :   else if (sig->flags.expired)
    1614           0 :     log_info (_("Expired signature from \"%s\""), p);
    1615             :   else
    1616         183 :     log_info (_("Good signature from \"%s\""), p);
    1617             : 
    1618         186 :   xfree (p);
    1619         186 : }
    1620             : 
    1621             : 
    1622             : static int
    1623         197 : check_sig_and_print (CTX c, kbnode_t node)
    1624             : {
    1625         197 :   PKT_signature *sig = node->pkt->pkt.signature;
    1626             :   const char *astr;
    1627             :   int rc;
    1628         197 :   int is_expkey = 0;
    1629         197 :   int is_revkey = 0;
    1630             :   char *issuer_fpr;
    1631         197 :   PKT_public_key *pk = NULL;  /* The public key for the signature or NULL. */
    1632             : 
    1633         197 :   if (opt.skip_verify)
    1634             :     {
    1635           0 :       log_info(_("signature verification suppressed\n"));
    1636           0 :       return 0;
    1637             :     }
    1638             : 
    1639             :   /* Check that the message composition is valid.
    1640             :    *
    1641             :    * Per RFC-2440bis (-15) allowed:
    1642             :    *
    1643             :    * S{1,n}           -- detached signature.
    1644             :    * S{1,n} P         -- old style PGP2 signature
    1645             :    * O{1,n} P S{1,n}  -- standard OpenPGP signature.
    1646             :    * C P S{1,n}       -- cleartext signature.
    1647             :    *
    1648             :    *
    1649             :    *      O = One-Pass Signature packet.
    1650             :    *      S = Signature packet.
    1651             :    *      P = OpenPGP Message packet (Encrypted | Compressed | Literal)
    1652             :    *             (Note that the current rfc2440bis draft also allows
    1653             :    *              for a signed message but that does not work as it
    1654             :    *              introduces ambiguities.)
    1655             :    *          We keep track of these packages using the marker packet
    1656             :    *          CTRLPKT_PLAINTEXT_MARK.
    1657             :    *      C = Marker packet for cleartext signatures.
    1658             :    *
    1659             :    * We reject all other messages.
    1660             :    *
    1661             :    * Actually we are calling this too often, i.e. for verification of
    1662             :    * each message but better have some duplicate work than to silently
    1663             :    * introduce a bug here.
    1664             :    */
    1665             :   {
    1666             :     kbnode_t n;
    1667             :     int n_onepass, n_sig;
    1668             : 
    1669             : /*     log_debug ("checking signature packet composition\n"); */
    1670             : /*     dump_kbnode (c->list); */
    1671             : 
    1672         197 :     n = c->list;
    1673         197 :     log_assert (n);
    1674         197 :     if ( n->pkt->pkttype == PKT_SIGNATURE )
    1675             :       {
    1676             :         /* This is either "S{1,n}" case (detached signature) or
    1677             :            "S{1,n} P" (old style PGP2 signature). */
    1678          20 :         for (n = n->next; n; n = n->next)
    1679           4 :           if (n->pkt->pkttype != PKT_SIGNATURE)
    1680           4 :             break;
    1681          20 :         if (!n)
    1682             :           ; /* Okay, this is a detached signature.  */
    1683           4 :         else if (n->pkt->pkttype == PKT_GPG_CONTROL
    1684           4 :                  && (n->pkt->pkt.gpg_control->control
    1685             :                      == CTRLPKT_PLAINTEXT_MARK) )
    1686             :           {
    1687           4 :             if (n->next)
    1688           2 :               goto ambiguous;  /* We only allow one P packet. */
    1689             :           }
    1690             :         else
    1691             :           goto ambiguous;
    1692             :       }
    1693         177 :     else if (n->pkt->pkttype == PKT_ONEPASS_SIG)
    1694             :       {
    1695             :         /* This is the "O{1,n} P S{1,n}" case (standard signature). */
    1696         305 :         for (n_onepass=1, n = n->next;
    1697         157 :              n && n->pkt->pkttype == PKT_ONEPASS_SIG; n = n->next)
    1698           3 :           n_onepass++;
    1699         302 :         if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
    1700         151 :                     && (n->pkt->pkt.gpg_control->control
    1701             :                         == CTRLPKT_PLAINTEXT_MARK)))
    1702             :           goto ambiguous;
    1703         455 :         for (n_sig=0, n = n->next;
    1704         311 :              n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
    1705         153 :           n_sig++;
    1706         151 :         if (!n_sig)
    1707           0 :           goto ambiguous;
    1708             : 
    1709             :         /* If we wanted to disallow multiple sig verification, we'd do
    1710             :            something like this:
    1711             : 
    1712             :            if (n && !opt.allow_multisig_verification)
    1713             :              goto ambiguous;
    1714             : 
    1715             :            However, now that we have --allow-multiple-messages, this
    1716             :            can stay allowable as we can't get here unless multiple
    1717             :            messages (i.e. multiple literals) are allowed. */
    1718             : 
    1719         151 :         if (n_onepass != n_sig)
    1720             :           {
    1721           1 :             log_info ("number of one-pass packets does not match "
    1722             :                       "number of signature packets\n");
    1723           1 :             goto ambiguous;
    1724             :           }
    1725             :       }
    1726          26 :     else if (n->pkt->pkttype == PKT_GPG_CONTROL
    1727          26 :              && n->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START )
    1728             :       {
    1729             :         /* This is the "C P S{1,n}" case (clear text signature). */
    1730          19 :         n = n->next;
    1731          38 :         if (!n || !(n->pkt->pkttype == PKT_GPG_CONTROL
    1732          19 :                     && (n->pkt->pkt.gpg_control->control
    1733             :                         == CTRLPKT_PLAINTEXT_MARK)))
    1734             :           goto ambiguous;
    1735          61 :         for (n_sig=0, n = n->next;
    1736          46 :              n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
    1737          23 :           n_sig++;
    1738          19 :         if (n || !n_sig)
    1739             :           goto ambiguous;
    1740             :       }
    1741             :     else
    1742             :       {
    1743             :       ambiguous:
    1744          10 :         log_error(_("can't handle this ambiguous signature data\n"));
    1745          10 :         return 0;
    1746             :       }
    1747             :   }
    1748             : 
    1749         187 :   if (sig->signers_uid)
    1750          58 :     write_status_buffer (STATUS_NEWSIG,
    1751          58 :                          sig->signers_uid, strlen (sig->signers_uid), 0);
    1752             :   else
    1753         158 :     write_status_text (STATUS_NEWSIG, NULL);
    1754             : 
    1755         187 :   astr = openpgp_pk_algo_name ( sig->pubkey_algo );
    1756         187 :   if ((issuer_fpr = issuer_fpr_string (sig)))
    1757             :     {
    1758         136 :       log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
    1759         136 :       log_info (_("               using %s key %s\n"),
    1760             :                 astr? astr: "?", issuer_fpr);
    1761             : 
    1762         136 :       xfree (issuer_fpr);
    1763             :     }
    1764          51 :   else if (!keystrlen () || keystrlen () > 8)
    1765             :     {
    1766          51 :       log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
    1767          51 :       log_info (_("               using %s key %s\n"),
    1768          51 :                 astr? astr: "?", keystr(sig->keyid));
    1769             :     }
    1770             :   else /* Legacy format.  */
    1771           0 :     log_info (_("Signature made %s using %s key ID %s\n"),
    1772             :               asctimestamp(sig->timestamp), astr? astr: "?",
    1773           0 :               keystr(sig->keyid));
    1774             : 
    1775             :   /* In verbose mode print the signers UID.  */
    1776         187 :   if (sig->signers_uid)
    1777          29 :     log_info (_("               issuer \"%s\"\n"), sig->signers_uid);
    1778             : 
    1779         187 :   rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
    1780             : 
    1781             :   /* If the key isn't found, check for a preferred keyserver.  */
    1782         187 :   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && sig->flags.pref_ks)
    1783             :     {
    1784             :       const byte *p;
    1785           0 :       int seq = 0;
    1786             :       size_t n;
    1787             : 
    1788           0 :       while ((p=enum_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
    1789             :         {
    1790             :           /* According to my favorite copy editor, in English grammar,
    1791             :              you say "at" if the key is located on a web page, but
    1792             :              "from" if it is located on a keyserver.  I'm not going to
    1793             :              even try to make two strings here :) */
    1794           0 :           log_info(_("Key available at: ") );
    1795           0 :           print_utf8_buffer (log_get_stream(), p, n);
    1796           0 :           log_printf ("\n");
    1797             : 
    1798           0 :           if (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE
    1799           0 :               && opt.keyserver_options.options&KEYSERVER_HONOR_KEYSERVER_URL)
    1800             :             {
    1801             :               struct keyserver_spec *spec;
    1802             : 
    1803           0 :               spec = parse_preferred_keyserver (sig);
    1804           0 :               if (spec)
    1805             :                 {
    1806             :                   int res;
    1807             : 
    1808           0 :                   free_public_key (pk);
    1809           0 :                   pk = NULL;
    1810           0 :                   glo_ctrl.in_auto_key_retrieve++;
    1811           0 :                   res = keyserver_import_keyid (c->ctrl, sig->keyid,spec, 1);
    1812           0 :                   glo_ctrl.in_auto_key_retrieve--;
    1813           0 :                   if (!res)
    1814           0 :                     rc = do_check_sig (c, node, NULL,
    1815             :                                        &is_expkey, &is_revkey, &pk);
    1816           0 :                   free_keyserver_spec (spec);
    1817             : 
    1818           0 :                   if (!rc)
    1819           0 :                     break;
    1820             :                 }
    1821             :             }
    1822             :         }
    1823             :     }
    1824             : 
    1825             :   /* If the avove methods didn't work, our next try is to use the URI
    1826             :    * from a DNS PKA record.  */
    1827         187 :   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
    1828           0 :       && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
    1829           0 :       && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD))
    1830             :     {
    1831           0 :       const char *uri = pka_uri_from_sig (c, sig);
    1832             : 
    1833           0 :       if (uri)
    1834             :         {
    1835             :           /* FIXME: We might want to locate the key using the
    1836             :              fingerprint instead of the keyid. */
    1837             :           int res;
    1838             :           struct keyserver_spec *spec;
    1839             : 
    1840           0 :           spec = parse_keyserver_uri (uri, 1);
    1841           0 :           if (spec)
    1842             :             {
    1843           0 :               free_public_key (pk);
    1844           0 :               pk = NULL;
    1845           0 :               glo_ctrl.in_auto_key_retrieve++;
    1846           0 :               res = keyserver_import_keyid (c->ctrl, sig->keyid, spec, 1);
    1847           0 :               glo_ctrl.in_auto_key_retrieve--;
    1848           0 :               free_keyserver_spec (spec);
    1849           0 :               if (!res)
    1850           0 :                 rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
    1851             :             }
    1852             :         }
    1853             :     }
    1854             : 
    1855             :   /* If the above methods didn't work, our next try is to locate
    1856             :    * the key via its fingerprint from a keyserver.  This requires
    1857             :    * that the signers fingerprint is encoded in the signature.  We
    1858             :    * favor this over the WKD method (to be tried next), because an
    1859             :    * arbitrary keyserver is less subject to web bug like monitoring.  */
    1860         187 :   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
    1861           0 :       && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
    1862           0 :       && keyserver_any_configured (c->ctrl))
    1863             :     {
    1864             :       int res;
    1865             :       const byte *p;
    1866             :       size_t n;
    1867             : 
    1868           0 :       p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
    1869           0 :       if (p && n == 21 && p[0] == 4)
    1870             :         {
    1871             :           /* v4 packet with a SHA-1 fingerprint.  */
    1872           0 :           free_public_key (pk);
    1873           0 :           pk = NULL;
    1874           0 :           glo_ctrl.in_auto_key_retrieve++;
    1875           0 :           res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
    1876           0 :           glo_ctrl.in_auto_key_retrieve--;
    1877           0 :           if (!res)
    1878           0 :             rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
    1879             :         }
    1880             :     }
    1881             : 
    1882             :   /* If the above methods didn't work, our next try is to retrieve the
    1883             :    * key from the WKD. */
    1884         187 :   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
    1885           0 :       && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE)
    1886           0 :       && !opt.flags.disable_signer_uid
    1887           0 :       && akl_has_wkd_method ()
    1888           0 :       && sig->signers_uid)
    1889             :     {
    1890             :       int res;
    1891             : 
    1892           0 :       free_public_key (pk);
    1893           0 :       pk = NULL;
    1894           0 :       glo_ctrl.in_auto_key_retrieve++;
    1895           0 :       res = keyserver_import_wkd (c->ctrl, sig->signers_uid, 1, NULL, NULL);
    1896           0 :       glo_ctrl.in_auto_key_retrieve--;
    1897             :       /* Fixme: If the fingerprint is embedded in the signature,
    1898             :        * compare it to the fingerprint of the returned key.  */
    1899           0 :       if (!res)
    1900           0 :         rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
    1901             :     }
    1902             : 
    1903             :   /* If the above methods did't work, our next try is to use a
    1904             :    * keyserver.  */
    1905         187 :   if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
    1906           0 :       && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
    1907           0 :       && keyserver_any_configured (c->ctrl))
    1908             :     {
    1909             :       int res;
    1910             : 
    1911           0 :       free_public_key (pk);
    1912           0 :       pk = NULL;
    1913           0 :       glo_ctrl.in_auto_key_retrieve++;
    1914           0 :       res = keyserver_import_keyid (c->ctrl, sig->keyid, opt.keyserver, 1);
    1915           0 :       glo_ctrl.in_auto_key_retrieve--;
    1916           0 :       if (!res)
    1917           0 :         rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
    1918             :     }
    1919             : 
    1920         187 :   if (!rc || gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
    1921         183 :     {
    1922             :       kbnode_t un, keyblock;
    1923         186 :       int count = 0;
    1924             :       int statno;
    1925             :       char keyid_str[50];
    1926         186 :       PKT_public_key *mainpk = NULL;
    1927             : 
    1928         186 :       if (rc)
    1929           3 :         statno = STATUS_BADSIG;
    1930         183 :       else if (sig->flags.expired)
    1931           0 :         statno = STATUS_EXPSIG;
    1932         183 :       else if (is_expkey)
    1933           0 :         statno = STATUS_EXPKEYSIG;
    1934         183 :       else if(is_revkey)
    1935           0 :         statno = STATUS_REVKEYSIG;
    1936             :       else
    1937         183 :         statno = STATUS_GOODSIG;
    1938             : 
    1939             :       /* FIXME: We should have the public key in PK and thus the
    1940             :        * keyboock has already been fetched.  Thus we could use the
    1941             :        * fingerprint or PK itself to lookup the entire keyblock.  That
    1942             :        * would best be done with a cache.  */
    1943         186 :       keyblock = get_pubkeyblock (sig->keyid);
    1944             : 
    1945         372 :       snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
    1946         372 :                 (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
    1947             : 
    1948             :       /* Find and print the primary user ID along with the
    1949             :          "Good|Expired|Bad signature" line.  */
    1950        1615 :       for (un=keyblock; un; un = un->next)
    1951             :         {
    1952             :           int valid;
    1953             : 
    1954        1429 :           if (un->pkt->pkttype==PKT_PUBLIC_KEY)
    1955             :             {
    1956         186 :               mainpk = un->pkt->pkt.public_key;
    1957         186 :               continue;
    1958             :             }
    1959        1243 :           if (un->pkt->pkttype != PKT_USER_ID)
    1960         853 :             continue;
    1961         390 :           if (!un->pkt->pkt.user_id->created)
    1962           0 :             continue;
    1963         390 :           if (un->pkt->pkt.user_id->is_revoked)
    1964           0 :             continue;
    1965         390 :           if (un->pkt->pkt.user_id->is_expired)
    1966           0 :             continue;
    1967         390 :           if (!un->pkt->pkt.user_id->is_primary)
    1968         204 :             continue;
    1969             :           /* We want the textual primary user ID here */
    1970         186 :           if (un->pkt->pkt.user_id->attrib_data)
    1971           0 :             continue;
    1972             : 
    1973         186 :           log_assert (mainpk);
    1974             : 
    1975             :           /* Since this is just informational, don't actually ask the
    1976             :              user to update any trust information.  (Note: we register
    1977             :              the signature later.)  Because print_good_bad_signature
    1978             :              does not print a LF we need to compute the validity
    1979             :              before calling that function.  */
    1980         186 :           if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
    1981         186 :             valid = get_validity (c->ctrl, keyblock, mainpk,
    1982         186 :                                   un->pkt->pkt.user_id, NULL, 0);
    1983             :           else
    1984           0 :             valid = 0; /* Not used.  */
    1985             : 
    1986         186 :           keyid_str[17] = 0; /* cut off the "[uncertain]" part */
    1987             : 
    1988         186 :           print_good_bad_signature (statno, keyid_str, un, sig, rc);
    1989             : 
    1990         186 :           if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
    1991         186 :             log_printf (" [%s]\n",trust_value_to_string(valid));
    1992             :           else
    1993           0 :             log_printf ("\n");
    1994             : 
    1995         186 :           count++;
    1996             :         }
    1997             : 
    1998         186 :       log_assert (mainpk);
    1999             : 
    2000             :       /* In case we did not found a valid valid textual userid above
    2001             :          we print the first user id packet or a "[?]" instead along
    2002             :          with the "Good|Expired|Bad signature" line.  */
    2003         186 :       if (!count)
    2004             :         {
    2005             :           /* Try for an invalid textual userid */
    2006           0 :           for (un=keyblock; un; un = un->next)
    2007             :             {
    2008           0 :               if (un->pkt->pkttype == PKT_USER_ID
    2009           0 :                   && !un->pkt->pkt.user_id->attrib_data)
    2010           0 :                 break;
    2011             :             }
    2012             : 
    2013             :           /* Try for any userid at all */
    2014           0 :           if (!un)
    2015             :             {
    2016           0 :               for (un=keyblock; un; un = un->next)
    2017             :                 {
    2018           0 :                   if (un->pkt->pkttype == PKT_USER_ID)
    2019           0 :                     break;
    2020             :                 }
    2021             :             }
    2022             : 
    2023           0 :           if (opt.trust_model==TM_ALWAYS || !un)
    2024           0 :             keyid_str[17] = 0; /* cut off the "[uncertain]" part */
    2025             : 
    2026           0 :           print_good_bad_signature (statno, keyid_str, un, sig, rc);
    2027             : 
    2028           0 :           if (opt.trust_model != TM_ALWAYS && un)
    2029           0 :             log_printf (" %s",_("[uncertain]") );
    2030           0 :           log_printf ("\n");
    2031             :         }
    2032             : 
    2033             :       /* If we have a good signature and already printed
    2034             :        * the primary user ID, print all the other user IDs */
    2035         186 :       if (count
    2036         186 :           && !rc
    2037         183 :           && !(opt.verify_options & VERIFY_SHOW_PRIMARY_UID_ONLY))
    2038             :         {
    2039             :           char *p;
    2040        1593 :           for( un=keyblock; un; un = un->next)
    2041             :             {
    2042        1410 :               if (un->pkt->pkttype != PKT_USER_ID)
    2043        1025 :                 continue;
    2044         385 :               if ((un->pkt->pkt.user_id->is_revoked
    2045         385 :                    || un->pkt->pkt.user_id->is_expired)
    2046           0 :                   && !(opt.verify_options & VERIFY_SHOW_UNUSABLE_UIDS))
    2047           0 :                 continue;
    2048             :               /* Skip textual primary user ids which we printed above. */
    2049         385 :               if (un->pkt->pkt.user_id->is_primary
    2050         183 :                   && !un->pkt->pkt.user_id->attrib_data )
    2051         183 :                 continue;
    2052             : 
    2053             :               /* If this user id has attribute data, print that.  */
    2054         202 :               if (un->pkt->pkt.user_id->attrib_data)
    2055             :                 {
    2056           0 :                   dump_attribs (un->pkt->pkt.user_id, mainpk);
    2057             : 
    2058           0 :                   if (opt.verify_options&VERIFY_SHOW_PHOTOS)
    2059           0 :                     show_photos (c->ctrl,
    2060           0 :                                  un->pkt->pkt.user_id->attribs,
    2061           0 :                                  un->pkt->pkt.user_id->numattribs,
    2062           0 :                                  mainpk ,un->pkt->pkt.user_id);
    2063             :                 }
    2064             : 
    2065         202 :               p = utf8_to_native (un->pkt->pkt.user_id->name,
    2066         202 :                                   un->pkt->pkt.user_id->len, 0);
    2067         202 :               log_info (_("                aka \"%s\""), p);
    2068         202 :               xfree (p);
    2069             : 
    2070         202 :               if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
    2071             :                 {
    2072             :                   const char *valid;
    2073             : 
    2074         202 :                   if (un->pkt->pkt.user_id->is_revoked)
    2075           0 :                     valid = _("revoked");
    2076         202 :                   else if (un->pkt->pkt.user_id->is_expired)
    2077           0 :                     valid = _("expired");
    2078             :                   else
    2079             :                     /* Since this is just informational, don't
    2080             :                        actually ask the user to update any trust
    2081             :                        information.  */
    2082         202 :                     valid = (trust_value_to_string
    2083             :                              (get_validity (c->ctrl, keyblock, mainpk,
    2084         202 :                                             un->pkt->pkt.user_id, NULL, 0)));
    2085         202 :                   log_printf (" [%s]\n",valid);
    2086             :                 }
    2087             :               else
    2088           0 :                 log_printf ("\n");
    2089             :             }
    2090             :         }
    2091             : 
    2092             :       /* For good signatures print notation data.  */
    2093         186 :       if (!rc)
    2094             :         {
    2095         183 :           if ((opt.verify_options & VERIFY_SHOW_POLICY_URLS))
    2096         183 :             show_policy_url (sig, 0, 1);
    2097             :           else
    2098           0 :             show_policy_url (sig, 0, 2);
    2099             : 
    2100         183 :           if ((opt.verify_options & VERIFY_SHOW_KEYSERVER_URLS))
    2101         183 :             show_keyserver_url (sig, 0, 1);
    2102             :           else
    2103           0 :             show_keyserver_url (sig, 0, 2);
    2104             : 
    2105         183 :           if ((opt.verify_options & VERIFY_SHOW_NOTATIONS))
    2106         183 :             show_notation
    2107             :               (sig, 0, 1,
    2108         183 :                (((opt.verify_options&VERIFY_SHOW_STD_NOTATIONS)?1:0)
    2109         183 :                 + ((opt.verify_options&VERIFY_SHOW_USER_NOTATIONS)?2:0)));
    2110             :           else
    2111           0 :             show_notation (sig, 0, 2, 0);
    2112             :         }
    2113             : 
    2114             :       /* For good signatures print the VALIDSIG status line.  */
    2115         186 :       if (!rc && is_status_enabled () && pk)
    2116             :         {
    2117             :           char pkhex[MAX_FINGERPRINT_LEN*2+1];
    2118             :           char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
    2119             : 
    2120          13 :           hexfingerprint (pk, pkhex, sizeof pkhex);
    2121          13 :           hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
    2122             : 
    2123             :           /* TODO: Replace the reserved '0' in the field below with
    2124             :              bits for status flags (policy url, notation, etc.).  */
    2125          78 :           write_status_printf (STATUS_VALIDSIG,
    2126             :                                "%s %s %lu %lu %d 0 %d %d %02X %s",
    2127             :                                pkhex,
    2128             :                                strtimestamp (sig->timestamp),
    2129          13 :                                (ulong)sig->timestamp,
    2130          13 :                                (ulong)sig->expiredate,
    2131          26 :                                sig->version, sig->pubkey_algo,
    2132          13 :                                sig->digest_algo,
    2133          13 :                                sig->sig_class,
    2134             :                                mainpkhex);
    2135             :         }
    2136             : 
    2137             :       /* For good signatures compute and print the trust information.
    2138             :          Note that in the Tofu trust model this may ask the user on
    2139             :          how to resolve a conflict.  */
    2140         186 :       if (!rc)
    2141             :         {
    2142         183 :           if ((opt.verify_options & VERIFY_PKA_LOOKUPS))
    2143           0 :             pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */
    2144         183 :           rc = check_signatures_trust (c->ctrl, sig);
    2145             :         }
    2146             : 
    2147             :       /* Print extra information about the signature.  */
    2148         186 :       if (sig->flags.expired)
    2149             :         {
    2150           0 :           log_info (_("Signature expired %s\n"), asctimestamp(sig->expiredate));
    2151           0 :           rc = GPG_ERR_GENERAL; /* Need a better error here?  */
    2152             :         }
    2153         186 :       else if (sig->expiredate)
    2154           0 :         log_info (_("Signature expires %s\n"), asctimestamp(sig->expiredate));
    2155             : 
    2156         186 :       if (opt.verbose)
    2157             :         {
    2158             :           char pkstrbuf[PUBKEY_STRING_SIZE];
    2159             : 
    2160           0 :           if (pk)
    2161           0 :             pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
    2162             :           else
    2163           0 :             *pkstrbuf = 0;
    2164             : 
    2165           0 :           log_info (_("%s signature, digest algorithm %s%s%s\n"),
    2166           0 :                     sig->sig_class==0x00?_("binary"):
    2167           0 :                     sig->sig_class==0x01?_("textmode"):_("unknown"),
    2168           0 :                     gcry_md_algo_name (sig->digest_algo),
    2169           0 :                     *pkstrbuf?_(", key algorithm "):"", pkstrbuf);
    2170             :         }
    2171             : 
    2172             :       /* Print final warnings.  */
    2173         186 :       if (!rc && !c->signed_data.used)
    2174             :         {
    2175             :           /* Signature is basically good but we test whether the
    2176             :              deprecated command
    2177             :                gpg --verify FILE.sig
    2178             :              was used instead of
    2179             :                gpg --verify FILE.sig FILE
    2180             :              to verify a detached signature.  If we figure out that a
    2181             :              data file with a matching name exists, we print a warning.
    2182             : 
    2183             :              The problem is that the first form would also verify a
    2184             :              standard signature.  This behavior could be used to
    2185             :              create a made up .sig file for a tarball by creating a
    2186             :              standard signature from a valid detached signature packet
    2187             :              (for example from a signed git tag).  Then replace the
    2188             :              sig file on the FTP server along with a changed tarball.
    2189             :              Using the first form the verify command would correctly
    2190             :              verify the signature but don't even consider the tarball.  */
    2191             :           kbnode_t n;
    2192             :           char *dfile;
    2193             : 
    2194         183 :           dfile = get_matching_datafile (c->sigfilename);
    2195         183 :           if (dfile)
    2196             :             {
    2197           0 :               for (n = c->list; n; n = n->next)
    2198           0 :                 if (n->pkt->pkttype != PKT_SIGNATURE)
    2199           0 :                   break;
    2200           0 :               if (n)
    2201             :                 {
    2202             :                   /* Not only signature packets in the tree thus this
    2203             :                      is not a detached signature.  */
    2204           0 :                   log_info (_("WARNING: not a detached signature; "
    2205             :                               "file '%s' was NOT verified!\n"), dfile);
    2206             :                 }
    2207           0 :               xfree (dfile);
    2208             :             }
    2209             :         }
    2210             : 
    2211         186 :       free_public_key (pk);
    2212         186 :       pk = NULL;
    2213         186 :       release_kbnode( keyblock );
    2214         186 :       if (rc)
    2215           3 :         g10_errors_seen = 1;
    2216         186 :       if (opt.batch && rc)
    2217           3 :         g10_exit (1);
    2218             :     }
    2219             :   else
    2220             :     {
    2221             :       char buf[50];
    2222             : 
    2223           6 :       snprintf (buf, sizeof buf, "%08lX%08lX %d %d %02x %lu %d",
    2224           2 :                 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
    2225           2 :                 sig->pubkey_algo, sig->digest_algo,
    2226           2 :                 sig->sig_class, (ulong)sig->timestamp, rc);
    2227           1 :       write_status_text (STATUS_ERRSIG, buf);
    2228           1 :       if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
    2229             :         {
    2230           0 :           buf[16] = 0;
    2231           0 :           write_status_text (STATUS_NO_PUBKEY, buf);
    2232             :         }
    2233           1 :       if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
    2234           1 :         log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
    2235             :     }
    2236             : 
    2237         184 :   return rc;
    2238             : }
    2239             : 
    2240             : 
    2241             : /*
    2242             :  * Process the tree which starts at node
    2243             :  */
    2244             : static void
    2245        1242 : proc_tree (CTX c, kbnode_t node)
    2246             : {
    2247             :   kbnode_t n1;
    2248             :   int rc;
    2249             : 
    2250        1242 :   if (opt.list_packets || opt.list_only)
    2251          24 :     return;
    2252             : 
    2253             :   /* We must skip our special plaintext marker packets here because
    2254             :      they may be the root packet.  These packets are only used in
    2255             :      additional checks and skipping them here doesn't matter.  */
    2256        2717 :   while (node
    2257         471 :          && node->pkt->pkttype == PKT_GPG_CONTROL
    2258         298 :           && node->pkt->pkt.gpg_control->control == CTRLPKT_PLAINTEXT_MARK)
    2259             :     {
    2260         281 :       node = node->next;
    2261             :     }
    2262        1218 :   if (!node)
    2263        1028 :     return;
    2264             : 
    2265         190 :   c->trustletter = ' ';
    2266         190 :   if (node->pkt->pkttype == PKT_PUBLIC_KEY
    2267         190 :       || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    2268             :     {
    2269           0 :       merge_keys_and_selfsig (node);
    2270           0 :       list_node (c, node);
    2271             :     }
    2272         190 :   else if (node->pkt->pkttype == PKT_SECRET_KEY)
    2273             :     {
    2274           0 :       merge_keys_and_selfsig (node);
    2275           0 :       list_node (c, node);
    2276             :     }
    2277         190 :   else if (node->pkt->pkttype == PKT_ONEPASS_SIG)
    2278             :     {
    2279             :       /* Check all signatures.  */
    2280         150 :       if (!c->any.data)
    2281             :         {
    2282           0 :           int use_textmode = 0;
    2283             : 
    2284           0 :           free_md_filter_context (&c->mfx);
    2285             :           /* Prepare to create all requested message digests.  */
    2286           0 :           rc = gcry_md_open (&c->mfx.md, 0, 0);
    2287           0 :           if (rc)
    2288           0 :             goto hash_err;
    2289             : 
    2290             :           /* Fixme: why looking for the signature packet and not the
    2291             :              one-pass packet?  */
    2292           0 :           for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
    2293           0 :             gcry_md_enable (c->mfx.md, n1->pkt->pkt.signature->digest_algo);
    2294             : 
    2295           0 :           if (n1 && n1->pkt->pkt.onepass_sig->sig_class == 0x01)
    2296           0 :             use_textmode = 1;
    2297             : 
    2298             :           /* Ask for file and hash it. */
    2299           0 :           if (c->sigs_only)
    2300             :             {
    2301           0 :               if (c->signed_data.used && c->signed_data.data_fd != -1)
    2302           0 :                 rc = hash_datafile_by_fd (c->mfx.md, NULL,
    2303             :                                           c->signed_data.data_fd,
    2304             :                                           use_textmode);
    2305             :               else
    2306           0 :                 rc = hash_datafiles (c->mfx.md, NULL,
    2307             :                                      c->signed_data.data_names,
    2308             :                                      c->sigfilename,
    2309             :                                      use_textmode);
    2310             :             }
    2311             :           else
    2312             :             {
    2313           0 :               rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
    2314             :                                               iobuf_get_real_fname (c->iobuf),
    2315             :                                               use_textmode);
    2316             :             }
    2317             : 
    2318             :         hash_err:
    2319           0 :           if (rc)
    2320             :             {
    2321           0 :               log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
    2322           0 :               return;
    2323             :             }
    2324             :         }
    2325         150 :       else if (c->signed_data.used)
    2326             :         {
    2327           0 :           log_error (_("not a detached signature\n"));
    2328           0 :           return;
    2329             :         }
    2330             : 
    2331         449 :       for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
    2332         152 :         check_sig_and_print (c, n1);
    2333             : 
    2334             :     }
    2335          57 :   else if (node->pkt->pkttype == PKT_GPG_CONTROL
    2336          17 :            && node->pkt->pkt.gpg_control->control == CTRLPKT_CLEARSIGN_START)
    2337             :     {
    2338             :       /* Clear text signed message.  */
    2339          17 :       if (!c->any.data)
    2340             :         {
    2341           0 :           log_error ("cleartext signature without data\n");
    2342           0 :           return;
    2343             :         }
    2344          17 :       else if (c->signed_data.used)
    2345             :         {
    2346           0 :           log_error (_("not a detached signature\n"));
    2347           0 :           return;
    2348             :         }
    2349             : 
    2350          53 :       for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE));)
    2351          19 :         check_sig_and_print (c, n1);
    2352             : 
    2353             :     }
    2354          23 :   else if (node->pkt->pkttype == PKT_SIGNATURE)
    2355             :     {
    2356          23 :       PKT_signature *sig = node->pkt->pkt.signature;
    2357          23 :       int multiple_ok = 1;
    2358             : 
    2359          23 :       n1 = find_next_kbnode (node, PKT_SIGNATURE);
    2360          23 :       if (n1)
    2361             :         {
    2362           3 :           byte class = sig->sig_class;
    2363           3 :           byte hash  = sig->digest_algo;
    2364             : 
    2365           6 :           for (; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
    2366             :             {
    2367             :               /* We can't currently handle multiple signatures of
    2368             :                * different classes (we'd pretty much have to run a
    2369             :                * different hash context for each), but if they are all
    2370             :                * the same and it is detached signature, we make an
    2371             :                * exception.  Note that the old code also disallowed
    2372             :                * multiple signatures if the digest algorithms are
    2373             :                * different.  We softened this restriction only for
    2374             :                * detached signatures, to be on the safe side. */
    2375           3 :               if (n1->pkt->pkt.signature->sig_class != class
    2376           3 :                   || (c->any.data
    2377           3 :                       && n1->pkt->pkt.signature->digest_algo != hash))
    2378             :                 {
    2379           0 :                   multiple_ok = 0;
    2380           0 :                   log_info (_("WARNING: multiple signatures detected.  "
    2381             :                               "Only the first will be checked.\n"));
    2382           0 :                   break;
    2383             :                 }
    2384             :             }
    2385             :         }
    2386             : 
    2387          23 :       if (sig->sig_class != 0x00 && sig->sig_class != 0x01)
    2388             :         {
    2389           0 :           log_info(_("standalone signature of class 0x%02x\n"), sig->sig_class);
    2390             :         }
    2391          23 :       else if (!c->any.data)
    2392             :         {
    2393             :           /* Detached signature */
    2394          16 :           free_md_filter_context (&c->mfx);
    2395          16 :           rc = gcry_md_open (&c->mfx.md, sig->digest_algo, 0);
    2396          16 :           if (rc)
    2397           0 :             goto detached_hash_err;
    2398             : 
    2399          16 :           if (multiple_ok)
    2400             :             {
    2401             :               /* If we have and want to handle multiple signatures we
    2402             :                * need to enable all hash algorithms for the context.  */
    2403          32 :               for (n1 = node; (n1 = find_next_kbnode (n1, PKT_SIGNATURE)); )
    2404           0 :                 if (!openpgp_md_test_algo (n1->pkt->pkt.signature->digest_algo))
    2405           0 :                   gcry_md_enable (c->mfx.md,
    2406           0 :                                   map_md_openpgp_to_gcry
    2407           0 :                                   (n1->pkt->pkt.signature->digest_algo));
    2408             :             }
    2409             : 
    2410          16 :           if (RFC2440 || RFC4880)
    2411             :             ; /* Strict RFC mode.  */
    2412          16 :           else if (sig->digest_algo == DIGEST_ALGO_SHA1
    2413          16 :                    && sig->pubkey_algo == PUBKEY_ALGO_DSA
    2414          16 :                    && sig->sig_class == 0x01)
    2415             :             {
    2416             :               /* Enable a workaround for a pgp5 bug when the detached
    2417             :                * signature has been created in textmode.  Note that we
    2418             :                * do not implement this for multiple signatures with
    2419             :                * different hash algorithms. */
    2420           0 :               rc = gcry_md_open (&c->mfx.md2, sig->digest_algo, 0);
    2421           0 :               if (rc)
    2422           0 :                 goto detached_hash_err;
    2423             :             }
    2424             : 
    2425             :           /* Here we used to have another hack to work around a pgp
    2426             :            * 2 bug: It worked by not using the textmode for detached
    2427             :            * signatures; this would let the first signature check
    2428             :            * (on md) fail but the second one (on md2), which adds an
    2429             :            * extra CR would then have produced the "correct" hash.
    2430             :            * This is very, very ugly hack but it may haved help in
    2431             :            * some cases (and break others).
    2432             :            *     c->mfx.md2? 0 :(sig->sig_class == 0x01)
    2433             :            */
    2434             : 
    2435          16 :           if (DBG_HASHING)
    2436             :             {
    2437           0 :               gcry_md_debug (c->mfx.md, "verify");
    2438           0 :               if (c->mfx.md2)
    2439           0 :                 gcry_md_debug (c->mfx.md2, "verify2");
    2440             :             }
    2441             : 
    2442          16 :           if (c->sigs_only)
    2443             :             {
    2444           0 :               if (c->signed_data.used && c->signed_data.data_fd != -1)
    2445           0 :                 rc = hash_datafile_by_fd (c->mfx.md, c->mfx.md2,
    2446             :                                           c->signed_data.data_fd,
    2447           0 :                                           (sig->sig_class == 0x01));
    2448             :               else
    2449           0 :                 rc = hash_datafiles (c->mfx.md, c->mfx.md2,
    2450             :                                      c->signed_data.data_names,
    2451             :                                      c->sigfilename,
    2452           0 :                                      (sig->sig_class == 0x01));
    2453             :             }
    2454             :           else
    2455             :             {
    2456          16 :               rc = ask_for_detached_datafile (c->mfx.md, c->mfx.md2,
    2457             :                                               iobuf_get_real_fname(c->iobuf),
    2458          16 :                                               (sig->sig_class == 0x01));
    2459             :             }
    2460             : 
    2461             :         detached_hash_err:
    2462          16 :           if (rc)
    2463             :             {
    2464           0 :               log_error ("can't hash datafile: %s\n", gpg_strerror (rc));
    2465           0 :               return;
    2466             :             }
    2467             :         }
    2468           7 :       else if (c->signed_data.used)
    2469             :         {
    2470           0 :           log_error (_("not a detached signature\n"));
    2471           0 :           return;
    2472             :         }
    2473           7 :       else if (!opt.quiet)
    2474           7 :         log_info (_("old style (PGP 2.x) signature\n"));
    2475             : 
    2476          23 :       if (multiple_ok)
    2477             :         {
    2478          49 :           for (n1 = node; n1; (n1 = find_next_kbnode(n1, PKT_SIGNATURE)))
    2479          26 :             check_sig_and_print (c, n1);
    2480             :         }
    2481             :       else
    2482           0 :         check_sig_and_print (c, node);
    2483             : 
    2484             :     }
    2485             :   else
    2486             :     {
    2487           0 :       dump_kbnode (c->list);
    2488           0 :       log_error ("invalid root packet detected in proc_tree()\n");
    2489           0 :       dump_kbnode (node);
    2490             :     }
    2491             : }

Generated by: LCOV version 1.11