LCOV - code coverage report
Current view: top level - g10 - gpg.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 851 2178 39.1 %
Date: 2016-09-12 12:29:17 Functions: 28 40 70.0 %

          Line data    Source code
       1             : /* gpg.c - The GnuPG utility (main for gpg)
       2             :  * Copyright (C) 1998-2011 Free Software Foundation, Inc.
       3             :  * Copyright (C) 1997-2016 Werner Koch
       4             :  * Copyright (C) 2015-2016 g10 Code GmbH
       5             :  *
       6             :  * This file is part of GnuPG.
       7             :  *
       8             :  * GnuPG is free software; you can redistribute it and/or modify
       9             :  * it under the terms of the GNU General Public License as published by
      10             :  * the Free Software Foundation; either version 3 of the License, or
      11             :  * (at your option) any later version.
      12             :  *
      13             :  * GnuPG is distributed in the hope that it will be useful,
      14             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      16             :  * GNU General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU General Public License
      19             :  * along with this program; if not, see <http://www.gnu.org/licenses/>.
      20             :  */
      21             : 
      22             : #include <config.h>
      23             : #include <errno.h>
      24             : #include <stdio.h>
      25             : #include <stdlib.h>
      26             : #include <string.h>
      27             : #include <ctype.h>
      28             : #include <unistd.h>
      29             : #ifdef HAVE_STAT
      30             : #include <sys/stat.h> /* for stat() */
      31             : #endif
      32             : #include <fcntl.h>
      33             : #ifdef HAVE_W32_SYSTEM
      34             : # ifdef HAVE_WINSOCK2_H
      35             : #  include <winsock2.h>
      36             : # endif
      37             : # include <windows.h>
      38             : #endif
      39             : 
      40             : #define INCLUDED_BY_MAIN_MODULE 1
      41             : #include "gpg.h"
      42             : #include <assuan.h>
      43             : #include "../common/iobuf.h"
      44             : #include "util.h"
      45             : #include "packet.h"
      46             : #include "membuf.h"
      47             : #include "main.h"
      48             : #include "options.h"
      49             : #include "keydb.h"
      50             : #include "trustdb.h"
      51             : #include "filter.h"
      52             : #include "ttyio.h"
      53             : #include "i18n.h"
      54             : #include "sysutils.h"
      55             : #include "status.h"
      56             : #include "keyserver-internal.h"
      57             : #include "exec.h"
      58             : #include "gc-opt-flags.h"
      59             : #include "asshelp.h"
      60             : #include "call-dirmngr.h"
      61             : #include "tofu.h"
      62             : #include "../common/init.h"
      63             : #include "../common/mbox-util.h"
      64             : #include "../common/shareddefs.h"
      65             : 
      66             : #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__)
      67             : #define MY_O_BINARY  O_BINARY
      68             : #ifndef S_IRGRP
      69             : # define S_IRGRP 0
      70             : # define S_IWGRP 0
      71             : #endif
      72             : #else
      73             : #define MY_O_BINARY  0
      74             : #endif
      75             : 
      76             : 
      77             : enum cmd_and_opt_values
      78             :   {
      79             :     aNull = 0,
      80             :     oArmor        = 'a',
      81             :     aDetachedSign = 'b',
      82             :     aSym          = 'c',
      83             :     aDecrypt      = 'd',
      84             :     aEncr         = 'e',
      85             :     oRecipientFile       = 'f',
      86             :     oHiddenRecipientFile = 'F',
      87             :     oInteractive  = 'i',
      88             :     aListKeys     = 'k',
      89             :     oDryRun       = 'n',
      90             :     oOutput       = 'o',
      91             :     oQuiet        = 'q',
      92             :     oRecipient    = 'r',
      93             :     oHiddenRecipient = 'R',
      94             :     aSign         = 's',
      95             :     oTextmodeShort= 't',
      96             :     oLocalUser    = 'u',
      97             :     oVerbose      = 'v',
      98             :     oCompress     = 'z',
      99             :     oSetNotation  = 'N',
     100             :     aListSecretKeys = 'K',
     101             :     oBatch        = 500,
     102             :     oMaxOutput,
     103             :     oInputSizeHint,
     104             :     oSigNotation,
     105             :     oCertNotation,
     106             :     oShowNotation,
     107             :     oNoShowNotation,
     108             :     aEncrFiles,
     109             :     aEncrSym,
     110             :     aDecryptFiles,
     111             :     aClearsign,
     112             :     aStore,
     113             :     aQuickKeygen,
     114             :     aFullKeygen,
     115             :     aKeygen,
     116             :     aSignEncr,
     117             :     aSignEncrSym,
     118             :     aSignSym,
     119             :     aSignKey,
     120             :     aLSignKey,
     121             :     aQuickSignKey,
     122             :     aQuickLSignKey,
     123             :     aQuickAddUid,
     124             :     aQuickAddKey,
     125             :     aQuickRevUid,
     126             :     aListConfig,
     127             :     aListGcryptConfig,
     128             :     aGPGConfList,
     129             :     aGPGConfTest,
     130             :     aListPackets,
     131             :     aEditKey,
     132             :     aDeleteKeys,
     133             :     aDeleteSecretKeys,
     134             :     aDeleteSecretAndPublicKeys,
     135             :     aImport,
     136             :     aFastImport,
     137             :     aVerify,
     138             :     aVerifyFiles,
     139             :     aListSigs,
     140             :     aSendKeys,
     141             :     aRecvKeys,
     142             :     aLocateKeys,
     143             :     aSearchKeys,
     144             :     aRefreshKeys,
     145             :     aFetchKeys,
     146             :     aExport,
     147             :     aExportSecret,
     148             :     aExportSecretSub,
     149             :     aExportSshKey,
     150             :     aCheckKeys,
     151             :     aGenRevoke,
     152             :     aDesigRevoke,
     153             :     aPrimegen,
     154             :     aPrintMD,
     155             :     aPrintMDs,
     156             :     aCheckTrustDB,
     157             :     aUpdateTrustDB,
     158             :     aFixTrustDB,
     159             :     aListTrustDB,
     160             :     aListTrustPath,
     161             :     aExportOwnerTrust,
     162             :     aImportOwnerTrust,
     163             :     aDeArmor,
     164             :     aEnArmor,
     165             :     aGenRandom,
     166             :     aRebuildKeydbCaches,
     167             :     aCardStatus,
     168             :     aCardEdit,
     169             :     aChangePIN,
     170             :     aPasswd,
     171             :     aServer,
     172             :     aTOFUPolicy,
     173             : 
     174             :     oMimemode,
     175             :     oTextmode,
     176             :     oNoTextmode,
     177             :     oExpert,
     178             :     oNoExpert,
     179             :     oDefSigExpire,
     180             :     oAskSigExpire,
     181             :     oNoAskSigExpire,
     182             :     oDefCertExpire,
     183             :     oAskCertExpire,
     184             :     oNoAskCertExpire,
     185             :     oDefCertLevel,
     186             :     oMinCertLevel,
     187             :     oAskCertLevel,
     188             :     oNoAskCertLevel,
     189             :     oFingerprint,
     190             :     oWithFingerprint,
     191             :     oWithSubkeyFingerprint,
     192             :     oWithICAOSpelling,
     193             :     oWithKeygrip,
     194             :     oWithSecret,
     195             :     oWithWKDHash,
     196             :     oWithColons,
     197             :     oWithKeyData,
     198             :     oWithTofuInfo,
     199             :     oWithSigList,
     200             :     oWithSigCheck,
     201             :     oAnswerYes,
     202             :     oAnswerNo,
     203             :     oKeyring,
     204             :     oPrimaryKeyring,
     205             :     oSecretKeyring,
     206             :     oShowKeyring,
     207             :     oDefaultKey,
     208             :     oDefRecipient,
     209             :     oDefRecipientSelf,
     210             :     oNoDefRecipient,
     211             :     oTrySecretKey,
     212             :     oOptions,
     213             :     oDebug,
     214             :     oDebugLevel,
     215             :     oDebugAll,
     216             :     oDebugIOLBF,
     217             :     oStatusFD,
     218             :     oStatusFile,
     219             :     oAttributeFD,
     220             :     oAttributeFile,
     221             :     oEmitVersion,
     222             :     oNoEmitVersion,
     223             :     oCompletesNeeded,
     224             :     oMarginalsNeeded,
     225             :     oMaxCertDepth,
     226             :     oLoadExtension,
     227             :     oGnuPG,
     228             :     oRFC2440,
     229             :     oRFC4880,
     230             :     oRFC4880bis,
     231             :     oOpenPGP,
     232             :     oPGP6,
     233             :     oPGP7,
     234             :     oPGP8,
     235             :     oRFC2440Text,
     236             :     oNoRFC2440Text,
     237             :     oCipherAlgo,
     238             :     oDigestAlgo,
     239             :     oCertDigestAlgo,
     240             :     oCompressAlgo,
     241             :     oCompressLevel,
     242             :     oBZ2CompressLevel,
     243             :     oBZ2DecompressLowmem,
     244             :     oPassphrase,
     245             :     oPassphraseFD,
     246             :     oPassphraseFile,
     247             :     oPassphraseRepeat,
     248             :     oPinentryMode,
     249             :     oCommandFD,
     250             :     oCommandFile,
     251             :     oQuickRandom,
     252             :     oNoVerbose,
     253             :     oTrustDBName,
     254             :     oNoSecmemWarn,
     255             :     oRequireSecmem,
     256             :     oNoRequireSecmem,
     257             :     oNoPermissionWarn,
     258             :     oNoMDCWarn,
     259             :     oNoArmor,
     260             :     oNoDefKeyring,
     261             :     oNoKeyring,
     262             :     oNoGreeting,
     263             :     oNoTTY,
     264             :     oNoOptions,
     265             :     oNoBatch,
     266             :     oHomedir,
     267             :     oSkipVerify,
     268             :     oSkipHiddenRecipients,
     269             :     oNoSkipHiddenRecipients,
     270             :     oAlwaysTrust,
     271             :     oTrustModel,
     272             :     oForceOwnertrust,
     273             :     oSetFilename,
     274             :     oForYourEyesOnly,
     275             :     oNoForYourEyesOnly,
     276             :     oSetPolicyURL,
     277             :     oSigPolicyURL,
     278             :     oCertPolicyURL,
     279             :     oShowPolicyURL,
     280             :     oNoShowPolicyURL,
     281             :     oSigKeyserverURL,
     282             :     oUseEmbeddedFilename,
     283             :     oNoUseEmbeddedFilename,
     284             :     oComment,
     285             :     oDefaultComment,
     286             :     oNoComments,
     287             :     oThrowKeyids,
     288             :     oNoThrowKeyids,
     289             :     oShowPhotos,
     290             :     oNoShowPhotos,
     291             :     oPhotoViewer,
     292             :     oForceMDC,
     293             :     oNoForceMDC,
     294             :     oDisableMDC,
     295             :     oNoDisableMDC,
     296             :     oS2KMode,
     297             :     oS2KDigest,
     298             :     oS2KCipher,
     299             :     oS2KCount,
     300             :     oDisplayCharset,
     301             :     oNotDashEscaped,
     302             :     oEscapeFrom,
     303             :     oNoEscapeFrom,
     304             :     oLockOnce,
     305             :     oLockMultiple,
     306             :     oLockNever,
     307             :     oKeyServer,
     308             :     oKeyServerOptions,
     309             :     oImportOptions,
     310             :     oImportFilter,
     311             :     oExportOptions,
     312             :     oExportFilter,
     313             :     oListOptions,
     314             :     oVerifyOptions,
     315             :     oTempDir,
     316             :     oExecPath,
     317             :     oEncryptTo,
     318             :     oHiddenEncryptTo,
     319             :     oNoEncryptTo,
     320             :     oEncryptToDefaultKey,
     321             :     oLoggerFD,
     322             :     oLoggerFile,
     323             :     oUtf8Strings,
     324             :     oNoUtf8Strings,
     325             :     oDisableCipherAlgo,
     326             :     oDisablePubkeyAlgo,
     327             :     oAllowNonSelfsignedUID,
     328             :     oNoAllowNonSelfsignedUID,
     329             :     oAllowFreeformUID,
     330             :     oNoAllowFreeformUID,
     331             :     oAllowSecretKeyImport,
     332             :     oEnableSpecialFilenames,
     333             :     oNoLiteral,
     334             :     oSetFilesize,
     335             :     oHonorHttpProxy,
     336             :     oFastListMode,
     337             :     oListOnly,
     338             :     oIgnoreTimeConflict,
     339             :     oIgnoreValidFrom,
     340             :     oIgnoreCrcError,
     341             :     oIgnoreMDCError,
     342             :     oShowSessionKey,
     343             :     oOverrideSessionKey,
     344             :     oNoRandomSeedFile,
     345             :     oAutoKeyRetrieve,
     346             :     oNoAutoKeyRetrieve,
     347             :     oUseAgent,
     348             :     oNoUseAgent,
     349             :     oGpgAgentInfo,
     350             :     oMergeOnly,
     351             :     oTryAllSecrets,
     352             :     oTrustedKey,
     353             :     oNoExpensiveTrustChecks,
     354             :     oFixedListMode,
     355             :     oLegacyListMode,
     356             :     oNoSigCache,
     357             :     oAutoCheckTrustDB,
     358             :     oNoAutoCheckTrustDB,
     359             :     oPreservePermissions,
     360             :     oDefaultPreferenceList,
     361             :     oDefaultKeyserverURL,
     362             :     oPersonalCipherPreferences,
     363             :     oPersonalDigestPreferences,
     364             :     oPersonalCompressPreferences,
     365             :     oAgentProgram,
     366             :     oDirmngrProgram,
     367             :     oDisplay,
     368             :     oTTYname,
     369             :     oTTYtype,
     370             :     oLCctype,
     371             :     oLCmessages,
     372             :     oXauthority,
     373             :     oGroup,
     374             :     oUnGroup,
     375             :     oNoGroups,
     376             :     oStrict,
     377             :     oNoStrict,
     378             :     oMangleDosFilenames,
     379             :     oNoMangleDosFilenames,
     380             :     oEnableProgressFilter,
     381             :     oMultifile,
     382             :     oKeyidFormat,
     383             :     oExitOnStatusWriteError,
     384             :     oLimitCardInsertTries,
     385             :     oReaderPort,
     386             :     octapiDriver,
     387             :     opcscDriver,
     388             :     oDisableCCID,
     389             :     oRequireCrossCert,
     390             :     oNoRequireCrossCert,
     391             :     oAutoKeyLocate,
     392             :     oNoAutoKeyLocate,
     393             :     oAllowMultisigVerification,
     394             :     oEnableLargeRSA,
     395             :     oDisableLargeRSA,
     396             :     oEnableDSA2,
     397             :     oDisableDSA2,
     398             :     oAllowMultipleMessages,
     399             :     oNoAllowMultipleMessages,
     400             :     oAllowWeakDigestAlgos,
     401             :     oFakedSystemTime,
     402             :     oNoAutostart,
     403             :     oPrintPKARecords,
     404             :     oPrintDANERecords,
     405             :     oTOFUDefaultPolicy,
     406             :     oTOFUDBFormat,
     407             :     oWeakDigest,
     408             :     oUnwrap,
     409             :     oOnlySignTextIDs,
     410             :     oDisableSignerUID,
     411             :     oSender,
     412             : 
     413             :     oNoop
     414             :   };
     415             : 
     416             : 
     417             : static ARGPARSE_OPTS opts[] = {
     418             : 
     419             :   ARGPARSE_group (300, N_("@Commands:\n ")),
     420             : 
     421             :   ARGPARSE_c (aSign, "sign", N_("make a signature")),
     422             :   ARGPARSE_c (aClearsign, "clearsign", N_("make a clear text signature")),
     423             :   ARGPARSE_c (aDetachedSign, "detach-sign", N_("make a detached signature")),
     424             :   ARGPARSE_c (aEncr, "encrypt",   N_("encrypt data")),
     425             :   ARGPARSE_c (aEncrFiles, "encrypt-files", "@"),
     426             :   ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
     427             :   ARGPARSE_c (aStore, "store",     "@"),
     428             :   ARGPARSE_c (aDecrypt, "decrypt",   N_("decrypt data (default)")),
     429             :   ARGPARSE_c (aDecryptFiles, "decrypt-files", "@"),
     430             :   ARGPARSE_c (aVerify, "verify"   , N_("verify a signature")),
     431             :   ARGPARSE_c (aVerifyFiles, "verify-files" , "@" ),
     432             :   ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
     433             :   ARGPARSE_c (aListKeys, "list-public-keys", "@" ),
     434             :   ARGPARSE_c (aListSigs, "list-sigs", N_("list keys and signatures")),
     435             :   ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
     436             :   ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
     437             :   ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
     438             :   ARGPARSE_c (aKeygen,      "gen-key",
     439             :               N_("generate a new key pair")),
     440             :   ARGPARSE_c (aQuickKeygen, "quick-gen-key" ,
     441             :               N_("quickly generate a new key pair")),
     442             :   ARGPARSE_c (aQuickAddUid,  "quick-adduid",
     443             :               N_("quickly add a new user-id")),
     444             :   ARGPARSE_c (aQuickAddKey,  "quick-addkey", "@"),
     445             :   ARGPARSE_c (aQuickRevUid,  "quick-revuid",
     446             :               N_("quickly revoke a user-id")),
     447             :   ARGPARSE_c (aFullKeygen,  "full-gen-key" ,
     448             :               N_("full featured key pair generation")),
     449             :   ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
     450             :   ARGPARSE_c (aDeleteKeys,"delete-keys",
     451             :               N_("remove keys from the public keyring")),
     452             :   ARGPARSE_c (aDeleteSecretKeys, "delete-secret-keys",
     453             :               N_("remove keys from the secret keyring")),
     454             :   ARGPARSE_c (aQuickSignKey,  "quick-sign-key" ,
     455             :               N_("quickly sign a key")),
     456             :   ARGPARSE_c (aQuickLSignKey, "quick-lsign-key",
     457             :               N_("quickly sign a key locally")),
     458             :   ARGPARSE_c (aSignKey,  "sign-key"   ,N_("sign a key")),
     459             :   ARGPARSE_c (aLSignKey, "lsign-key"  ,N_("sign a key locally")),
     460             :   ARGPARSE_c (aEditKey,  "edit-key"   ,N_("sign or edit a key")),
     461             :   ARGPARSE_c (aEditKey,  "key-edit"   ,"@"),
     462             :   ARGPARSE_c (aPasswd,   "passwd",     N_("change a passphrase")),
     463             :   ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
     464             :   ARGPARSE_c (aExport, "export"           , N_("export keys") ),
     465             :   ARGPARSE_c (aSendKeys, "send-keys"     , N_("export keys to a keyserver") ),
     466             :   ARGPARSE_c (aRecvKeys, "recv-keys"     , N_("import keys from a keyserver") ),
     467             :   ARGPARSE_c (aSearchKeys, "search-keys" ,
     468             :               N_("search for keys on a keyserver") ),
     469             :   ARGPARSE_c (aRefreshKeys, "refresh-keys",
     470             :               N_("update all keys from a keyserver")),
     471             :   ARGPARSE_c (aLocateKeys, "locate-keys", "@"),
     472             :   ARGPARSE_c (aFetchKeys, "fetch-keys" , "@" ),
     473             :   ARGPARSE_c (aExportSecret, "export-secret-keys" , "@" ),
     474             :   ARGPARSE_c (aExportSecretSub, "export-secret-subkeys" , "@" ),
     475             :   ARGPARSE_c (aExportSshKey, "export-ssh-key", "@" ),
     476             :   ARGPARSE_c (aImport, "import", N_("import/merge keys")),
     477             :   ARGPARSE_c (aFastImport, "fast-import", "@"),
     478             : #ifdef ENABLE_CARD_SUPPORT
     479             :   ARGPARSE_c (aCardStatus,  "card-status", N_("print the card status")),
     480             :   ARGPARSE_c (aCardEdit,   "card-edit",  N_("change data on a card")),
     481             :   ARGPARSE_c (aChangePIN,  "change-pin", N_("change a card's PIN")),
     482             : #endif
     483             :   ARGPARSE_c (aListConfig, "list-config", "@"),
     484             :   ARGPARSE_c (aListGcryptConfig, "list-gcrypt-config", "@"),
     485             :   ARGPARSE_c (aGPGConfList, "gpgconf-list", "@" ),
     486             :   ARGPARSE_c (aGPGConfTest, "gpgconf-test", "@" ),
     487             :   ARGPARSE_c (aListPackets, "list-packets","@"),
     488             : 
     489             : #ifndef NO_TRUST_MODELS
     490             :   ARGPARSE_c (aExportOwnerTrust, "export-ownertrust", "@"),
     491             :   ARGPARSE_c (aImportOwnerTrust, "import-ownertrust", "@"),
     492             :   ARGPARSE_c (aUpdateTrustDB,"update-trustdb",
     493             :               N_("update the trust database")),
     494             :   ARGPARSE_c (aCheckTrustDB, "check-trustdb", "@"),
     495             :   ARGPARSE_c (aFixTrustDB, "fix-trustdb", "@"),
     496             : #endif
     497             : 
     498             :   ARGPARSE_c (aDeArmor, "dearmor", "@"),
     499             :   ARGPARSE_c (aDeArmor, "dearmour", "@"),
     500             :   ARGPARSE_c (aEnArmor, "enarmor", "@"),
     501             :   ARGPARSE_c (aEnArmor, "enarmour", "@"),
     502             :   ARGPARSE_c (aPrintMD, "print-md", N_("print message digests")),
     503             :   ARGPARSE_c (aPrimegen, "gen-prime", "@" ),
     504             :   ARGPARSE_c (aGenRandom,"gen-random", "@" ),
     505             :   ARGPARSE_c (aServer,   "server",  N_("run in server mode")),
     506             :   ARGPARSE_c (aTOFUPolicy, "tofu-policy",
     507             :               N_("|VALUE|set the TOFU policy for a key")),
     508             : 
     509             :   ARGPARSE_group (301, N_("@\nOptions:\n ")),
     510             : 
     511             :   ARGPARSE_s_n (oArmor, "armor", N_("create ascii armored output")),
     512             :   ARGPARSE_s_n (oArmor, "armour", "@"),
     513             : 
     514             :   ARGPARSE_s_s (oRecipient, "recipient", N_("|USER-ID|encrypt for USER-ID")),
     515             :   ARGPARSE_s_s (oHiddenRecipient, "hidden-recipient", "@"),
     516             :   ARGPARSE_s_s (oRecipientFile, "recipient-file", "@"),
     517             :   ARGPARSE_s_s (oHiddenRecipientFile, "hidden-recipient-file", "@"),
     518             :   ARGPARSE_s_s (oRecipient, "remote-user", "@"),  /* (old option name) */
     519             :   ARGPARSE_s_s (oDefRecipient, "default-recipient", "@"),
     520             :   ARGPARSE_s_n (oDefRecipientSelf,  "default-recipient-self", "@"),
     521             :   ARGPARSE_s_n (oNoDefRecipient, "no-default-recipient", "@"),
     522             : 
     523             :   ARGPARSE_s_s (oTempDir,  "temp-directory", "@"),
     524             :   ARGPARSE_s_s (oExecPath, "exec-path", "@"),
     525             :   ARGPARSE_s_s (oEncryptTo,      "encrypt-to", "@"),
     526             :   ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"),
     527             :   ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"),
     528             :   ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"),
     529             :   ARGPARSE_s_s (oLocalUser, "local-user",
     530             :                 N_("|USER-ID|use USER-ID to sign or decrypt")),
     531             :   ARGPARSE_s_s (oSender, "sender", "@"),
     532             : 
     533             :   ARGPARSE_s_s (oTrySecretKey, "try-secret-key", "@"),
     534             : 
     535             :   ARGPARSE_s_i (oCompress, NULL,
     536             :                 N_("|N|set compress level to N (0 disables)")),
     537             :   ARGPARSE_s_i (oCompressLevel, "compress-level", "@"),
     538             :   ARGPARSE_s_i (oBZ2CompressLevel, "bzip2-compress-level", "@"),
     539             :   ARGPARSE_s_n (oBZ2DecompressLowmem, "bzip2-decompress-lowmem", "@"),
     540             : 
     541             :   ARGPARSE_s_n (oMimemode, "mimemode", "@"),
     542             :   ARGPARSE_s_n (oTextmodeShort, NULL, "@"),
     543             :   ARGPARSE_s_n (oTextmode,   "textmode", N_("use canonical text mode")),
     544             :   ARGPARSE_s_n (oNoTextmode, "no-textmode", "@"),
     545             : 
     546             :   ARGPARSE_s_n (oExpert,      "expert", "@"),
     547             :   ARGPARSE_s_n (oNoExpert, "no-expert", "@"),
     548             : 
     549             :   ARGPARSE_s_s (oDefSigExpire, "default-sig-expire", "@"),
     550             :   ARGPARSE_s_n (oAskSigExpire,      "ask-sig-expire", "@"),
     551             :   ARGPARSE_s_n (oNoAskSigExpire, "no-ask-sig-expire", "@"),
     552             :   ARGPARSE_s_s (oDefCertExpire, "default-cert-expire", "@"),
     553             :   ARGPARSE_s_n (oAskCertExpire,      "ask-cert-expire", "@"),
     554             :   ARGPARSE_s_n (oNoAskCertExpire, "no-ask-cert-expire", "@"),
     555             :   ARGPARSE_s_i (oDefCertLevel, "default-cert-level", "@"),
     556             :   ARGPARSE_s_i (oMinCertLevel, "min-cert-level", "@"),
     557             :   ARGPARSE_s_n (oAskCertLevel,      "ask-cert-level", "@"),
     558             :   ARGPARSE_s_n (oNoAskCertLevel, "no-ask-cert-level", "@"),
     559             : 
     560             :   ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")),
     561             :   ARGPARSE_p_u (oMaxOutput, "max-output", "@"),
     562             :   ARGPARSE_s_s (oInputSizeHint, "input-size-hint", "@"),
     563             : 
     564             :   ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")),
     565             :   ARGPARSE_s_n (oQuiet,   "quiet",   "@"),
     566             :   ARGPARSE_s_n (oNoTTY,   "no-tty",  "@"),
     567             : 
     568             :   ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
     569             :   ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
     570             :   ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
     571             :   ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
     572             : 
     573             :   ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
     574             : 
     575             :   ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
     576             :   ARGPARSE_s_n (oInteractive, "interactive", N_("prompt before overwriting")),
     577             : 
     578             :   ARGPARSE_s_n (oBatch, "batch", "@"),
     579             :   ARGPARSE_s_n (oAnswerYes, "yes", "@"),
     580             :   ARGPARSE_s_n (oAnswerNo, "no", "@"),
     581             :   ARGPARSE_s_s (oKeyring, "keyring", "@"),
     582             :   ARGPARSE_s_s (oPrimaryKeyring, "primary-keyring", "@"),
     583             :   ARGPARSE_s_s (oSecretKeyring, "secret-keyring", "@"),
     584             :   ARGPARSE_s_n (oShowKeyring, "show-keyring", "@"),
     585             :   ARGPARSE_s_s (oDefaultKey, "default-key", "@"),
     586             : 
     587             :   ARGPARSE_s_s (oKeyServer, "keyserver", "@"),
     588             :   ARGPARSE_s_s (oKeyServerOptions, "keyserver-options", "@"),
     589             :   ARGPARSE_s_s (oImportOptions, "import-options", "@"),
     590             :   ARGPARSE_s_s (oImportFilter,  "import-filter", "@"),
     591             :   ARGPARSE_s_s (oExportOptions, "export-options", "@"),
     592             :   ARGPARSE_s_s (oExportFilter,  "export-filter", "@"),
     593             :   ARGPARSE_s_s (oListOptions,   "list-options", "@"),
     594             :   ARGPARSE_s_s (oVerifyOptions, "verify-options", "@"),
     595             : 
     596             :   ARGPARSE_s_s (oDisplayCharset, "display-charset", "@"),
     597             :   ARGPARSE_s_s (oDisplayCharset, "charset", "@"),
     598             :   ARGPARSE_s_s (oOptions, "options", "@"),
     599             : 
     600             :   ARGPARSE_s_s (oDebug, "debug", "@"),
     601             :   ARGPARSE_s_s (oDebugLevel, "debug-level", "@"),
     602             :   ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
     603             :   ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"),
     604             :   ARGPARSE_s_i (oStatusFD, "status-fd", "@"),
     605             :   ARGPARSE_s_s (oStatusFile, "status-file", "@"),
     606             :   ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
     607             :   ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
     608             : 
     609             :   ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
     610             :   ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
     611             :   ARGPARSE_s_i (oMaxCertDepth,  "max-cert-depth", "@" ),
     612             :   ARGPARSE_s_s (oTrustedKey, "trusted-key", "@"),
     613             : 
     614             :   ARGPARSE_s_s (oLoadExtension, "load-extension", "@"),  /* Dummy.  */
     615             : 
     616             :   ARGPARSE_s_n (oGnuPG, "gnupg",   "@"),
     617             :   ARGPARSE_s_n (oGnuPG, "no-pgp2", "@"),
     618             :   ARGPARSE_s_n (oGnuPG, "no-pgp6", "@"),
     619             :   ARGPARSE_s_n (oGnuPG, "no-pgp7", "@"),
     620             :   ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
     621             :   ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
     622             :   ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
     623             :   ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
     624             :   ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
     625             :   ARGPARSE_s_n (oPGP6, "pgp6", "@"),
     626             :   ARGPARSE_s_n (oPGP7, "pgp7", "@"),
     627             :   ARGPARSE_s_n (oPGP8, "pgp8", "@"),
     628             : 
     629             :   ARGPARSE_s_n (oRFC2440Text,      "rfc2440-text", "@"),
     630             :   ARGPARSE_s_n (oNoRFC2440Text, "no-rfc2440-text", "@"),
     631             :   ARGPARSE_s_i (oS2KMode, "s2k-mode", "@"),
     632             :   ARGPARSE_s_s (oS2KDigest, "s2k-digest-algo", "@"),
     633             :   ARGPARSE_s_s (oS2KCipher, "s2k-cipher-algo", "@"),
     634             :   ARGPARSE_s_i (oS2KCount, "s2k-count", "@"),
     635             :   ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
     636             :   ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
     637             :   ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
     638             :   ARGPARSE_s_s (oCompressAlgo,"compress-algo", "@"),
     639             :   ARGPARSE_s_s (oCompressAlgo, "compression-algo", "@"), /* Alias */
     640             :   ARGPARSE_s_n (oThrowKeyids, "throw-keyids", "@"),
     641             :   ARGPARSE_s_n (oNoThrowKeyids, "no-throw-keyids", "@"),
     642             :   ARGPARSE_s_n (oShowPhotos,   "show-photos", "@"),
     643             :   ARGPARSE_s_n (oNoShowPhotos, "no-show-photos", "@"),
     644             :   ARGPARSE_s_s (oPhotoViewer,  "photo-viewer", "@"),
     645             :   ARGPARSE_s_s (oSetNotation,  "set-notation", "@"),
     646             :   ARGPARSE_s_s (oSigNotation,  "sig-notation", "@"),
     647             :   ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
     648             : 
     649             :   ARGPARSE_group (302, N_(
     650             :   "@\n(See the man page for a complete listing of all commands and options)\n"
     651             :                       )),
     652             : 
     653             :   ARGPARSE_group (303, N_("@\nExamples:\n\n"
     654             :     " -se -r Bob [file]          sign and encrypt for user Bob\n"
     655             :     " --clearsign [file]         make a clear text signature\n"
     656             :     " --detach-sign [file]       make a detached signature\n"
     657             :     " --list-keys [names]        show keys\n"
     658             :     " --fingerprint [names]      show fingerprints\n")),
     659             : 
     660             :   /* More hidden commands and options. */
     661             :   ARGPARSE_c (aPrintMDs, "print-mds", "@"), /* old */
     662             : #ifndef NO_TRUST_MODELS
     663             :   ARGPARSE_c (aListTrustDB, "list-trustdb", "@"),
     664             : #endif
     665             : 
     666             :   /* Not yet used:
     667             :      ARGPARSE_c (aListTrustPath, "list-trust-path", "@"), */
     668             :   ARGPARSE_c (aDeleteSecretAndPublicKeys,
     669             :               "delete-secret-and-public-keys", "@"),
     670             :   ARGPARSE_c (aRebuildKeydbCaches, "rebuild-keydb-caches", "@"),
     671             : 
     672             :   ARGPARSE_s_s (oPassphrase,      "passphrase", "@"),
     673             :   ARGPARSE_s_i (oPassphraseFD,    "passphrase-fd", "@"),
     674             :   ARGPARSE_s_s (oPassphraseFile,  "passphrase-file", "@"),
     675             :   ARGPARSE_s_i (oPassphraseRepeat,"passphrase-repeat", "@"),
     676             :   ARGPARSE_s_s (oPinentryMode,    "pinentry-mode", "@"),
     677             :   ARGPARSE_s_i (oCommandFD, "command-fd", "@"),
     678             :   ARGPARSE_s_s (oCommandFile, "command-file", "@"),
     679             :   ARGPARSE_s_n (oQuickRandom, "debug-quick-random", "@"),
     680             :   ARGPARSE_s_n (oNoVerbose, "no-verbose", "@"),
     681             : 
     682             : #ifndef NO_TRUST_MODELS
     683             :   ARGPARSE_s_s (oTrustDBName, "trustdb-name", "@"),
     684             :   ARGPARSE_s_n (oAutoCheckTrustDB, "auto-check-trustdb", "@"),
     685             :   ARGPARSE_s_n (oNoAutoCheckTrustDB, "no-auto-check-trustdb", "@"),
     686             :   ARGPARSE_s_s (oForceOwnertrust, "force-ownertrust", "@"),
     687             : #endif
     688             : 
     689             :   ARGPARSE_s_n (oNoSecmemWarn, "no-secmem-warning", "@"),
     690             :   ARGPARSE_s_n (oRequireSecmem, "require-secmem", "@"),
     691             :   ARGPARSE_s_n (oNoRequireSecmem, "no-require-secmem", "@"),
     692             :   ARGPARSE_s_n (oNoPermissionWarn, "no-permission-warning", "@"),
     693             :   ARGPARSE_s_n (oNoMDCWarn, "no-mdc-warning", "@"),
     694             :   ARGPARSE_s_n (oNoArmor, "no-armor", "@"),
     695             :   ARGPARSE_s_n (oNoArmor, "no-armour", "@"),
     696             :   ARGPARSE_s_n (oNoDefKeyring, "no-default-keyring", "@"),
     697             :   ARGPARSE_s_n (oNoKeyring, "no-keyring", "@"),
     698             :   ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
     699             :   ARGPARSE_s_n (oNoOptions, "no-options", "@"),
     700             :   ARGPARSE_s_s (oHomedir, "homedir", "@"),
     701             :   ARGPARSE_s_n (oNoBatch, "no-batch", "@"),
     702             :   ARGPARSE_s_n (oWithColons, "with-colons", "@"),
     703             :   ARGPARSE_s_n (oWithTofuInfo,"with-tofu-info", "@"),
     704             :   ARGPARSE_s_n (oWithKeyData,"with-key-data", "@"),
     705             :   ARGPARSE_s_n (oWithSigList,"with-sig-list", "@"),
     706             :   ARGPARSE_s_n (oWithSigCheck,"with-sig-check", "@"),
     707             :   ARGPARSE_s_n (aListKeys, "list-key", "@"),   /* alias */
     708             :   ARGPARSE_s_n (aListSigs, "list-sig", "@"),   /* alias */
     709             :   ARGPARSE_s_n (aCheckKeys, "check-sig", "@"), /* alias */
     710             :   ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
     711             :   ARGPARSE_s_n (oSkipHiddenRecipients, "skip-hidden-recipients", "@"),
     712             :   ARGPARSE_s_n (oNoSkipHiddenRecipients, "no-skip-hidden-recipients", "@"),
     713             :   ARGPARSE_s_i (oDefCertLevel, "default-cert-check-level", "@"), /* old */
     714             : #ifndef NO_TRUST_MODELS
     715             :   ARGPARSE_s_n (oAlwaysTrust, "always-trust", "@"),
     716             : #endif
     717             :   ARGPARSE_s_s (oTrustModel, "trust-model", "@"),
     718             :   ARGPARSE_s_s (oTOFUDefaultPolicy, "tofu-default-policy", "@"),
     719             :   ARGPARSE_s_s (oSetFilename, "set-filename", "@"),
     720             :   ARGPARSE_s_n (oForYourEyesOnly, "for-your-eyes-only", "@"),
     721             :   ARGPARSE_s_n (oNoForYourEyesOnly, "no-for-your-eyes-only", "@"),
     722             :   ARGPARSE_s_s (oSetPolicyURL,  "set-policy-url", "@"),
     723             :   ARGPARSE_s_s (oSigPolicyURL,  "sig-policy-url", "@"),
     724             :   ARGPARSE_s_s (oCertPolicyURL, "cert-policy-url", "@"),
     725             :   ARGPARSE_s_n (oShowPolicyURL,      "show-policy-url", "@"),
     726             :   ARGPARSE_s_n (oNoShowPolicyURL, "no-show-policy-url", "@"),
     727             :   ARGPARSE_s_s (oSigKeyserverURL, "sig-keyserver-url", "@"),
     728             :   ARGPARSE_s_n (oShowNotation,      "show-notation", "@"),
     729             :   ARGPARSE_s_n (oNoShowNotation, "no-show-notation", "@"),
     730             :   ARGPARSE_s_s (oComment, "comment", "@"),
     731             :   ARGPARSE_s_n (oDefaultComment, "default-comment", "@"),
     732             :   ARGPARSE_s_n (oNoComments, "no-comments", "@"),
     733             :   ARGPARSE_s_n (oEmitVersion,      "emit-version", "@"),
     734             :   ARGPARSE_s_n (oNoEmitVersion, "no-emit-version", "@"),
     735             :   ARGPARSE_s_n (oNoEmitVersion, "no-version", "@"), /* alias */
     736             :   ARGPARSE_s_n (oNotDashEscaped, "not-dash-escaped", "@"),
     737             :   ARGPARSE_s_n (oEscapeFrom,      "escape-from-lines", "@"),
     738             :   ARGPARSE_s_n (oNoEscapeFrom, "no-escape-from-lines", "@"),
     739             :   ARGPARSE_s_n (oLockOnce,     "lock-once", "@"),
     740             :   ARGPARSE_s_n (oLockMultiple, "lock-multiple", "@"),
     741             :   ARGPARSE_s_n (oLockNever,    "lock-never", "@"),
     742             :   ARGPARSE_s_i (oLoggerFD,   "logger-fd", "@"),
     743             :   ARGPARSE_s_s (oLoggerFile, "log-file", "@"),
     744             :   ARGPARSE_s_s (oLoggerFile, "logger-file", "@"),  /* 1.4 compatibility.  */
     745             :   ARGPARSE_s_n (oUseEmbeddedFilename,      "use-embedded-filename", "@"),
     746             :   ARGPARSE_s_n (oNoUseEmbeddedFilename, "no-use-embedded-filename", "@"),
     747             :   ARGPARSE_s_n (oUtf8Strings,      "utf8-strings", "@"),
     748             :   ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
     749             :   ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
     750             :   ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprint", "@"),
     751             :   ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"),
     752             :   ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"),
     753             :   ARGPARSE_s_n (oWithKeygrip,     "with-keygrip", "@"),
     754             :   ARGPARSE_s_n (oWithSecret,      "with-secret", "@"),
     755             :   ARGPARSE_s_n (oWithWKDHash,     "with-wkd-hash", "@"),
     756             :   ARGPARSE_s_s (oDisableCipherAlgo,  "disable-cipher-algo", "@"),
     757             :   ARGPARSE_s_s (oDisablePubkeyAlgo,  "disable-pubkey-algo", "@"),
     758             :   ARGPARSE_s_n (oAllowNonSelfsignedUID,      "allow-non-selfsigned-uid", "@"),
     759             :   ARGPARSE_s_n (oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", "@"),
     760             :   ARGPARSE_s_n (oAllowFreeformUID,      "allow-freeform-uid", "@"),
     761             :   ARGPARSE_s_n (oNoAllowFreeformUID, "no-allow-freeform-uid", "@"),
     762             :   ARGPARSE_s_n (oNoLiteral, "no-literal", "@"),
     763             :   ARGPARSE_p_u (oSetFilesize, "set-filesize", "@"),
     764             :   ARGPARSE_s_n (oFastListMode, "fast-list-mode", "@"),
     765             :   ARGPARSE_s_n (oFixedListMode, "fixed-list-mode", "@"),
     766             :   ARGPARSE_s_n (oLegacyListMode, "legacy-list-mode", "@"),
     767             :   ARGPARSE_s_n (oListOnly, "list-only", "@"),
     768             :   ARGPARSE_s_n (oPrintPKARecords, "print-pka-records", "@"),
     769             :   ARGPARSE_s_n (oPrintDANERecords, "print-dane-records", "@"),
     770             :   ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
     771             :   ARGPARSE_s_n (oIgnoreValidFrom,    "ignore-valid-from", "@"),
     772             :   ARGPARSE_s_n (oIgnoreCrcError, "ignore-crc-error", "@"),
     773             :   ARGPARSE_s_n (oIgnoreMDCError, "ignore-mdc-error", "@"),
     774             :   ARGPARSE_s_n (oShowSessionKey, "show-session-key", "@"),
     775             :   ARGPARSE_s_s (oOverrideSessionKey, "override-session-key", "@"),
     776             :   ARGPARSE_s_n (oNoRandomSeedFile,  "no-random-seed-file", "@"),
     777             :   ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
     778             :   ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
     779             :   ARGPARSE_s_n (oNoSigCache,         "no-sig-cache", "@"),
     780             :   ARGPARSE_s_n (oMergeOnly,       "merge-only", "@" ),
     781             :   ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
     782             :   ARGPARSE_s_n (oTryAllSecrets,  "try-all-secrets", "@"),
     783             :   ARGPARSE_s_n (oEnableSpecialFilenames, "enable-special-filenames", "@"),
     784             :   ARGPARSE_s_n (oNoExpensiveTrustChecks, "no-expensive-trust-checks", "@"),
     785             :   ARGPARSE_s_n (oPreservePermissions, "preserve-permissions", "@"),
     786             :   ARGPARSE_s_s (oDefaultPreferenceList,  "default-preference-list", "@"),
     787             :   ARGPARSE_s_s (oDefaultKeyserverURL,  "default-keyserver-url", "@"),
     788             :   ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-preferences","@"),
     789             :   ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
     790             :   ARGPARSE_s_s (oPersonalCompressPreferences,
     791             :                                          "personal-compress-preferences", "@"),
     792             :   ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
     793             :   ARGPARSE_s_s (oWeakDigest, "weak-digest","@"),
     794             :   ARGPARSE_s_n (oUnwrap, "unwrap", "@"),
     795             :   ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"),
     796             : 
     797             :   /* Aliases.  I constantly mistype these, and assume other people do
     798             :      as well. */
     799             :   ARGPARSE_s_s (oPersonalCipherPreferences, "personal-cipher-prefs", "@"),
     800             :   ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-prefs", "@"),
     801             :   ARGPARSE_s_s (oPersonalCompressPreferences, "personal-compress-prefs", "@"),
     802             : 
     803             :   ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
     804             :   ARGPARSE_s_s (oDirmngrProgram, "dirmngr-program", "@"),
     805             :   ARGPARSE_s_s (oDisplay,    "display",    "@"),
     806             :   ARGPARSE_s_s (oTTYname,    "ttyname",    "@"),
     807             :   ARGPARSE_s_s (oTTYtype,    "ttytype",    "@"),
     808             :   ARGPARSE_s_s (oLCctype,    "lc-ctype",   "@"),
     809             :   ARGPARSE_s_s (oLCmessages, "lc-messages","@"),
     810             :   ARGPARSE_s_s (oXauthority, "xauthority", "@"),
     811             :   ARGPARSE_s_s (oGroup,      "group",      "@"),
     812             :   ARGPARSE_s_s (oUnGroup,    "ungroup",    "@"),
     813             :   ARGPARSE_s_n (oNoGroups,   "no-groups",  "@"),
     814             :   ARGPARSE_s_n (oStrict,     "strict",     "@"),
     815             :   ARGPARSE_s_n (oNoStrict,   "no-strict",  "@"),
     816             :   ARGPARSE_s_n (oMangleDosFilenames,      "mangle-dos-filenames", "@"),
     817             :   ARGPARSE_s_n (oNoMangleDosFilenames, "no-mangle-dos-filenames", "@"),
     818             :   ARGPARSE_s_n (oEnableProgressFilter, "enable-progress-filter", "@"),
     819             :   ARGPARSE_s_n (oMultifile, "multifile", "@"),
     820             :   ARGPARSE_s_s (oKeyidFormat, "keyid-format", "@"),
     821             :   ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
     822             :   ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
     823             : 
     824             :   ARGPARSE_s_n (oAllowMultisigVerification,
     825             :                 "allow-multisig-verification", "@"),
     826             :   ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
     827             :   ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
     828             :   ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
     829             :   ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
     830             :   ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
     831             :   ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
     832             :   ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
     833             : 
     834             :   /* These two are aliases to help users of the PGP command line
     835             :      product use gpg with minimal pain.  Many commands are common
     836             :      already as they seem to have borrowed commands from us.  Now I'm
     837             :      returning the favor. */
     838             :   ARGPARSE_s_s (oLocalUser, "sign-with", "@"),
     839             :   ARGPARSE_s_s (oRecipient, "user", "@"),
     840             : 
     841             :   ARGPARSE_s_n (oRequireCrossCert, "require-backsigs", "@"),
     842             :   ARGPARSE_s_n (oRequireCrossCert, "require-cross-certification", "@"),
     843             :   ARGPARSE_s_n (oNoRequireCrossCert, "no-require-backsigs", "@"),
     844             :   ARGPARSE_s_n (oNoRequireCrossCert, "no-require-cross-certification", "@"),
     845             : 
     846             :   /* New options.  Fixme: Should go more to the top.  */
     847             :   ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
     848             :   ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
     849             :   ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
     850             : 
     851             :   /* Dummy options with warnings.  */
     852             :   ARGPARSE_s_n (oUseAgent,      "use-agent", "@"),
     853             :   ARGPARSE_s_n (oNoUseAgent, "no-use-agent", "@"),
     854             :   ARGPARSE_s_s (oGpgAgentInfo, "gpg-agent-info", "@"),
     855             :   ARGPARSE_s_s (oReaderPort, "reader-port", "@"),
     856             :   ARGPARSE_s_s (octapiDriver, "ctapi-driver", "@"),
     857             :   ARGPARSE_s_s (opcscDriver, "pcsc-driver", "@"),
     858             :   ARGPARSE_s_n (oDisableCCID, "disable-ccid", "@"),
     859             :   ARGPARSE_s_n (oHonorHttpProxy, "honor-http-proxy", "@"),
     860             :   ARGPARSE_s_s (oTOFUDBFormat, "tofu-db-format", "@"),
     861             : 
     862             :   /* Dummy options.  */
     863             :   ARGPARSE_s_n (oNoop, "sk-comments", "@"),
     864             :   ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
     865             :   ARGPARSE_s_n (oNoop, "compress-keys", "@"),
     866             :   ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
     867             :   ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
     868             :   ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
     869             :   ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
     870             :   ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
     871             : 
     872             :   ARGPARSE_end ()
     873             : };
     874             : 
     875             : 
     876             : /* The list of supported debug flags.  */
     877             : static struct debug_flags_s debug_flags [] =
     878             :   {
     879             :     { DBG_PACKET_VALUE , "packet"  },
     880             :     { DBG_MPI_VALUE    , "mpi"     },
     881             :     { DBG_CRYPTO_VALUE , "crypto"  },
     882             :     { DBG_FILTER_VALUE , "filter"  },
     883             :     { DBG_IOBUF_VALUE  , "iobuf"   },
     884             :     { DBG_MEMORY_VALUE , "memory"  },
     885             :     { DBG_CACHE_VALUE  , "cache"   },
     886             :     { DBG_MEMSTAT_VALUE, "memstat" },
     887             :     { DBG_TRUST_VALUE  , "trust"   },
     888             :     { DBG_HASHING_VALUE, "hashing" },
     889             :     { DBG_CARD_IO_VALUE, "cardio"  },
     890             :     { DBG_IPC_VALUE    , "ipc"     },
     891             :     { DBG_CLOCK_VALUE  , "clock"   },
     892             :     { DBG_LOOKUP_VALUE , "lookup"  },
     893             :     { DBG_EXTPROG_VALUE, "extprog" },
     894             :     { 0, NULL }
     895             :   };
     896             : 
     897             : 
     898             : #ifdef ENABLE_SELINUX_HACKS
     899             : #define ALWAYS_ADD_KEYRINGS 1
     900             : #else
     901             : #define ALWAYS_ADD_KEYRINGS 0
     902             : #endif
     903             : 
     904             : 
     905             : int g10_errors_seen = 0;
     906             : 
     907             : static int utf8_strings = 0;
     908             : static int maybe_setuid = 1;
     909             : 
     910             : static char *build_list( const char *text, char letter,
     911             :                          const char *(*mapf)(int), int (*chkf)(int) );
     912             : static void set_cmd( enum cmd_and_opt_values *ret_cmd,
     913             :                         enum cmd_and_opt_values new_cmd );
     914             : static void print_mds( const char *fname, int algo );
     915             : static void add_notation_data( const char *string, int which );
     916             : static void add_policy_url( const char *string, int which );
     917             : static void add_keyserver_url( const char *string, int which );
     918             : static void emergency_cleanup (void);
     919             : 
     920             : 
     921             : static char *
     922           1 : make_libversion (const char *libname, const char *(*getfnc)(const char*))
     923             : {
     924             :   const char *s;
     925             :   char *result;
     926             : 
     927           1 :   if (maybe_setuid)
     928             :     {
     929           0 :       gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
     930           0 :       maybe_setuid = 0;
     931             :     }
     932           1 :   s = getfnc (NULL);
     933           1 :   result = xmalloc (strlen (libname) + 1 + strlen (s) + 1);
     934           1 :   strcpy (stpcpy (stpcpy (result, libname), " "), s);
     935           1 :   return result;
     936             : }
     937             : 
     938             : 
     939             : static int
     940       13875 : build_list_pk_test_algo (int algo)
     941             : {
     942             :   /* Show only one "RSA" string.  If RSA_E or RSA_S is available RSA
     943             :      is also available.  */
     944       13875 :   if (algo == PUBKEY_ALGO_RSA_E
     945       13750 :       || algo == PUBKEY_ALGO_RSA_S)
     946         250 :     return GPG_ERR_DIGEST_ALGO;
     947             : 
     948       13625 :   return openpgp_pk_test_algo (algo);
     949             : }
     950             : 
     951             : static const char *
     952         750 : build_list_pk_algo_name (int algo)
     953             : {
     954         750 :   return openpgp_pk_algo_name (algo);
     955             : }
     956             : 
     957             : static int
     958       13875 : build_list_cipher_test_algo (int algo)
     959             : {
     960       13875 :   return openpgp_cipher_test_algo (algo);
     961             : }
     962             : 
     963             : static const char *
     964        1375 : build_list_cipher_algo_name (int algo)
     965             : {
     966        1375 :   return openpgp_cipher_algo_name (algo);
     967             : }
     968             : 
     969             : static int
     970       13875 : build_list_md_test_algo (int algo)
     971             : {
     972             :   /* By default we do not accept MD5 based signatures.  To avoid
     973             :      confusion we do not announce support for it either.  */
     974       13875 :   if (algo == DIGEST_ALGO_MD5)
     975         125 :     return GPG_ERR_DIGEST_ALGO;
     976             : 
     977       13750 :   return openpgp_md_test_algo (algo);
     978             : }
     979             : 
     980             : static const char *
     981         750 : build_list_md_algo_name (int algo)
     982             : {
     983         750 :   return openpgp_md_algo_name (algo);
     984             : }
     985             : 
     986             : 
     987             : static const char *
     988         470 : my_strusage( int level )
     989             : {
     990             :   static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry;
     991             :   const char *p;
     992             : 
     993         470 :     switch( level ) {
     994           1 :       case 11: p = "@GPG@ (@GNUPG@)";
     995           1 :         break;
     996         444 :       case 13: p = VERSION; break;
     997           0 :       case 17: p = PRINTABLE_OS_NAME; break;
     998           0 :       case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
     999             : 
    1000             :     case 20:
    1001           1 :       if (!ver_gcry)
    1002           1 :         ver_gcry = make_libversion ("libgcrypt", gcry_check_version);
    1003           1 :       p = ver_gcry;
    1004           1 :       break;
    1005             : 
    1006             : #ifdef IS_DEVELOPMENT_VERSION
    1007             :       case 25:
    1008             :         p="NOTE: THIS IS A DEVELOPMENT VERSION!";
    1009             :         break;
    1010             :       case 26:
    1011             :         p="It is only intended for test purposes and should NOT be";
    1012             :         break;
    1013             :       case 27:
    1014             :         p="used in a production environment or with production keys!";
    1015             :         break;
    1016             : #endif
    1017             : 
    1018             :       case 1:
    1019           0 :       case 40:  p =
    1020             :             _("Usage: @GPG@ [options] [files] (-h for help)");
    1021           0 :         break;
    1022           0 :       case 41:  p =
    1023             :             _("Syntax: @GPG@ [options] [files]\n"
    1024             :               "Sign, check, encrypt or decrypt\n"
    1025             :               "Default operation depends on the input data\n");
    1026           0 :         break;
    1027             : 
    1028           1 :       case 31: p = "\nHome: "; break;
    1029             : #ifndef __riscos__
    1030           1 :       case 32: p = gnupg_homedir (); break;
    1031             : #else /* __riscos__ */
    1032             :       case 32: p = make_filename(gnupg_homedir (), NULL); break;
    1033             : #endif /* __riscos__ */
    1034           1 :       case 33: p = _("\nSupported algorithms:\n"); break;
    1035             :       case 34:
    1036           1 :         if (!pubkeys)
    1037           1 :             pubkeys = build_list (_("Pubkey: "), 1,
    1038             :                                   build_list_pk_algo_name,
    1039             :                                   build_list_pk_test_algo );
    1040           1 :         p = pubkeys;
    1041           1 :         break;
    1042             :       case 35:
    1043           1 :         if( !ciphers )
    1044           1 :             ciphers = build_list(_("Cipher: "), 'S',
    1045             :                                  build_list_cipher_algo_name,
    1046             :                                  build_list_cipher_test_algo );
    1047           1 :         p = ciphers;
    1048           1 :         break;
    1049             :       case 36:
    1050           1 :         if( !digests )
    1051           1 :             digests = build_list(_("Hash: "), 'H',
    1052             :                                  build_list_md_algo_name,
    1053             :                                  build_list_md_test_algo );
    1054           1 :         p = digests;
    1055           1 :         break;
    1056             :       case 37:
    1057           1 :         if( !zips )
    1058           1 :             zips = build_list(_("Compression: "),'Z',
    1059             :                               compress_algo_to_string,
    1060             :                               check_compress_algo);
    1061           1 :         p = zips;
    1062           1 :         break;
    1063             : 
    1064          17 :       default:  p = NULL;
    1065             :     }
    1066         470 :     return p;
    1067             : }
    1068             : 
    1069             : 
    1070             : static char *
    1071           4 : build_list (const char *text, char letter,
    1072             :             const char * (*mapf)(int), int (*chkf)(int))
    1073             : {
    1074             :   membuf_t mb;
    1075             :   int indent;
    1076             :   int i, j, len;
    1077             :   const char *s;
    1078             :   char *string;
    1079             : 
    1080           4 :   if (maybe_setuid)
    1081           0 :     gcry_control (GCRYCTL_INIT_SECMEM, 0, 0);  /* Drop setuid. */
    1082             : 
    1083           4 :   indent = utf8_charcount (text, -1);
    1084           4 :   len = 0;
    1085           4 :   init_membuf (&mb, 512);
    1086             : 
    1087         448 :   for (i=0; i <= 110; i++ )
    1088             :     {
    1089         444 :       if (!chkf (i) && (s = mapf (i)))
    1090             :         {
    1091          27 :           if (mb.len - len > 60)
    1092             :             {
    1093           1 :               put_membuf_str (&mb, ",\n");
    1094           1 :               len = mb.len;
    1095           9 :               for (j=0; j < indent; j++)
    1096           8 :                 put_membuf_str (&mb, " ");
    1097             :             }
    1098          26 :           else if (mb.len)
    1099          22 :             put_membuf_str (&mb, ", ");
    1100             :           else
    1101           4 :             put_membuf_str (&mb, text);
    1102             : 
    1103          27 :           put_membuf_str (&mb, s);
    1104          27 :           if (opt.verbose && letter)
    1105             :             {
    1106             :               char num[20];
    1107           0 :               if (letter == 1)
    1108           0 :                 snprintf (num, sizeof num, " (%d)", i);
    1109             :               else
    1110           0 :                 snprintf (num, sizeof num, " (%c%d)", letter, i);
    1111           0 :               put_membuf_str (&mb, num);
    1112             :             }
    1113             :         }
    1114             :     }
    1115           4 :   if (mb.len)
    1116           4 :     put_membuf_str (&mb, "\n");
    1117           4 :   put_membuf (&mb, "", 1);
    1118             : 
    1119           4 :   string = get_membuf (&mb, NULL);
    1120           4 :   return xrealloc (string, strlen (string)+1);
    1121             : }
    1122             : 
    1123             : 
    1124             : static void
    1125           0 : wrong_args( const char *text)
    1126             : {
    1127           0 :   es_fprintf (es_stderr, _("usage: %s [options] %s\n"), GPG_NAME, text);
    1128           0 :   g10_exit(2);
    1129             : }
    1130             : 
    1131             : 
    1132             : static char *
    1133           0 : make_username( const char *string )
    1134             : {
    1135             :     char *p;
    1136           0 :     if( utf8_strings )
    1137           0 :         p = xstrdup(string);
    1138             :     else
    1139           0 :         p = native_to_utf8( string );
    1140           0 :     return p;
    1141             : }
    1142             : 
    1143             : 
    1144             : static void
    1145           0 : set_opt_session_env (const char *name, const char *value)
    1146             : {
    1147             :   gpg_error_t err;
    1148             : 
    1149           0 :   err = session_env_setenv (opt.session_env, name, value);
    1150           0 :   if (err)
    1151           0 :     log_fatal ("error setting session environment: %s\n",
    1152             :                gpg_strerror (err));
    1153           0 : }
    1154             : 
    1155             : 
    1156             : /* Setup the debugging.  With a LEVEL of NULL only the active debug
    1157             :    flags are propagated to the subsystems.  With LEVEL set, a specific
    1158             :    set of debug flags is set; thus overriding all flags already
    1159             :    set. */
    1160             : static void
    1161        1702 : set_debug (const char *level)
    1162             : {
    1163        1702 :   int numok = (level && digitp (level));
    1164        1702 :   int numlvl = numok? atoi (level) : 0;
    1165             : 
    1166        1702 :   if (!level)
    1167             :     ;
    1168           0 :   else if (!strcmp (level, "none") || (numok && numlvl < 1))
    1169           0 :     opt.debug = 0;
    1170           0 :   else if (!strcmp (level, "basic") || (numok && numlvl <= 2))
    1171           0 :     opt.debug = DBG_MEMSTAT_VALUE;
    1172           0 :   else if (!strcmp (level, "advanced") || (numok && numlvl <= 5))
    1173           0 :     opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE;
    1174           0 :   else if (!strcmp (level, "expert")  || (numok && numlvl <= 8))
    1175           0 :     opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE
    1176           0 :                  |DBG_CACHE_VALUE|DBG_LOOKUP|DBG_FILTER_VALUE|DBG_PACKET_VALUE);
    1177           0 :   else if (!strcmp (level, "guru") || numok)
    1178             :     {
    1179           0 :       opt.debug = ~0;
    1180             :       /* Unless the "guru" string has been used we don't want to allow
    1181             :          hashing debugging.  The rationale is that people tend to
    1182             :          select the highest debug value and would then clutter their
    1183             :          disk with debug files which may reveal confidential data.  */
    1184           0 :       if (numok)
    1185           0 :         opt.debug &= ~(DBG_HASHING_VALUE);
    1186             :     }
    1187             :   else
    1188             :     {
    1189           0 :       log_error (_("invalid debug-level '%s' given\n"), level);
    1190           0 :       g10_exit (2);
    1191             :     }
    1192             : 
    1193        1702 :   if (opt.debug & DBG_MEMORY_VALUE )
    1194           0 :     memory_debug_mode = 1;
    1195        1702 :   if (opt.debug & DBG_MEMSTAT_VALUE )
    1196           0 :     memory_stat_debug_mode = 1;
    1197        1702 :   if (opt.debug & DBG_MPI_VALUE)
    1198           0 :     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2);
    1199        1702 :   if (opt.debug & DBG_CRYPTO_VALUE )
    1200           0 :     gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
    1201        1702 :   if (opt.debug & DBG_IOBUF_VALUE )
    1202           0 :     iobuf_debug_mode = 1;
    1203        1702 :   gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
    1204             : 
    1205        1702 :   if (opt.debug)
    1206           0 :     parse_debug_flag (NULL, &opt.debug, debug_flags);
    1207        1702 : }
    1208             : 
    1209             : 
    1210             : /* We set the screen dimensions for UI purposes.  Do not allow screens
    1211             :    smaller than 80x24 for the sake of simplicity. */
    1212             : static void
    1213        1827 : set_screen_dimensions(void)
    1214             : {
    1215             : #ifndef HAVE_W32_SYSTEM
    1216             :   char *str;
    1217             : 
    1218        1827 :   str=getenv("COLUMNS");
    1219        1827 :   if(str)
    1220           0 :     opt.screen_columns=atoi(str);
    1221             : 
    1222        1827 :   str=getenv("LINES");
    1223        1827 :   if(str)
    1224           0 :     opt.screen_lines=atoi(str);
    1225             : #endif
    1226             : 
    1227        1827 :   if(opt.screen_columns<80 || opt.screen_columns>255)
    1228        1827 :     opt.screen_columns=80;
    1229             : 
    1230        1827 :   if(opt.screen_lines<24 || opt.screen_lines>255)
    1231        1827 :     opt.screen_lines=24;
    1232        1827 : }
    1233             : 
    1234             : 
    1235             : /* Helper to open a file FNAME either for reading or writing to be
    1236             :    used with --status-file etc functions.  Not generally useful but it
    1237             :    avoids the riscos specific functions and well some Windows people
    1238             :    might like it too.  Prints an error message and returns -1 on
    1239             :    error.  On success the file descriptor is returned.  */
    1240             : static int
    1241           9 : open_info_file (const char *fname, int for_write, int binary)
    1242             : {
    1243             : #ifdef __riscos__
    1244             :   return riscos_fdopenfile (fname, for_write);
    1245             : #elif defined (ENABLE_SELINUX_HACKS)
    1246             :   /* We can't allow these even when testing for a secured filename
    1247             :      because files to be secured might not yet been secured.  This is
    1248             :      similar to the option file but in that case it is unlikely that
    1249             :      sensitive information may be retrieved by means of error
    1250             :      messages.  */
    1251             :   (void)fname;
    1252             :   (void)for_write;
    1253             :   (void)binary;
    1254             :   return -1;
    1255             : #else
    1256             :   int fd;
    1257             : 
    1258           9 :   if (binary)
    1259           9 :     binary = MY_O_BINARY;
    1260             : 
    1261             : /*   if (is_secured_filename (fname)) */
    1262             : /*     { */
    1263             : /*       fd = -1; */
    1264             : /*       gpg_err_set_errno (EPERM); */
    1265             : /*     } */
    1266             : /*   else */
    1267             : /*     { */
    1268             :       do
    1269             :         {
    1270           9 :           if (for_write)
    1271           0 :             fd = open (fname, O_CREAT | O_TRUNC | O_WRONLY | binary,
    1272             :                         S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
    1273             :           else
    1274           9 :             fd = open (fname, O_RDONLY | binary);
    1275             :         }
    1276           9 :       while (fd == -1 && errno == EINTR);
    1277             : /*     } */
    1278           9 :   if ( fd == -1)
    1279           0 :     log_error ( for_write? _("can't create '%s': %s\n")
    1280           0 :                          : _("can't open '%s': %s\n"), fname, strerror(errno));
    1281             : 
    1282           9 :   return fd;
    1283             : #endif
    1284             : }
    1285             : 
    1286             : static void
    1287        1203 : set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd )
    1288             : {
    1289        1203 :     enum cmd_and_opt_values cmd = *ret_cmd;
    1290             : 
    1291        1203 :     if( !cmd || cmd == new_cmd )
    1292        1167 :         cmd = new_cmd;
    1293          36 :     else if( cmd == aSign && new_cmd == aEncr )
    1294          26 :         cmd = aSignEncr;
    1295          10 :     else if( cmd == aEncr && new_cmd == aSign )
    1296           2 :         cmd = aSignEncr;
    1297           8 :     else if( cmd == aSign && new_cmd == aSym )
    1298           0 :         cmd = aSignSym;
    1299           8 :     else if( cmd == aSym && new_cmd == aSign )
    1300           7 :         cmd = aSignSym;
    1301           1 :     else if( cmd == aSym && new_cmd == aEncr )
    1302           0 :         cmd = aEncrSym;
    1303           1 :     else if( cmd == aEncr && new_cmd == aSym )
    1304           0 :         cmd = aEncrSym;
    1305           1 :     else if (cmd == aSignEncr && new_cmd == aSym)
    1306           1 :         cmd = aSignEncrSym;
    1307           0 :     else if (cmd == aSignSym && new_cmd == aEncr)
    1308           0 :         cmd = aSignEncrSym;
    1309           0 :     else if (cmd == aEncrSym && new_cmd == aSign)
    1310           0 :         cmd = aSignEncrSym;
    1311           0 :     else if(    ( cmd == aSign     && new_cmd == aClearsign )
    1312           0 :              || ( cmd == aClearsign && new_cmd == aSign )  )
    1313           0 :         cmd = aClearsign;
    1314             :     else {
    1315           0 :         log_error(_("conflicting commands\n"));
    1316           0 :         g10_exit(2);
    1317             :     }
    1318             : 
    1319        1203 :     *ret_cmd = cmd;
    1320        1203 : }
    1321             : 
    1322             : 
    1323             : static void
    1324        1125 : add_group(char *string)
    1325             : {
    1326             :   char *name,*value;
    1327             :   struct groupitem *item;
    1328             : 
    1329             :   /* Break off the group name */
    1330        1125 :   name=strsep(&string,"=");
    1331        1125 :   if(string==NULL)
    1332             :     {
    1333           0 :       log_error(_("no = sign found in group definition '%s'\n"),name);
    1334        1125 :       return;
    1335             :     }
    1336             : 
    1337        1125 :   trim_trailing_ws(name,strlen(name));
    1338             : 
    1339             :   /* Does this group already exist? */
    1340        1125 :   for(item=opt.grouplist;item;item=item->next)
    1341         750 :     if(strcasecmp(item->name,name)==0)
    1342         750 :       break;
    1343             : 
    1344        1125 :   if(!item)
    1345             :     {
    1346         375 :       item=xmalloc(sizeof(struct groupitem));
    1347         375 :       item->name=name;
    1348         375 :       item->next=opt.grouplist;
    1349         375 :       item->values=NULL;
    1350         375 :       opt.grouplist=item;
    1351             :     }
    1352             : 
    1353             :   /* Break apart the values */
    1354        3375 :   while ((value= strsep(&string," \t")))
    1355             :     {
    1356        1125 :       if (*value)
    1357        1125 :         add_to_strlist2(&item->values,value,utf8_strings);
    1358             :     }
    1359             : }
    1360             : 
    1361             : 
    1362             : static void
    1363           0 : rm_group(char *name)
    1364             : {
    1365           0 :   struct groupitem *item,*last=NULL;
    1366             : 
    1367           0 :   trim_trailing_ws(name,strlen(name));
    1368             : 
    1369           0 :   for(item=opt.grouplist;item;last=item,item=item->next)
    1370             :     {
    1371           0 :       if(strcasecmp(item->name,name)==0)
    1372             :         {
    1373           0 :           if(last)
    1374           0 :             last->next=item->next;
    1375             :           else
    1376           0 :             opt.grouplist=item->next;
    1377             : 
    1378           0 :           free_strlist(item->values);
    1379           0 :           xfree(item);
    1380           0 :           break;
    1381             :         }
    1382             :     }
    1383           0 : }
    1384             : 
    1385             : 
    1386             : /* We need to check three things.
    1387             : 
    1388             :    0) The homedir.  It must be x00, a directory, and owned by the
    1389             :    user.
    1390             : 
    1391             :    1) The options/gpg.conf file.  Okay unless it or its containing
    1392             :    directory is group or other writable or not owned by us.  Disable
    1393             :    exec in this case.
    1394             : 
    1395             :    2) Extensions.  Same as #1.
    1396             : 
    1397             :    Returns true if the item is unsafe. */
    1398             : static int
    1399        3406 : check_permissions (const char *path, int item)
    1400             : {
    1401             : #if defined(HAVE_STAT) && !defined(HAVE_DOSISH_SYSTEM)
    1402             :   static int homedir_cache=-1;
    1403             :   char *tmppath,*dir;
    1404             :   struct stat statbuf,dirbuf;
    1405        3406 :   int homedir=0,ret=0,checkonly=0;
    1406        3406 :   int perm=0,own=0,enc_dir_perm=0,enc_dir_own=0;
    1407             : 
    1408        3406 :   if(opt.no_perm_warn)
    1409        3340 :     return 0;
    1410             : 
    1411          66 :   log_assert(item==0 || item==1 || item==2);
    1412             : 
    1413             :   /* extensions may attach a path */
    1414          66 :   if(item==2 && path[0]!=DIRSEP_C)
    1415             :     {
    1416           0 :       if(strchr(path,DIRSEP_C))
    1417           0 :         tmppath=make_filename(path,NULL);
    1418             :       else
    1419           0 :         tmppath=make_filename(gnupg_libdir (),path,NULL);
    1420             :     }
    1421             :   else
    1422          66 :     tmppath=xstrdup(path);
    1423             : 
    1424             :   /* If the item is located in the homedir, but isn't the homedir,
    1425             :      don't continue if we already checked the homedir itself.  This is
    1426             :      to avoid user confusion with an extra options file warning which
    1427             :      could be rectified if the homedir itself had proper
    1428             :      permissions. */
    1429          66 :   if(item!=0 && homedir_cache>-1
    1430          33 :      && !ascii_strncasecmp (gnupg_homedir (), tmppath,
    1431             :                             strlen (gnupg_homedir ())))
    1432             :     {
    1433          33 :       ret=homedir_cache;
    1434          33 :       goto end;
    1435             :     }
    1436             : 
    1437             :   /* It's okay if the file or directory doesn't exist */
    1438          33 :   if(stat(tmppath,&statbuf)!=0)
    1439             :     {
    1440           0 :       ret=0;
    1441           0 :       goto end;
    1442             :     }
    1443             : 
    1444             :   /* Now check the enclosing directory.  Theoretically, we could walk
    1445             :      this test up to the root directory /, but for the sake of sanity,
    1446             :      I'm stopping at one level down. */
    1447          33 :   dir=make_dirname(tmppath);
    1448             : 
    1449          33 :   if(stat(dir,&dirbuf)!=0 || !S_ISDIR(dirbuf.st_mode))
    1450             :     {
    1451             :       /* Weird error */
    1452           0 :       ret=1;
    1453           0 :       goto end;
    1454             :     }
    1455             : 
    1456          33 :   xfree(dir);
    1457             : 
    1458             :   /* Assume failure */
    1459          33 :   ret=1;
    1460             : 
    1461          33 :   if(item==0)
    1462             :     {
    1463             :       /* The homedir must be x00, a directory, and owned by the user. */
    1464             : 
    1465          33 :       if(S_ISDIR(statbuf.st_mode))
    1466             :         {
    1467          33 :           if(statbuf.st_uid==getuid())
    1468             :             {
    1469          33 :               if((statbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
    1470          33 :                 ret=0;
    1471             :               else
    1472           0 :                 perm=1;
    1473             :             }
    1474             :           else
    1475           0 :             own=1;
    1476             : 
    1477          33 :           homedir_cache=ret;
    1478             :         }
    1479             :     }
    1480           0 :   else if(item==1 || item==2)
    1481             :     {
    1482             :       /* The options or extension file.  Okay unless it or its
    1483             :          containing directory is group or other writable or not owned
    1484             :          by us or root. */
    1485             : 
    1486           0 :       if(S_ISREG(statbuf.st_mode))
    1487             :         {
    1488           0 :           if(statbuf.st_uid==getuid() || statbuf.st_uid==0)
    1489             :             {
    1490           0 :               if((statbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
    1491             :                 {
    1492             :                   /* it's not writable, so make sure the enclosing
    1493             :                      directory is also not writable */
    1494           0 :                   if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
    1495             :                     {
    1496           0 :                       if((dirbuf.st_mode & (S_IWGRP|S_IWOTH))==0)
    1497           0 :                         ret=0;
    1498             :                       else
    1499           0 :                         enc_dir_perm=1;
    1500             :                     }
    1501             :                   else
    1502           0 :                     enc_dir_own=1;
    1503             :                 }
    1504             :               else
    1505             :                 {
    1506             :                   /* it's writable, so the enclosing directory had
    1507             :                      better not let people get to it. */
    1508           0 :                   if(dirbuf.st_uid==getuid() || dirbuf.st_uid==0)
    1509             :                     {
    1510           0 :                       if((dirbuf.st_mode & (S_IRWXG|S_IRWXO))==0)
    1511           0 :                         ret=0;
    1512             :                       else
    1513           0 :                         perm=enc_dir_perm=1; /* unclear which one to fix! */
    1514             :                     }
    1515             :                   else
    1516           0 :                     enc_dir_own=1;
    1517             :                 }
    1518             :             }
    1519             :           else
    1520           0 :             own=1;
    1521             :         }
    1522             :     }
    1523             :   else
    1524           0 :     BUG();
    1525             : 
    1526          33 :   if(!checkonly)
    1527             :     {
    1528          33 :       if(own)
    1529             :         {
    1530           0 :           if(item==0)
    1531           0 :             log_info(_("WARNING: unsafe ownership on"
    1532             :                        " homedir '%s'\n"),tmppath);
    1533           0 :           else if(item==1)
    1534           0 :             log_info(_("WARNING: unsafe ownership on"
    1535             :                        " configuration file '%s'\n"),tmppath);
    1536             :           else
    1537           0 :             log_info(_("WARNING: unsafe ownership on"
    1538             :                        " extension '%s'\n"),tmppath);
    1539             :         }
    1540          33 :       if(perm)
    1541             :         {
    1542           0 :           if(item==0)
    1543           0 :             log_info(_("WARNING: unsafe permissions on"
    1544             :                        " homedir '%s'\n"),tmppath);
    1545           0 :           else if(item==1)
    1546           0 :             log_info(_("WARNING: unsafe permissions on"
    1547             :                        " configuration file '%s'\n"),tmppath);
    1548             :           else
    1549           0 :             log_info(_("WARNING: unsafe permissions on"
    1550             :                        " extension '%s'\n"),tmppath);
    1551             :         }
    1552          33 :       if(enc_dir_own)
    1553             :         {
    1554           0 :           if(item==0)
    1555           0 :             log_info(_("WARNING: unsafe enclosing directory ownership on"
    1556             :                        " homedir '%s'\n"),tmppath);
    1557           0 :           else if(item==1)
    1558           0 :             log_info(_("WARNING: unsafe enclosing directory ownership on"
    1559             :                        " configuration file '%s'\n"),tmppath);
    1560             :           else
    1561           0 :             log_info(_("WARNING: unsafe enclosing directory ownership on"
    1562             :                        " extension '%s'\n"),tmppath);
    1563             :         }
    1564          33 :       if(enc_dir_perm)
    1565             :         {
    1566           0 :           if(item==0)
    1567           0 :             log_info(_("WARNING: unsafe enclosing directory permissions on"
    1568             :                        " homedir '%s'\n"),tmppath);
    1569           0 :           else if(item==1)
    1570           0 :             log_info(_("WARNING: unsafe enclosing directory permissions on"
    1571             :                        " configuration file '%s'\n"),tmppath);
    1572             :           else
    1573           0 :             log_info(_("WARNING: unsafe enclosing directory permissions on"
    1574             :                        " extension '%s'\n"),tmppath);
    1575             :         }
    1576             :     }
    1577             : 
    1578             :  end:
    1579          66 :   xfree(tmppath);
    1580             : 
    1581          66 :   if(homedir)
    1582           0 :     homedir_cache=ret;
    1583             : 
    1584          66 :   return ret;
    1585             : 
    1586             : #else /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
    1587             :   (void)path;
    1588             :   (void)item;
    1589             :   return 0;
    1590             : #endif /*!(HAVE_STAT && !HAVE_DOSISH_SYSTEM)*/
    1591             : }
    1592             : 
    1593             : 
    1594             : /* Print the OpenPGP defined algo numbers.  */
    1595             : static void
    1596           0 : print_algo_numbers(int (*checker)(int))
    1597             : {
    1598           0 :   int i,first=1;
    1599             : 
    1600           0 :   for(i=0;i<=110;i++)
    1601             :     {
    1602           0 :       if(!checker(i))
    1603             :         {
    1604           0 :           if(first)
    1605           0 :             first=0;
    1606             :           else
    1607           0 :             es_printf (";");
    1608           0 :           es_printf ("%d",i);
    1609             :         }
    1610             :     }
    1611           0 : }
    1612             : 
    1613             : 
    1614             : static void
    1615         372 : print_algo_names(int (*checker)(int),const char *(*mapper)(int))
    1616             : {
    1617         372 :   int i,first=1;
    1618             : 
    1619       41664 :   for(i=0;i<=110;i++)
    1620             :     {
    1621       41292 :       if(!checker(i))
    1622             :         {
    1623        2852 :           if(first)
    1624         372 :             first=0;
    1625             :           else
    1626        2480 :             es_printf (";");
    1627        2852 :           es_printf ("%s",mapper(i));
    1628             :         }
    1629             :     }
    1630         372 : }
    1631             : 
    1632             : /* In the future, we can do all sorts of interesting configuration
    1633             :    output here.  For now, just give "group" as the Enigmail folks need
    1634             :    it, and pubkey, cipher, hash, and compress as they may be useful
    1635             :    for frontends. */
    1636             : static void
    1637         373 : list_config(char *items)
    1638             : {
    1639         373 :   int show_all = !items;
    1640         373 :   char *name = NULL;
    1641             :   const char *s;
    1642             :   struct groupitem *giter;
    1643             :   int first, iter;
    1644             : 
    1645         373 :   if(!opt.with_colons)
    1646         374 :     return;
    1647             : 
    1648        1116 :   while(show_all || (name=strsep(&items," ")))
    1649             :     {
    1650         372 :       int any=0;
    1651             : 
    1652         372 :       if(show_all || ascii_strcasecmp(name,"group")==0)
    1653             :         {
    1654           0 :           for (giter = opt.grouplist; giter; giter = giter->next)
    1655             :             {
    1656             :               strlist_t sl;
    1657             : 
    1658           0 :               es_fprintf (es_stdout, "cfg:group:");
    1659           0 :               es_write_sanitized (es_stdout, giter->name, strlen(giter->name),
    1660             :                                   ":", NULL);
    1661           0 :               es_putc (':', es_stdout);
    1662             : 
    1663           0 :               for(sl=giter->values; sl; sl=sl->next)
    1664             :                 {
    1665           0 :                   es_write_sanitized (es_stdout, sl->d, strlen (sl->d),
    1666             :                                       ":;", NULL);
    1667           0 :                   if(sl->next)
    1668           0 :                     es_printf(";");
    1669             :                 }
    1670             : 
    1671           0 :               es_printf("\n");
    1672             :             }
    1673             : 
    1674           0 :           any=1;
    1675             :         }
    1676             : 
    1677         372 :       if(show_all || ascii_strcasecmp(name,"version")==0)
    1678             :         {
    1679           0 :           es_printf("cfg:version:");
    1680           0 :           es_write_sanitized (es_stdout, VERSION, strlen(VERSION), ":", NULL);
    1681           0 :           es_printf ("\n");
    1682           0 :           any=1;
    1683             :         }
    1684             : 
    1685         372 :       if(show_all || ascii_strcasecmp(name,"pubkey")==0)
    1686             :         {
    1687           0 :           es_printf ("cfg:pubkey:");
    1688           0 :           print_algo_numbers (build_list_pk_test_algo);
    1689           0 :           es_printf ("\n");
    1690           0 :           any=1;
    1691             :         }
    1692             : 
    1693         372 :       if(show_all || ascii_strcasecmp(name,"pubkeyname")==0)
    1694             :         {
    1695         124 :           es_printf ("cfg:pubkeyname:");
    1696         124 :           print_algo_names (build_list_pk_test_algo,
    1697             :                             build_list_pk_algo_name);
    1698         124 :           es_printf ("\n");
    1699         124 :           any=1;
    1700             :         }
    1701             : 
    1702         372 :       if(show_all || ascii_strcasecmp(name,"cipher")==0)
    1703             :         {
    1704           0 :           es_printf ("cfg:cipher:");
    1705           0 :           print_algo_numbers (build_list_cipher_test_algo);
    1706           0 :           es_printf ("\n");
    1707           0 :           any=1;
    1708             :         }
    1709             : 
    1710         372 :       if (show_all || !ascii_strcasecmp (name,"ciphername"))
    1711             :         {
    1712         124 :           es_printf ("cfg:ciphername:");
    1713         124 :           print_algo_names (build_list_cipher_test_algo,
    1714             :                             build_list_cipher_algo_name);
    1715         124 :           es_printf ("\n");
    1716         124 :           any = 1;
    1717             :         }
    1718             : 
    1719         372 :       if(show_all
    1720         372 :          || ascii_strcasecmp(name,"digest")==0
    1721         372 :          || ascii_strcasecmp(name,"hash")==0)
    1722             :         {
    1723           0 :           es_printf ("cfg:digest:");
    1724           0 :           print_algo_numbers (build_list_md_test_algo);
    1725           0 :           es_printf ("\n");
    1726           0 :           any=1;
    1727             :         }
    1728             : 
    1729         372 :       if (show_all
    1730         372 :           || !ascii_strcasecmp(name,"digestname")
    1731         248 :           || !ascii_strcasecmp(name,"hashname"))
    1732             :         {
    1733         124 :           es_printf ("cfg:digestname:");
    1734         124 :           print_algo_names (build_list_md_test_algo,
    1735             :                             build_list_md_algo_name);
    1736         124 :           es_printf ("\n");
    1737         124 :           any=1;
    1738             :         }
    1739             : 
    1740         372 :       if(show_all || ascii_strcasecmp(name,"compress")==0)
    1741             :         {
    1742           0 :           es_printf ("cfg:compress:");
    1743           0 :           print_algo_numbers(check_compress_algo);
    1744           0 :           es_printf ("\n");
    1745           0 :           any=1;
    1746             :         }
    1747             : 
    1748         372 :       if (show_all || !ascii_strcasecmp(name,"ccid-reader-id"))
    1749             :         {
    1750             :           /* We ignore this for GnuPG 1.4 backward compatibility.  */
    1751           0 :           any=1;
    1752             :         }
    1753             : 
    1754         372 :       if (show_all || !ascii_strcasecmp (name,"curve"))
    1755             :         {
    1756           0 :           es_printf ("cfg:curve:");
    1757           0 :           for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first=0)
    1758           0 :             es_printf ("%s%s", first?"":";", s);
    1759           0 :           es_printf ("\n");
    1760           0 :           any=1;
    1761             :         }
    1762             : 
    1763             :       /* Curve OIDs are rarely useful and thus only printed if requested.  */
    1764         372 :       if (name && !ascii_strcasecmp (name,"curveoid"))
    1765             :         {
    1766           0 :           es_printf ("cfg:curveoid:");
    1767           0 :           for (iter=0, first=1; (s = openpgp_enum_curves (&iter)); first = 0)
    1768             :             {
    1769           0 :               s = openpgp_curve_to_oid (s, NULL);
    1770           0 :               es_printf ("%s%s", first?"":";", s? s:"[?]");
    1771             :             }
    1772           0 :           es_printf ("\n");
    1773           0 :           any=1;
    1774             :         }
    1775             : 
    1776         372 :       if(show_all)
    1777           0 :         break;
    1778             : 
    1779         372 :       if(!any)
    1780           0 :         log_error(_("unknown configuration item '%s'\n"),name);
    1781             :     }
    1782             : }
    1783             : 
    1784             : 
    1785             : /* List options and default values in the GPG Conf format.  This is a
    1786             :    new tool distributed with gnupg 1.9.x but we also want some limited
    1787             :    support in older gpg versions.  The output is the name of the
    1788             :    configuration file and a list of options available for editing by
    1789             :    gpgconf.  */
    1790             : static void
    1791           0 : gpgconf_list (const char *configfile)
    1792             : {
    1793           0 :   char *configfile_esc = percent_escape (configfile, NULL);
    1794             : 
    1795           0 :   es_printf ("%s-%s.conf:%lu:\"%s\n",
    1796             :              GPGCONF_NAME, GPG_NAME,
    1797             :              GC_OPT_FLAG_DEFAULT,
    1798             :              configfile_esc ? configfile_esc : "/dev/null");
    1799           0 :   es_printf ("verbose:%lu:\n", GC_OPT_FLAG_NONE);
    1800           0 :   es_printf ("quiet:%lu:\n",   GC_OPT_FLAG_NONE);
    1801           0 :   es_printf ("keyserver:%lu:\n", GC_OPT_FLAG_NONE);
    1802           0 :   es_printf ("reader-port:%lu:\n", GC_OPT_FLAG_NONE);
    1803           0 :   es_printf ("default-key:%lu:\n", GC_OPT_FLAG_NONE);
    1804           0 :   es_printf ("encrypt-to:%lu:\n", GC_OPT_FLAG_NONE);
    1805           0 :   es_printf ("try-secret-key:%lu:\n", GC_OPT_FLAG_NONE);
    1806           0 :   es_printf ("auto-key-locate:%lu:\n", GC_OPT_FLAG_NONE);
    1807           0 :   es_printf ("log-file:%lu:\n", GC_OPT_FLAG_NONE);
    1808           0 :   es_printf ("debug-level:%lu:\"none:\n", GC_OPT_FLAG_DEFAULT);
    1809           0 :   es_printf ("group:%lu:\n", GC_OPT_FLAG_NONE);
    1810             : 
    1811             :   /* The next one is an info only item and should match the macros at
    1812             :      the top of keygen.c  */
    1813           0 :   es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
    1814             :              "RSA-2048");
    1815             : 
    1816           0 :   xfree (configfile_esc);
    1817           0 : }
    1818             : 
    1819             : 
    1820             : static int
    1821           0 : parse_subpacket_list(char *list)
    1822             : {
    1823             :   char *tok;
    1824             :   byte subpackets[128],i;
    1825           0 :   int count=0;
    1826             : 
    1827           0 :   if(!list)
    1828             :     {
    1829             :       /* No arguments means all subpackets */
    1830           0 :       memset(subpackets+1,1,sizeof(subpackets)-1);
    1831           0 :       count=127;
    1832             :     }
    1833             :   else
    1834             :     {
    1835           0 :       memset(subpackets,0,sizeof(subpackets));
    1836             : 
    1837             :       /* Merge with earlier copy */
    1838           0 :       if(opt.show_subpackets)
    1839             :         {
    1840             :           byte *in;
    1841             : 
    1842           0 :           for(in=opt.show_subpackets;*in;in++)
    1843             :             {
    1844           0 :               if(*in>127 || *in<1)
    1845           0 :                 BUG();
    1846             : 
    1847           0 :               if(!subpackets[*in])
    1848           0 :                 count++;
    1849           0 :               subpackets[*in]=1;
    1850             :             }
    1851             :         }
    1852             : 
    1853           0 :       while((tok=strsep(&list," ,")))
    1854             :         {
    1855           0 :           if(!*tok)
    1856           0 :             continue;
    1857             : 
    1858           0 :           i=atoi(tok);
    1859           0 :           if(i>127 || i<1)
    1860           0 :             return 0;
    1861             : 
    1862           0 :           if(!subpackets[i])
    1863           0 :             count++;
    1864           0 :           subpackets[i]=1;
    1865             :         }
    1866             :     }
    1867             : 
    1868           0 :   xfree(opt.show_subpackets);
    1869           0 :   opt.show_subpackets=xmalloc(count+1);
    1870           0 :   opt.show_subpackets[count--]=0;
    1871             : 
    1872           0 :   for(i=1;i<128 && count>=0;i++)
    1873           0 :     if(subpackets[i])
    1874           0 :       opt.show_subpackets[count--]=i;
    1875             : 
    1876           0 :   return 1;
    1877             : }
    1878             : 
    1879             : 
    1880             : static int
    1881           0 : parse_list_options(char *str)
    1882             : {
    1883           0 :   char *subpackets=""; /* something that isn't NULL */
    1884           0 :   struct parse_options lopts[]=
    1885             :     {
    1886             :       {"show-photos",LIST_SHOW_PHOTOS,NULL,
    1887             :        N_("display photo IDs during key listings")},
    1888             :       {"show-usage",LIST_SHOW_USAGE,NULL,
    1889             :        N_("show key usage information during key listings")},
    1890             :       {"show-policy-urls",LIST_SHOW_POLICY_URLS,NULL,
    1891             :        N_("show policy URLs during signature listings")},
    1892             :       {"show-notations",LIST_SHOW_NOTATIONS,NULL,
    1893             :        N_("show all notations during signature listings")},
    1894             :       {"show-std-notations",LIST_SHOW_STD_NOTATIONS,NULL,
    1895             :        N_("show IETF standard notations during signature listings")},
    1896             :       {"show-standard-notations",LIST_SHOW_STD_NOTATIONS,NULL,
    1897             :        NULL},
    1898             :       {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
    1899             :        N_("show user-supplied notations during signature listings")},
    1900             :       {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
    1901             :        N_("show preferred keyserver URLs during signature listings")},
    1902             :       {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,
    1903             :        N_("show user ID validity during key listings")},
    1904             :       {"show-unusable-uids",LIST_SHOW_UNUSABLE_UIDS,NULL,
    1905             :        N_("show revoked and expired user IDs in key listings")},
    1906             :       {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
    1907             :        N_("show revoked and expired subkeys in key listings")},
    1908             :       {"show-keyring",LIST_SHOW_KEYRING,NULL,
    1909             :        N_("show the keyring name in key listings")},
    1910             :       {"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
    1911             :        N_("show expiration dates during signature listings")},
    1912             :       {"show-sig-subpackets",LIST_SHOW_SIG_SUBPACKETS,NULL,
    1913             :        NULL},
    1914             :       {NULL,0,NULL,NULL}
    1915             :     };
    1916             : 
    1917             :   /* C99 allows for non-constant initializers, but we'd like to
    1918             :      compile everywhere, so fill in the show-sig-subpackets argument
    1919             :      here.  Note that if the parse_options array changes, we'll have
    1920             :      to change the subscript here. */
    1921           0 :   lopts[13].value=&subpackets;
    1922             : 
    1923           0 :   if(parse_options(str,&opt.list_options,lopts,1))
    1924             :     {
    1925           0 :       if(opt.list_options&LIST_SHOW_SIG_SUBPACKETS)
    1926             :         {
    1927             :           /* Unset so users can pass multiple lists in. */
    1928           0 :           opt.list_options&=~LIST_SHOW_SIG_SUBPACKETS;
    1929           0 :           if(!parse_subpacket_list(subpackets))
    1930           0 :             return 0;
    1931             :         }
    1932           0 :       else if(subpackets==NULL && opt.show_subpackets)
    1933             :         {
    1934             :           /* User did 'no-show-subpackets' */
    1935           0 :           xfree(opt.show_subpackets);
    1936           0 :           opt.show_subpackets=NULL;
    1937             :         }
    1938             : 
    1939           0 :       return 1;
    1940             :     }
    1941             :   else
    1942           0 :     return 0;
    1943             : }
    1944             : 
    1945             : 
    1946             : /* Collapses argc/argv into a single string that must be freed */
    1947             : static char *
    1948         373 : collapse_args(int argc,char *argv[])
    1949             : {
    1950         373 :   char *str=NULL;
    1951         373 :   int i,first=1,len=0;
    1952             : 
    1953         745 :   for(i=0;i<argc;i++)
    1954             :     {
    1955         372 :       len+=strlen(argv[i])+2;
    1956         372 :       str=xrealloc(str,len);
    1957         372 :       if(first)
    1958             :         {
    1959         372 :           str[0]='\0';
    1960         372 :           first=0;
    1961             :         }
    1962             :       else
    1963           0 :         strcat(str," ");
    1964             : 
    1965         372 :       strcat(str,argv[i]);
    1966             :     }
    1967             : 
    1968         373 :   return str;
    1969             : }
    1970             : 
    1971             : 
    1972             : #ifndef NO_TRUST_MODELS
    1973             : static void
    1974          49 : parse_trust_model(const char *model)
    1975             : {
    1976          49 :   if(ascii_strcasecmp(model,"pgp")==0)
    1977           0 :     opt.trust_model=TM_PGP;
    1978          49 :   else if(ascii_strcasecmp(model,"classic")==0)
    1979           0 :     opt.trust_model=TM_CLASSIC;
    1980          49 :   else if(ascii_strcasecmp(model,"always")==0)
    1981           0 :     opt.trust_model=TM_ALWAYS;
    1982          49 :   else if(ascii_strcasecmp(model,"direct")==0)
    1983           0 :     opt.trust_model=TM_DIRECT;
    1984             : #ifdef USE_TOFU
    1985          49 :   else if(ascii_strcasecmp(model,"tofu")==0)
    1986          49 :     opt.trust_model=TM_TOFU;
    1987           0 :   else if(ascii_strcasecmp(model,"tofu+pgp")==0)
    1988           0 :     opt.trust_model=TM_TOFU_PGP;
    1989             : #endif /*USE_TOFU*/
    1990           0 :   else if(ascii_strcasecmp(model,"auto")==0)
    1991           0 :     opt.trust_model=TM_AUTO;
    1992             :   else
    1993           0 :     log_error("unknown trust model '%s'\n",model);
    1994          49 : }
    1995             : #endif /*NO_TRUST_MODELS*/
    1996             : 
    1997             : 
    1998             : static int
    1999          37 : parse_tofu_policy (const char *policystr)
    2000             : {
    2001             : #ifdef USE_TOFU
    2002          37 :   struct { const char *keyword; int policy; } list[] = {
    2003             :     { "auto",    TOFU_POLICY_AUTO },
    2004             :     { "good",    TOFU_POLICY_GOOD },
    2005             :     { "unknown", TOFU_POLICY_UNKNOWN },
    2006             :     { "bad",     TOFU_POLICY_BAD },
    2007             :     { "ask",     TOFU_POLICY_ASK }
    2008             :   };
    2009             :   int i;
    2010             : 
    2011          37 :   if (!ascii_strcasecmp (policystr, "help"))
    2012             :     {
    2013           0 :       log_info (_("available TOFU policies:\n"));
    2014           0 :       for (i=0; i < DIM (list); i++)
    2015           0 :         log_info ("  %s\n", list[i].keyword);
    2016           0 :       g10_exit (1);
    2017             :     }
    2018             : 
    2019         109 :   for (i=0; i < DIM (list); i++)
    2020         109 :     if (!ascii_strcasecmp (policystr, list[i].keyword))
    2021          74 :       return list[i].policy;
    2022             : #endif /*USE_TOFU*/
    2023             : 
    2024           0 :   log_error (_("unknown TOFU policy '%s'\n"), policystr);
    2025           0 :   if (!opt.quiet)
    2026           0 :     log_info (_("(use \"help\" to list choices)\n"));
    2027           0 :   g10_exit (1);
    2028             : }
    2029             : 
    2030             : /* This function called to initialized a new control object.  It is
    2031             :    assumed that this object has been zeroed out before calling this
    2032             :    function. */
    2033             : static void
    2034        1702 : gpg_init_default_ctrl (ctrl_t ctrl)
    2035             : {
    2036             :   (void)ctrl;
    2037        1702 : }
    2038             : 
    2039             : 
    2040             : /* This function is called to deinitialize a control object.  It is
    2041             :    not deallocated. */
    2042             : static void
    2043        1699 : gpg_deinit_default_ctrl (ctrl_t ctrl)
    2044             : {
    2045             : #ifdef USE_TOFU
    2046        1699 :   tofu_closedbs (ctrl);
    2047             : #endif
    2048        1699 :   gpg_dirmngr_deinit_session_data (ctrl);
    2049        1699 : }
    2050             : 
    2051             : 
    2052             : char *
    2053        1703 : get_default_configname (void)
    2054             : {
    2055        1703 :   char *configname = NULL;
    2056        1703 :   char *name = xstrdup (GPG_NAME EXTSEP_S "conf-" SAFE_VERSION);
    2057        1703 :   char *ver = &name[strlen (GPG_NAME EXTSEP_S "conf-")];
    2058             : 
    2059             :   do
    2060             :     {
    2061        6437 :       if (configname)
    2062             :         {
    2063             :           char *tok;
    2064             : 
    2065        4734 :           xfree (configname);
    2066        4734 :           configname = NULL;
    2067             : 
    2068        4734 :           if ((tok = strrchr (ver, SAFE_VERSION_DASH)))
    2069           0 :             *tok='\0';
    2070        4734 :           else if ((tok = strrchr (ver, SAFE_VERSION_DOT)))
    2071        3406 :             *tok='\0';
    2072             :           else
    2073        1328 :             break;
    2074             :         }
    2075             : 
    2076        5109 :       configname = make_filename (gnupg_homedir (), name, NULL);
    2077             :     }
    2078        5109 :   while (access (configname, R_OK));
    2079             : 
    2080        1703 :   xfree(name);
    2081             : 
    2082        1703 :   if (! configname)
    2083        1328 :     configname = make_filename (gnupg_homedir (),
    2084             :                                 GPG_NAME EXTSEP_S "conf", NULL);
    2085        1703 :   if (! access (configname, R_OK))
    2086             :     {
    2087             :       /* Print a warning when both config files are present.  */
    2088        1685 :       char *p = make_filename (gnupg_homedir (), "options", NULL);
    2089        1685 :       if (! access (p, R_OK))
    2090           0 :         log_info (_("Note: old default options file '%s' ignored\n"), p);
    2091        1685 :       xfree (p);
    2092             :     }
    2093             :   else
    2094             :     {
    2095             :       /* Use the old default only if it exists.  */
    2096          18 :       char *p = make_filename (gnupg_homedir (), "options", NULL);
    2097          18 :       if (!access (p, R_OK))
    2098             :         {
    2099           0 :           xfree (configname);
    2100           0 :           configname = p;
    2101             :         }
    2102             :       else
    2103          18 :         xfree (p);
    2104             :     }
    2105             : 
    2106        1703 :   return configname;
    2107             : }
    2108             : 
    2109             : int
    2110        1827 : main (int argc, char **argv)
    2111             : {
    2112             :     ARGPARSE_ARGS pargs;
    2113             :     IOBUF a;
    2114        1827 :     int rc=0;
    2115             :     int orig_argc;
    2116             :     char **orig_argv;
    2117             :     const char *fname;
    2118             :     char *username;
    2119             :     int may_coredump;
    2120             :     strlist_t sl;
    2121        1827 :     strlist_t remusr = NULL;
    2122        1827 :     strlist_t locusr = NULL;
    2123        1827 :     strlist_t nrings = NULL;
    2124        1827 :     armor_filter_context_t *afx = NULL;
    2125        1827 :     int detached_sig = 0;
    2126        1827 :     FILE *configfp = NULL;
    2127        1827 :     char *configname = NULL;
    2128        1827 :     char *save_configname = NULL;
    2129        1827 :     char *default_configname = NULL;
    2130             :     unsigned configlineno;
    2131        1827 :     int parse_debug = 0;
    2132        1827 :     int default_config = 1;
    2133        1827 :     int default_keyring = 1;
    2134        1827 :     int greeting = 0;
    2135        1827 :     int nogreeting = 0;
    2136        1827 :     char *logfile = NULL;
    2137        1827 :     int use_random_seed = 1;
    2138        1827 :     enum cmd_and_opt_values cmd = 0;
    2139        1827 :     const char *debug_level = NULL;
    2140             : #ifndef NO_TRUST_MODELS
    2141        1827 :     const char *trustdb_name = NULL;
    2142             : #endif /*!NO_TRUST_MODELS*/
    2143        1827 :     char *def_cipher_string = NULL;
    2144        1827 :     char *def_digest_string = NULL;
    2145        1827 :     char *compress_algo_string = NULL;
    2146        1827 :     char *cert_digest_string = NULL;
    2147        1827 :     char *s2k_cipher_string = NULL;
    2148        1827 :     char *s2k_digest_string = NULL;
    2149        1827 :     char *pers_cipher_list = NULL;
    2150        1827 :     char *pers_digest_list = NULL;
    2151        1827 :     char *pers_compress_list = NULL;
    2152        1827 :     int eyes_only=0;
    2153        1827 :     int multifile=0;
    2154        1827 :     int pwfd = -1;
    2155        1827 :     int fpr_maybe_cmd = 0; /* --fingerprint maybe a command.  */
    2156        1827 :     int any_explicit_recipient = 0;
    2157        1827 :     int require_secmem = 0;
    2158        1827 :     int got_secmem = 0;
    2159             :     struct assuan_malloc_hooks malloc_hooks;
    2160             :     ctrl_t ctrl;
    2161             : 
    2162             :     static int print_dane_records;
    2163             :     static int print_pka_records;
    2164             : 
    2165             : 
    2166             : #ifdef __riscos__
    2167             :     opt.lock_once = 1;
    2168             : #endif /* __riscos__ */
    2169             : 
    2170             :     /* Please note that we may running SUID(ROOT), so be very CAREFUL
    2171             :        when adding any stuff between here and the call to
    2172             :        secmem_init() somewhere after the option parsing. */
    2173        1827 :     early_system_init ();
    2174        1827 :     gnupg_reopen_std (GPG_NAME);
    2175        1827 :     trap_unaligned ();
    2176        1827 :     gnupg_rl_initialize ();
    2177        1827 :     set_strusage (my_strusage);
    2178        1827 :     gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
    2179        1827 :     log_set_prefix (GPG_NAME, GPGRT_LOG_WITH_PREFIX);
    2180             : 
    2181             :     /* Make sure that our subsystems are ready.  */
    2182        1827 :     i18n_init();
    2183        1827 :     init_common_subsystems (&argc, &argv);
    2184             : 
    2185             :     /* Use our own logging handler for Libcgrypt.  */
    2186        1827 :     setup_libgcrypt_logging ();
    2187             : 
    2188             :     /* Put random number into secure memory */
    2189        1827 :     gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
    2190             : 
    2191        1827 :     may_coredump = disable_core_dumps();
    2192             : 
    2193        1827 :     gnupg_init_signals (0, emergency_cleanup);
    2194             : 
    2195        1827 :     dotlock_create (NULL, 0); /* Register lock file cleanup. */
    2196             : 
    2197        1827 :     opt.autostart = 1;
    2198        1827 :     opt.session_env = session_env_new ();
    2199        1827 :     if (!opt.session_env)
    2200           0 :       log_fatal ("error allocating session environment block: %s\n",
    2201           0 :                  strerror (errno));
    2202             : 
    2203        1827 :     opt.command_fd = -1; /* no command fd */
    2204        1827 :     opt.compress_level = -1; /* defaults to standard compress level */
    2205        1827 :     opt.bz2_compress_level = -1; /* defaults to standard compress level */
    2206             :     /* note: if you change these lines, look at oOpenPGP */
    2207        1827 :     opt.def_cipher_algo = 0;
    2208        1827 :     opt.def_digest_algo = 0;
    2209        1827 :     opt.cert_digest_algo = 0;
    2210        1827 :     opt.compress_algo = -1; /* defaults to DEFAULT_COMPRESS_ALGO */
    2211        1827 :     opt.s2k_mode = 3; /* iterated+salted */
    2212        1827 :     opt.s2k_count = 0; /* Auto-calibrate when needed.  */
    2213        1827 :     opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
    2214        1827 :     opt.completes_needed = 1;
    2215        1827 :     opt.marginals_needed = 3;
    2216        1827 :     opt.max_cert_depth = 5;
    2217        1827 :     opt.escape_from = 1;
    2218        1827 :     opt.flags.require_cross_cert = 1;
    2219        1827 :     opt.import_options = 0;
    2220        1827 :     opt.export_options = EXPORT_ATTRIBUTES;
    2221        1827 :     opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
    2222        1827 :     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
    2223        1827 :     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
    2224        1827 :     opt.verify_options = (LIST_SHOW_UID_VALIDITY
    2225             :                           | VERIFY_SHOW_POLICY_URLS
    2226             :                           | VERIFY_SHOW_STD_NOTATIONS
    2227             :                           | VERIFY_SHOW_KEYSERVER_URLS);
    2228        1827 :     opt.list_options   = (LIST_SHOW_UID_VALIDITY
    2229             :                           | LIST_SHOW_USAGE);
    2230             : #ifdef NO_TRUST_MODELS
    2231             :     opt.trust_model = TM_ALWAYS;
    2232             : #else
    2233        1827 :     opt.trust_model = TM_AUTO;
    2234             : #endif
    2235        1827 :     opt.tofu_default_policy = TOFU_POLICY_AUTO;
    2236        1827 :     opt.mangle_dos_filenames = 0;
    2237        1827 :     opt.min_cert_level = 2;
    2238        1827 :     set_screen_dimensions ();
    2239        1827 :     opt.keyid_format = KF_NONE;
    2240        1827 :     opt.def_sig_expire = "0";
    2241        1827 :     opt.def_cert_expire = "0";
    2242        1827 :     gnupg_set_homedir (NULL);
    2243        1827 :     opt.passphrase_repeat = 1;
    2244        1827 :     opt.emit_version = 0;
    2245        1827 :     opt.weak_digests = NULL;
    2246        1827 :     additional_weak_digest("MD5");
    2247             : 
    2248             :     /* Check whether we have a config file on the command line.  */
    2249        1827 :     orig_argc = argc;
    2250        1827 :     orig_argv = argv;
    2251        1827 :     pargs.argc = &argc;
    2252        1827 :     pargs.argv = &argv;
    2253        1827 :     pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
    2254       12937 :     while( arg_parse( &pargs, opts) ) {
    2255        9283 :         if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll )
    2256           0 :             parse_debug++;
    2257        9283 :         else if (pargs.r_opt == oDebugIOLBF)
    2258           0 :             es_setvbuf (es_stdout, NULL, _IOLBF, 0);
    2259        9283 :         else if( pargs.r_opt == oOptions ) {
    2260             :             /* yes there is one, so we do not try the default one, but
    2261             :              * read the option file when it is encountered at the commandline
    2262             :              */
    2263           0 :             default_config = 0;
    2264             :         }
    2265        9283 :         else if( pargs.r_opt == oNoOptions )
    2266             :           {
    2267           0 :             default_config = 0; /* --no-options */
    2268           0 :             opt.no_homedir_creation = 1;
    2269             :           }
    2270        9283 :         else if( pargs.r_opt == oHomedir )
    2271           0 :             gnupg_set_homedir (pargs.r.ret_str);
    2272        9283 :         else if( pargs.r_opt == oNoPermissionWarn )
    2273        1670 :             opt.no_perm_warn=1;
    2274        7613 :         else if (pargs.r_opt == oStrict )
    2275             :           {
    2276             :             /* Not used */
    2277             :           }
    2278        7613 :         else if (pargs.r_opt == oNoStrict )
    2279             :           {
    2280             :             /* Not used */
    2281             :           }
    2282             :     }
    2283             : 
    2284             : #ifdef HAVE_DOSISH_SYSTEM
    2285             :     if ( strchr (gnupg_homedir (), '\\') ) {
    2286             :       char *d, *buf = xmalloc (strlen (gnupg_homedir ())+1);
    2287             :       const char *s;
    2288             :       for (d=buf, s = gnupg_homedir (); *s; s++)
    2289             :           {
    2290             :             *d++ = *s == '\\'? '/': *s;
    2291             : #ifdef HAVE_W32_SYSTEM
    2292             :             if (s[1] && IsDBCSLeadByte (*s))
    2293             :               *d++ = *++s;
    2294             : #endif
    2295             :           }
    2296             :         *d = 0;
    2297             :         gnupg_set_homedir (buf);
    2298             :     }
    2299             : #endif
    2300             : 
    2301             :     /* Initialize the secure memory. */
    2302        1703 :     if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
    2303        1703 :       got_secmem = 1;
    2304             : #if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
    2305             :     /* There should be no way to get to this spot while still carrying
    2306             :        setuid privs.  Just in case, bomb out if we are. */
    2307             :     if ( getuid () != geteuid () )
    2308             :       BUG ();
    2309             : #endif
    2310        1703 :     maybe_setuid = 0;
    2311             : 
    2312             :     /* Okay, we are now working under our real uid */
    2313             : 
    2314             :     /* malloc hooks go here ... */
    2315        1703 :     malloc_hooks.malloc = gcry_malloc;
    2316        1703 :     malloc_hooks.realloc = gcry_realloc;
    2317        1703 :     malloc_hooks.free = gcry_free;
    2318        1703 :     assuan_set_malloc_hooks (&malloc_hooks);
    2319        1703 :     assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
    2320        1703 :     setup_libassuan_logging (&opt.debug, NULL);
    2321             : 
    2322             :     /* Try for a version specific config file first */
    2323        1703 :     default_configname = get_default_configname ();
    2324        1703 :     if (default_config)
    2325        1703 :       configname = xstrdup (default_configname);
    2326             : 
    2327        1703 :     argc = orig_argc;
    2328        1703 :     argv = orig_argv;
    2329        1703 :     pargs.argc = &argc;
    2330        1703 :     pargs.argv = &argv;
    2331        1703 :     pargs.flags= ARGPARSE_FLAG_KEEP;
    2332             : 
    2333             :     /* By this point we have a homedir, and cannot change it. */
    2334        1703 :     check_permissions (gnupg_homedir (), 0);
    2335             : 
    2336             :   next_pass:
    2337        3388 :     if( configname ) {
    2338        1703 :       if(check_permissions(configname,1))
    2339             :         {
    2340             :           /* If any options file is unsafe, then disable any external
    2341             :              programs for keyserver calls or photo IDs.  Since the
    2342             :              external program to call is set in the options file, a
    2343             :              unsafe options file can lead to an arbitrary program
    2344             :              being run. */
    2345             : 
    2346           0 :           opt.exec_disable=1;
    2347             :         }
    2348             : 
    2349        1703 :         configlineno = 0;
    2350        1703 :         configfp = fopen( configname, "r" );
    2351        1703 :         if (configfp && is_secured_file (fileno (configfp)))
    2352             :           {
    2353           0 :             fclose (configfp);
    2354           0 :             configfp = NULL;
    2355           0 :             gpg_err_set_errno (EPERM);
    2356             :           }
    2357        1703 :         if( !configfp ) {
    2358          18 :             if( default_config ) {
    2359          18 :                 if( parse_debug )
    2360           0 :                     log_info(_("Note: no default option file '%s'\n"),
    2361             :                                                             configname );
    2362             :             }
    2363             :             else {
    2364           0 :                 log_error(_("option file '%s': %s\n"),
    2365           0 :                                     configname, strerror(errno) );
    2366           0 :                 g10_exit(2);
    2367             :             }
    2368          18 :             xfree(configname); configname = NULL;
    2369             :         }
    2370        1703 :         if( parse_debug && configname )
    2371           0 :             log_info(_("reading options from '%s'\n"), configname );
    2372        1703 :         default_config = 0;
    2373             :     }
    2374             : 
    2375       28228 :     while( optfile_parse( configfp, configname, &configlineno,
    2376             :                                                 &pargs, opts) )
    2377             :       {
    2378       21452 :         switch( pargs.r_opt )
    2379             :           {
    2380             :           case aListConfig:
    2381             :           case aListGcryptConfig:
    2382             :           case aGPGConfList:
    2383             :           case aGPGConfTest:
    2384         373 :             set_cmd (&cmd, pargs.r_opt);
    2385             :             /* Do not register a keyring for these commands.  */
    2386         373 :             default_keyring = -1;
    2387         373 :             break;
    2388             : 
    2389             :           case aCheckKeys:
    2390             :           case aListPackets:
    2391             :           case aImport:
    2392             :           case aFastImport:
    2393             :           case aSendKeys:
    2394             :           case aRecvKeys:
    2395             :           case aSearchKeys:
    2396             :           case aRefreshKeys:
    2397             :           case aFetchKeys:
    2398             :           case aExport:
    2399             : #ifdef ENABLE_CARD_SUPPORT
    2400             :           case aCardStatus:
    2401             :           case aCardEdit:
    2402             :           case aChangePIN:
    2403             : #endif /* ENABLE_CARD_SUPPORT*/
    2404             :           case aListKeys:
    2405             :           case aLocateKeys:
    2406             :           case aListSigs:
    2407             :           case aExportSecret:
    2408             :           case aExportSecretSub:
    2409             :           case aExportSshKey:
    2410             :           case aSym:
    2411             :           case aClearsign:
    2412             :           case aGenRevoke:
    2413             :           case aDesigRevoke:
    2414             :           case aPrimegen:
    2415             :           case aGenRandom:
    2416             :           case aPrintMD:
    2417             :           case aPrintMDs:
    2418             :           case aListTrustDB:
    2419             :           case aCheckTrustDB:
    2420             :           case aUpdateTrustDB:
    2421             :           case aFixTrustDB:
    2422             :           case aListTrustPath:
    2423             :           case aDeArmor:
    2424             :           case aEnArmor:
    2425             :           case aSign:
    2426             :           case aQuickSignKey:
    2427             :           case aQuickLSignKey:
    2428             :           case aSignKey:
    2429             :           case aLSignKey:
    2430             :           case aStore:
    2431             :           case aQuickKeygen:
    2432             :           case aQuickAddUid:
    2433             :           case aQuickAddKey:
    2434             :           case aQuickRevUid:
    2435             :           case aExportOwnerTrust:
    2436             :           case aImportOwnerTrust:
    2437             :           case aRebuildKeydbCaches:
    2438         483 :             set_cmd (&cmd, pargs.r_opt);
    2439         483 :             break;
    2440             : 
    2441             :           case aKeygen:
    2442             :           case aFullKeygen:
    2443             :           case aEditKey:
    2444             :           case aDeleteSecretKeys:
    2445             :           case aDeleteSecretAndPublicKeys:
    2446             :           case aDeleteKeys:
    2447             :           case aPasswd:
    2448          10 :             set_cmd (&cmd, pargs.r_opt);
    2449          10 :             greeting=1;
    2450          10 :             break;
    2451             : 
    2452          16 :           case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break;
    2453             : 
    2454           0 :           case aDecryptFiles: multifile=1; /* fall through */
    2455          12 :           case aDecrypt: set_cmd( &cmd, aDecrypt); break;
    2456             : 
    2457           0 :           case aEncrFiles: multifile=1; /* fall through */
    2458         247 :           case aEncr: set_cmd( &cmd, aEncr); break;
    2459             : 
    2460           0 :           case aVerifyFiles: multifile=1; /* fall through */
    2461          44 :           case aVerify: set_cmd( &cmd, aVerify); break;
    2462             : 
    2463             :           case aServer:
    2464           0 :             set_cmd (&cmd, pargs.r_opt);
    2465           0 :             opt.batch = 1;
    2466           0 :             break;
    2467             : 
    2468             :           case aTOFUPolicy:
    2469           4 :             set_cmd (&cmd, pargs.r_opt);
    2470           4 :             break;
    2471             : 
    2472          39 :           case oArmor: opt.armor = 1; opt.no_armor=0; break;
    2473        1127 :           case oOutput: opt.outfile = pargs.r.ret_str; break;
    2474             : 
    2475           0 :           case oMaxOutput: opt.max_output = pargs.r.ret_ulong; break;
    2476             : 
    2477             :           case oInputSizeHint:
    2478           0 :             opt.input_size_hint = string_to_u64 (pargs.r.ret_str);
    2479           0 :             break;
    2480             : 
    2481           3 :           case oQuiet: opt.quiet = 1; break;
    2482           0 :           case oNoTTY: tty_no_terminal(1); break;
    2483           0 :           case oDryRun: opt.dry_run = 1; break;
    2484           0 :           case oInteractive: opt.interactive = 1; break;
    2485             :           case oVerbose:
    2486           3 :             opt.verbose++;
    2487           3 :             gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
    2488           3 :             opt.list_options|=LIST_SHOW_UNUSABLE_UIDS;
    2489           3 :             opt.list_options|=LIST_SHOW_UNUSABLE_SUBKEYS;
    2490           3 :             break;
    2491             : 
    2492             :           case oBatch:
    2493        1340 :             opt.batch = 1;
    2494        1340 :             nogreeting = 1;
    2495        1340 :             break;
    2496             : 
    2497             :           case oUseAgent: /* Dummy. */
    2498           0 :             break;
    2499             : 
    2500             :           case oNoUseAgent:
    2501           0 :             obsolete_option (configname, configlineno, "no-use-agent");
    2502           0 :             break;
    2503             :           case oGpgAgentInfo:
    2504           0 :             obsolete_option (configname, configlineno, "gpg-agent-info");
    2505           0 :             break;
    2506             :           case oReaderPort:
    2507           0 :             obsolete_scdaemon_option (configname, configlineno, "reader-port");
    2508           0 :             break;
    2509             :           case octapiDriver:
    2510           0 :             obsolete_scdaemon_option (configname, configlineno, "ctapi-driver");
    2511           0 :             break;
    2512             :           case opcscDriver:
    2513           0 :             obsolete_scdaemon_option (configname, configlineno, "pcsc-driver");
    2514           0 :             break;
    2515             :           case oDisableCCID:
    2516           0 :             obsolete_scdaemon_option (configname, configlineno, "disable-ccid");
    2517           0 :             break;
    2518             :           case oHonorHttpProxy:
    2519           0 :             obsolete_option (configname, configlineno, "honor-http-proxy");
    2520           0 :             break;
    2521             : 
    2522        1097 :           case oAnswerYes: opt.answer_yes = 1; break;
    2523           0 :           case oAnswerNo: opt.answer_no = 1; break;
    2524           0 :           case oKeyring: append_to_strlist( &nrings, pargs.r.ret_str); break;
    2525             :           case oPrimaryKeyring:
    2526           0 :             sl = append_to_strlist (&nrings, pargs.r.ret_str);
    2527           0 :             sl->flags = KEYDB_RESOURCE_FLAG_PRIMARY;
    2528           0 :             break;
    2529             :           case oShowKeyring:
    2530           0 :             deprecated_warning(configname,configlineno,"--show-keyring",
    2531             :                                "--list-options ","show-keyring");
    2532           0 :             opt.list_options|=LIST_SHOW_KEYRING;
    2533           0 :             break;
    2534             : 
    2535             :           case oDebug:
    2536           0 :             if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags))
    2537             :               {
    2538           0 :                 pargs.r_opt = ARGPARSE_INVALID_ARG;
    2539           0 :                 pargs.err = ARGPARSE_PRINT_ERROR;
    2540             :               }
    2541           0 :             break;
    2542             : 
    2543           0 :           case oDebugAll: opt.debug = ~0; break;
    2544           0 :           case oDebugLevel: debug_level = pargs.r.ret_str; break;
    2545             : 
    2546           0 :           case oDebugIOLBF: break; /* Already set in pre-parse step.  */
    2547             : 
    2548             :           case oStatusFD:
    2549          14 :             set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
    2550          14 :             break;
    2551             :           case oStatusFile:
    2552           0 :             set_status_fd ( open_info_file (pargs.r.ret_str, 1, 0) );
    2553           0 :             break;
    2554             :           case oAttributeFD:
    2555           0 :             set_attrib_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) );
    2556           0 :             break;
    2557             :           case oAttributeFile:
    2558           0 :             set_attrib_fd ( open_info_file (pargs.r.ret_str, 1, 1) );
    2559           0 :             break;
    2560             :           case oLoggerFD:
    2561           0 :             log_set_fd (translate_sys2libc_fd_int (pargs.r.ret_int, 1));
    2562           0 :             break;
    2563             :           case oLoggerFile:
    2564           0 :             logfile = pargs.r.ret_str;
    2565           0 :             break;
    2566             : 
    2567             :           case oWithFingerprint:
    2568           0 :             opt.with_fingerprint = 1;
    2569           0 :             opt.fingerprint++;
    2570           0 :             break;
    2571             :           case oWithSubkeyFingerprint:
    2572           0 :             opt.with_subkey_fingerprint = 1;
    2573           0 :             break;
    2574             :           case oWithICAOSpelling:
    2575           0 :             opt.with_icao_spelling = 1;
    2576           0 :             break;
    2577             :           case oFingerprint:
    2578           0 :             opt.fingerprint++;
    2579           0 :             fpr_maybe_cmd = 1;
    2580           0 :             break;
    2581             : 
    2582             :           case oWithKeygrip:
    2583           0 :             opt.with_keygrip = 1;
    2584           0 :             break;
    2585             : 
    2586             :           case oWithSecret:
    2587           0 :             opt.with_secret = 1;
    2588           0 :             break;
    2589             : 
    2590             :           case oWithWKDHash:
    2591           0 :             opt.with_wkd_hash = 1;
    2592           0 :             break;
    2593             : 
    2594             :           case oSecretKeyring:
    2595             :             /* Ignore this old option.  */
    2596           0 :             break;
    2597             : 
    2598             :           case oOptions:
    2599             :             /* config files may not be nested (silently ignore them) */
    2600           0 :             if( !configfp ) {
    2601           0 :                 xfree(configname);
    2602           0 :                 configname = xstrdup(pargs.r.ret_str);
    2603           0 :                 goto next_pass;
    2604             :             }
    2605           0 :             break;
    2606           0 :           case oNoArmor: opt.no_armor=1; opt.armor=0; break;
    2607             : 
    2608             :           case oNoDefKeyring:
    2609           0 :             if (default_keyring > 0)
    2610           0 :               default_keyring = 0;
    2611           0 :             break;
    2612             :           case oNoKeyring:
    2613           3 :             default_keyring = -1;
    2614           3 :             break;
    2615             : 
    2616        1331 :           case oNoGreeting: nogreeting = 1; break;
    2617             :           case oNoVerbose:
    2618           0 :             opt.verbose = 0;
    2619           0 :             gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
    2620           0 :             opt.list_sigs=0;
    2621           0 :             break;
    2622             :           case oQuickRandom:
    2623           0 :             gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
    2624           0 :             break;
    2625           0 :           case oEmitVersion: opt.emit_version++; break;
    2626           0 :           case oNoEmitVersion: opt.emit_version=0; break;
    2627           0 :           case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
    2628           0 :           case oMarginalsNeeded: opt.marginals_needed = pargs.r.ret_int; break;
    2629           0 :           case oMaxCertDepth: opt.max_cert_depth = pargs.r.ret_int; break;
    2630             : 
    2631             : #ifndef NO_TRUST_MODELS
    2632           0 :           case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
    2633             : 
    2634             : #endif /*!NO_TRUST_MODELS*/
    2635             :           case oDefaultKey:
    2636         385 :             sl = add_to_strlist (&opt.def_secret_key, pargs.r.ret_str);
    2637         385 :             sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
    2638         385 :             if (configfp)
    2639         375 :               sl->flags |= PK_LIST_CONFIG;
    2640         385 :             break;
    2641             :           case oDefRecipient:
    2642           0 :             if( *pargs.r.ret_str )
    2643             :               {
    2644           0 :                 xfree (opt.def_recipient);
    2645           0 :                 opt.def_recipient = make_username(pargs.r.ret_str);
    2646             :               }
    2647           0 :             break;
    2648             :           case oDefRecipientSelf:
    2649           0 :             xfree(opt.def_recipient); opt.def_recipient = NULL;
    2650           0 :             opt.def_recipient_self = 1;
    2651           0 :             break;
    2652             :           case oNoDefRecipient:
    2653           0 :             xfree(opt.def_recipient); opt.def_recipient = NULL;
    2654           0 :             opt.def_recipient_self = 0;
    2655           0 :             break;
    2656           0 :           case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
    2657           0 :           case oHomedir: break;
    2658           0 :           case oNoBatch: opt.batch = 0; break;
    2659             : 
    2660          22 :           case oWithTofuInfo: opt.with_tofu_info = 1; break;
    2661             : 
    2662           0 :           case oWithKeyData: opt.with_key_data=1; /*FALLTHRU*/
    2663         418 :           case oWithColons: opt.with_colons=':'; break;
    2664             : 
    2665           0 :           case oWithSigCheck: opt.check_sigs = 1; /*FALLTHRU*/
    2666           0 :           case oWithSigList: opt.list_sigs = 1; break;
    2667             : 
    2668           0 :           case oSkipVerify: opt.skip_verify=1; break;
    2669             : 
    2670           0 :           case oSkipHiddenRecipients: opt.skip_hidden_recipients = 1; break;
    2671           0 :           case oNoSkipHiddenRecipients: opt.skip_hidden_recipients = 0; break;
    2672             : 
    2673          14 :           case aListSecretKeys: set_cmd( &cmd, aListSecretKeys); break;
    2674             : 
    2675             : #ifndef NO_TRUST_MODELS
    2676             :             /* There are many programs (like mutt) that call gpg with
    2677             :                --always-trust so keep this option around for a long
    2678             :                time. */
    2679        1596 :           case oAlwaysTrust: opt.trust_model=TM_ALWAYS; break;
    2680             :           case oTrustModel:
    2681          49 :             parse_trust_model(pargs.r.ret_str);
    2682          49 :             break;
    2683             : #endif /*!NO_TRUST_MODELS*/
    2684             :           case oTOFUDefaultPolicy:
    2685          33 :             opt.tofu_default_policy = parse_tofu_policy (pargs.r.ret_str);
    2686          33 :             break;
    2687             :           case oTOFUDBFormat:
    2688           0 :             obsolete_option (configname, configlineno, "tofu-db-format");
    2689           0 :             break;
    2690             : 
    2691             :           case oForceOwnertrust:
    2692           0 :             log_info(_("Note: %s is not for normal use!\n"),
    2693             :                      "--force-ownertrust");
    2694           0 :             opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
    2695           0 :             if(opt.force_ownertrust==-1)
    2696             :               {
    2697           0 :                 log_error("invalid ownertrust '%s'\n",pargs.r.ret_str);
    2698           0 :                 opt.force_ownertrust=0;
    2699             :               }
    2700           0 :             break;
    2701             :           case oLoadExtension:
    2702             :             /* Dummy so that gpg 1.4 conf files can work. Should
    2703             :                eventually be removed.  */
    2704           0 :             break;
    2705             :           case oRFC4880bis:
    2706           0 :             opt.flags.rfc4880bis = 1;
    2707             :             /* fall thru.  */
    2708             :           case oOpenPGP:
    2709             :           case oRFC4880:
    2710             :             /* This is effectively the same as RFC2440, but with
    2711             :                "--enable-dsa2 --no-rfc2440-text --escape-from-lines
    2712             :                --require-cross-certification". */
    2713           0 :             opt.compliance = CO_RFC4880;
    2714           0 :             opt.flags.dsa2 = 1;
    2715           0 :             opt.flags.require_cross_cert = 1;
    2716           0 :             opt.rfc2440_text = 0;
    2717           0 :             opt.allow_non_selfsigned_uid = 1;
    2718           0 :             opt.allow_freeform_uid = 1;
    2719           0 :             opt.escape_from = 1;
    2720           0 :             opt.not_dash_escaped = 0;
    2721           0 :             opt.def_cipher_algo = 0;
    2722           0 :             opt.def_digest_algo = 0;
    2723           0 :             opt.cert_digest_algo = 0;
    2724           0 :             opt.compress_algo = -1;
    2725           0 :             opt.s2k_mode = 3; /* iterated+salted */
    2726           0 :             opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
    2727           0 :             opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
    2728           0 :             break;
    2729             :           case oRFC2440:
    2730           0 :             opt.compliance = CO_RFC2440;
    2731           0 :             opt.flags.dsa2 = 0;
    2732           0 :             opt.rfc2440_text = 1;
    2733           0 :             opt.allow_non_selfsigned_uid = 1;
    2734           0 :             opt.allow_freeform_uid = 1;
    2735           0 :             opt.escape_from = 0;
    2736           0 :             opt.not_dash_escaped = 0;
    2737           0 :             opt.def_cipher_algo = 0;
    2738           0 :             opt.def_digest_algo = 0;
    2739           0 :             opt.cert_digest_algo = 0;
    2740           0 :             opt.compress_algo = -1;
    2741           0 :             opt.s2k_mode = 3; /* iterated+salted */
    2742           0 :             opt.s2k_digest_algo = DIGEST_ALGO_SHA1;
    2743           0 :             opt.s2k_cipher_algo = CIPHER_ALGO_3DES;
    2744           0 :             break;
    2745           0 :           case oPGP6:  opt.compliance = CO_PGP6;  break;
    2746           0 :           case oPGP7:  opt.compliance = CO_PGP7;  break;
    2747           0 :           case oPGP8:  opt.compliance = CO_PGP8;  break;
    2748           0 :           case oGnuPG: opt.compliance = CO_GNUPG; break;
    2749           0 :           case oRFC2440Text: opt.rfc2440_text=1; break;
    2750           0 :           case oNoRFC2440Text: opt.rfc2440_text=0; break;
    2751             :           case oSetFilename:
    2752           0 :             if(utf8_strings)
    2753           0 :               opt.set_filename = pargs.r.ret_str;
    2754             :             else
    2755           0 :               opt.set_filename = native_to_utf8(pargs.r.ret_str);
    2756           0 :             break;
    2757           0 :           case oForYourEyesOnly: eyes_only = 1; break;
    2758           0 :           case oNoForYourEyesOnly: eyes_only = 0; break;
    2759             :           case oSetPolicyURL:
    2760           0 :             add_policy_url(pargs.r.ret_str,0);
    2761           0 :             add_policy_url(pargs.r.ret_str,1);
    2762           0 :             break;
    2763           0 :           case oSigPolicyURL: add_policy_url(pargs.r.ret_str,0); break;
    2764           0 :           case oCertPolicyURL: add_policy_url(pargs.r.ret_str,1); break;
    2765             :           case oShowPolicyURL:
    2766           0 :             deprecated_warning(configname,configlineno,"--show-policy-url",
    2767             :                                "--list-options ","show-policy-urls");
    2768           0 :             deprecated_warning(configname,configlineno,"--show-policy-url",
    2769             :                                "--verify-options ","show-policy-urls");
    2770           0 :             opt.list_options|=LIST_SHOW_POLICY_URLS;
    2771           0 :             opt.verify_options|=VERIFY_SHOW_POLICY_URLS;
    2772           0 :             break;
    2773             :           case oNoShowPolicyURL:
    2774           0 :             deprecated_warning(configname,configlineno,"--no-show-policy-url",
    2775             :                                "--list-options ","no-show-policy-urls");
    2776           0 :             deprecated_warning(configname,configlineno,"--no-show-policy-url",
    2777             :                                "--verify-options ","no-show-policy-urls");
    2778           0 :             opt.list_options&=~LIST_SHOW_POLICY_URLS;
    2779           0 :             opt.verify_options&=~VERIFY_SHOW_POLICY_URLS;
    2780           0 :             break;
    2781           0 :           case oSigKeyserverURL: add_keyserver_url(pargs.r.ret_str,0); break;
    2782             :           case oUseEmbeddedFilename:
    2783           0 :             opt.flags.use_embedded_filename=1;
    2784           0 :             break;
    2785             :           case oNoUseEmbeddedFilename:
    2786           0 :             opt.flags.use_embedded_filename=0;
    2787           0 :             break;
    2788             :           case oComment:
    2789           0 :             if(pargs.r.ret_str[0])
    2790           0 :               append_to_strlist(&opt.comments,pargs.r.ret_str);
    2791           0 :             break;
    2792             :           case oDefaultComment:
    2793           0 :             deprecated_warning(configname,configlineno,
    2794             :                                "--default-comment","--no-comments","");
    2795             :             /* fall through */
    2796             :           case oNoComments:
    2797           0 :             free_strlist(opt.comments);
    2798           0 :             opt.comments=NULL;
    2799           0 :             break;
    2800           0 :           case oThrowKeyids: opt.throw_keyids = 1; break;
    2801           0 :           case oNoThrowKeyids: opt.throw_keyids = 0; break;
    2802             :           case oShowPhotos:
    2803           0 :             deprecated_warning(configname,configlineno,"--show-photos",
    2804             :                                "--list-options ","show-photos");
    2805           0 :             deprecated_warning(configname,configlineno,"--show-photos",
    2806             :                                "--verify-options ","show-photos");
    2807           0 :             opt.list_options|=LIST_SHOW_PHOTOS;
    2808           0 :             opt.verify_options|=VERIFY_SHOW_PHOTOS;
    2809           0 :             break;
    2810             :           case oNoShowPhotos:
    2811           0 :             deprecated_warning(configname,configlineno,"--no-show-photos",
    2812             :                                "--list-options ","no-show-photos");
    2813           0 :             deprecated_warning(configname,configlineno,"--no-show-photos",
    2814             :                                "--verify-options ","no-show-photos");
    2815           0 :             opt.list_options&=~LIST_SHOW_PHOTOS;
    2816           0 :             opt.verify_options&=~VERIFY_SHOW_PHOTOS;
    2817           0 :             break;
    2818           0 :           case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
    2819             : 
    2820         187 :           case oForceMDC: opt.force_mdc = 1; break;
    2821           0 :           case oNoForceMDC: opt.force_mdc = 0; break;
    2822           0 :           case oDisableMDC: opt.disable_mdc = 1; break;
    2823           0 :           case oNoDisableMDC: opt.disable_mdc = 0; break;
    2824             : 
    2825           0 :           case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
    2826             : 
    2827           0 :           case oS2KMode:   opt.s2k_mode = pargs.r.ret_int; break;
    2828           0 :           case oS2KDigest: s2k_digest_string = xstrdup(pargs.r.ret_str); break;
    2829           0 :           case oS2KCipher: s2k_cipher_string = xstrdup(pargs.r.ret_str); break;
    2830             :           case oS2KCount:
    2831         436 :             if (pargs.r.ret_int)
    2832         436 :               opt.s2k_count = encode_s2k_iterations (pargs.r.ret_int);
    2833             :             else
    2834           0 :               opt.s2k_count = 0;  /* Auto-calibrate when needed.  */
    2835         436 :             break;
    2836             : 
    2837             :           case oRecipient:
    2838             :           case oHiddenRecipient:
    2839             :           case oRecipientFile:
    2840             :           case oHiddenRecipientFile:
    2841             :             /* Store the recipient.  Note that we also store the
    2842             :              * option as private data in the flags.  This is achieved
    2843             :              * by shifting the option value to the left so to keep
    2844             :              * enough space for the flags.  */
    2845         272 :             sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
    2846         272 :             sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
    2847         272 :             if (configfp)
    2848           0 :               sl->flags |= PK_LIST_CONFIG;
    2849         272 :             if (pargs.r_opt == oHiddenRecipient
    2850         272 :                 || pargs.r_opt == oHiddenRecipientFile)
    2851           3 :               sl->flags |= PK_LIST_HIDDEN;
    2852         272 :             if (pargs.r_opt == oRecipientFile
    2853         269 :                 || pargs.r_opt == oHiddenRecipientFile)
    2854           6 :               sl->flags |= PK_LIST_FROM_FILE;
    2855         272 :             any_explicit_recipient = 1;
    2856         272 :             break;
    2857             : 
    2858             :           case oEncryptTo:
    2859             :           case oHiddenEncryptTo:
    2860             :             /* Store an additional recipient.  */
    2861         375 :             sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings );
    2862         375 :             sl->flags = ((pargs.r_opt << PK_LIST_SHIFT) | PK_LIST_ENCRYPT_TO);
    2863         375 :             if (configfp)
    2864         375 :               sl->flags |= PK_LIST_CONFIG;
    2865         375 :             if (pargs.r_opt == oHiddenEncryptTo)
    2866           0 :               sl->flags |= PK_LIST_HIDDEN;
    2867         375 :             break;
    2868             : 
    2869             :           case oNoEncryptTo:
    2870           0 :             opt.no_encrypt_to = 1;
    2871           0 :             break;
    2872             :           case oEncryptToDefaultKey:
    2873           5 :             opt.encrypt_to_default_key = configfp ? 2 : 1;
    2874           5 :             break;
    2875             : 
    2876             :           case oTrySecretKey:
    2877           0 :             add_to_strlist2 (&opt.secret_keys_to_try,
    2878           0 :                              pargs.r.ret_str, utf8_strings);
    2879           0 :             break;
    2880             : 
    2881           0 :           case oMimemode: opt.mimemode = opt.textmode = 1; break;
    2882           3 :           case oTextmodeShort: opt.textmode = 2; break;
    2883           0 :           case oTextmode: opt.textmode=1;  break;
    2884           0 :           case oNoTextmode: opt.textmode=opt.mimemode=0;  break;
    2885             : 
    2886           0 :           case oExpert: opt.expert = 1; break;
    2887           0 :           case oNoExpert: opt.expert = 0; break;
    2888             :           case oDefSigExpire:
    2889           0 :             if(*pargs.r.ret_str!='\0')
    2890             :               {
    2891           0 :                 if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
    2892           0 :                   log_error(_("'%s' is not a valid signature expiration\n"),
    2893             :                             pargs.r.ret_str);
    2894             :                 else
    2895           0 :                   opt.def_sig_expire=pargs.r.ret_str;
    2896             :               }
    2897           0 :             break;
    2898           0 :           case oAskSigExpire: opt.ask_sig_expire = 1; break;
    2899           0 :           case oNoAskSigExpire: opt.ask_sig_expire = 0; break;
    2900             :           case oDefCertExpire:
    2901           0 :             if(*pargs.r.ret_str!='\0')
    2902             :               {
    2903           0 :                 if(parse_expire_string(pargs.r.ret_str)==(u32)-1)
    2904           0 :                   log_error(_("'%s' is not a valid signature expiration\n"),
    2905             :                             pargs.r.ret_str);
    2906             :                 else
    2907           0 :                   opt.def_cert_expire=pargs.r.ret_str;
    2908             :               }
    2909           0 :             break;
    2910           0 :           case oAskCertExpire: opt.ask_cert_expire = 1; break;
    2911           0 :           case oNoAskCertExpire: opt.ask_cert_expire = 0; break;
    2912           0 :           case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break;
    2913           0 :           case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break;
    2914           0 :           case oAskCertLevel: opt.ask_cert_level = 1; break;
    2915           0 :           case oNoAskCertLevel: opt.ask_cert_level = 0; break;
    2916             :           case oLocalUser: /* store the local users */
    2917          41 :             sl = add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings );
    2918          41 :             sl->flags = (pargs.r_opt << PK_LIST_SHIFT);
    2919          41 :             if (configfp)
    2920           0 :               sl->flags |= PK_LIST_CONFIG;
    2921          41 :             break;
    2922             :           case oSender:
    2923             :             {
    2924           0 :               char *mbox = mailbox_from_userid (pargs.r.ret_str);
    2925           0 :               if (!mbox)
    2926           0 :                 log_error (_("\"%s\" is not a proper mail address\n"),
    2927             :                            pargs.r.ret_str);
    2928             :               else
    2929             :                 {
    2930           0 :                   add_to_strlist (&opt.sender_list, mbox);
    2931           0 :                   xfree (mbox);
    2932             :                 }
    2933             :             }
    2934           0 :             break;
    2935             :           case oCompress:
    2936             :             /* this is the -z command line option */
    2937           0 :             opt.compress_level = opt.bz2_compress_level = pargs.r.ret_int;
    2938           0 :             break;
    2939           0 :           case oCompressLevel: opt.compress_level = pargs.r.ret_int; break;
    2940           0 :           case oBZ2CompressLevel: opt.bz2_compress_level = pargs.r.ret_int; break;
    2941           0 :           case oBZ2DecompressLowmem: opt.bz2_decompress_lowmem=1; break;
    2942             :           case oPassphrase:
    2943           0 :             set_passphrase_from_string(pargs.r.ret_str);
    2944           0 :             break;
    2945             :           case oPassphraseFD:
    2946         509 :             pwfd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
    2947         509 :             break;
    2948             :           case oPassphraseFile:
    2949           9 :             pwfd = open_info_file (pargs.r.ret_str, 0, 1);
    2950           9 :             break;
    2951             :           case oPassphraseRepeat:
    2952           0 :             opt.passphrase_repeat = pargs.r.ret_int;
    2953           0 :             break;
    2954             : 
    2955             :           case oPinentryMode:
    2956           0 :             opt.pinentry_mode = parse_pinentry_mode (pargs.r.ret_str);
    2957           0 :             if (opt.pinentry_mode == -1)
    2958           0 :               log_error (_("invalid pinentry mode '%s'\n"), pargs.r.ret_str);
    2959           0 :             break;
    2960             : 
    2961             :           case oCommandFD:
    2962           0 :             opt.command_fd = translate_sys2libc_fd_int (pargs.r.ret_int, 0);
    2963           0 :             break;
    2964             :           case oCommandFile:
    2965           0 :             opt.command_fd = open_info_file (pargs.r.ret_str, 0, 1);
    2966           0 :             break;
    2967             :           case oCipherAlgo:
    2968         364 :             def_cipher_string = xstrdup(pargs.r.ret_str);
    2969         364 :             break;
    2970             :           case oDigestAlgo:
    2971          16 :             def_digest_string = xstrdup(pargs.r.ret_str);
    2972          16 :             break;
    2973             :           case oCompressAlgo:
    2974             :             /* If it is all digits, stick a Z in front of it for
    2975             :                later.  This is for backwards compatibility with
    2976             :                versions that took the compress algorithm number. */
    2977             :             {
    2978           0 :               char *pt=pargs.r.ret_str;
    2979           0 :               while(*pt)
    2980             :                 {
    2981           0 :                   if (!isascii (*pt) || !isdigit (*pt))
    2982             :                     break;
    2983             : 
    2984           0 :                   pt++;
    2985             :                 }
    2986             : 
    2987           0 :               if(*pt=='\0')
    2988             :                 {
    2989           0 :                   compress_algo_string=xmalloc(strlen(pargs.r.ret_str)+2);
    2990           0 :                   strcpy(compress_algo_string,"Z");
    2991           0 :                   strcat(compress_algo_string,pargs.r.ret_str);
    2992             :                 }
    2993             :               else
    2994           0 :                 compress_algo_string = xstrdup(pargs.r.ret_str);
    2995             :             }
    2996           0 :             break;
    2997             :           case oCertDigestAlgo:
    2998           0 :             cert_digest_string = xstrdup(pargs.r.ret_str);
    2999           0 :             break;
    3000             : 
    3001             :           case oNoSecmemWarn:
    3002        1331 :             gcry_control (GCRYCTL_DISABLE_SECMEM_WARN);
    3003        1331 :             break;
    3004             : 
    3005           0 :           case oRequireSecmem: require_secmem=1; break;
    3006           0 :           case oNoRequireSecmem: require_secmem=0; break;
    3007        2980 :           case oNoPermissionWarn: opt.no_perm_warn=1; break;
    3008           0 :           case oNoMDCWarn: opt.no_mdc_warn=1; break;
    3009             :           case oDisplayCharset:
    3010           0 :             if( set_native_charset( pargs.r.ret_str ) )
    3011           0 :                 log_error(_("'%s' is not a valid character set\n"),
    3012             :                           pargs.r.ret_str);
    3013           0 :             break;
    3014           1 :           case oNotDashEscaped: opt.not_dash_escaped = 1; break;
    3015           0 :           case oEscapeFrom: opt.escape_from = 1; break;
    3016           0 :           case oNoEscapeFrom: opt.escape_from = 0; break;
    3017           0 :           case oLockOnce: opt.lock_once = 1; break;
    3018             :           case oLockNever:
    3019           0 :             dotlock_disable ();
    3020           0 :             break;
    3021             :           case oLockMultiple:
    3022             : #ifndef __riscos__
    3023           0 :             opt.lock_once = 0;
    3024             : #else /* __riscos__ */
    3025             :             riscos_not_implemented("lock-multiple");
    3026             : #endif /* __riscos__ */
    3027           0 :             break;
    3028             :           case oKeyServer:
    3029             :             {
    3030             :               keyserver_spec_t keyserver;
    3031         375 :               keyserver = parse_keyserver_uri (pargs.r.ret_str, 0);
    3032         375 :               if (!keyserver)
    3033           0 :                 log_error (_("could not parse keyserver URL\n"));
    3034             :               else
    3035             :                 {
    3036             :                   /* We only support a single keyserver.  Later ones
    3037             :                      override earlier ones.  (Since we parse the
    3038             :                      config file first and then the command line
    3039             :                      arguments, the command line takes
    3040             :                      precedence.)  */
    3041         375 :                   if (opt.keyserver)
    3042           0 :                     free_keyserver_spec (opt.keyserver);
    3043         375 :                   opt.keyserver = keyserver;
    3044             :                 }
    3045             :             }
    3046         375 :             break;
    3047             :           case oKeyServerOptions:
    3048         375 :             if(!parse_keyserver_options(pargs.r.ret_str))
    3049             :               {
    3050           0 :                 if(configname)
    3051           0 :                   log_error(_("%s:%d: invalid keyserver options\n"),
    3052             :                             configname,configlineno);
    3053             :                 else
    3054           0 :                   log_error(_("invalid keyserver options\n"));
    3055             :               }
    3056         375 :             break;
    3057             :           case oImportOptions:
    3058           0 :             if(!parse_import_options(pargs.r.ret_str,&opt.import_options,1))
    3059             :               {
    3060           0 :                 if(configname)
    3061           0 :                   log_error(_("%s:%d: invalid import options\n"),
    3062             :                             configname,configlineno);
    3063             :                 else
    3064           0 :                   log_error(_("invalid import options\n"));
    3065             :               }
    3066           0 :             break;
    3067             :           case oImportFilter:
    3068           0 :             rc = parse_and_set_import_filter (pargs.r.ret_str);
    3069           0 :             if (rc)
    3070           0 :               log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
    3071           0 :             break;
    3072             :           case oExportOptions:
    3073           0 :             if(!parse_export_options(pargs.r.ret_str,&opt.export_options,1))
    3074             :               {
    3075           0 :                 if(configname)
    3076           0 :                   log_error(_("%s:%d: invalid export options\n"),
    3077             :                             configname,configlineno);
    3078             :                 else
    3079           0 :                   log_error(_("invalid export options\n"));
    3080             :               }
    3081           0 :             break;
    3082             :           case oExportFilter:
    3083           0 :             rc = parse_and_set_export_filter (pargs.r.ret_str);
    3084           0 :             if (rc)
    3085           0 :               log_error (_("invalid filter option: %s\n"), gpg_strerror (rc));
    3086           0 :             break;
    3087             :           case oListOptions:
    3088           0 :             if(!parse_list_options(pargs.r.ret_str))
    3089             :               {
    3090           0 :                 if(configname)
    3091           0 :                   log_error(_("%s:%d: invalid list options\n"),
    3092             :                             configname,configlineno);
    3093             :                 else
    3094           0 :                   log_error(_("invalid list options\n"));
    3095             :               }
    3096           0 :             break;
    3097             :           case oVerifyOptions:
    3098             :             {
    3099           0 :               struct parse_options vopts[]=
    3100             :                 {
    3101             :                   {"show-photos",VERIFY_SHOW_PHOTOS,NULL,
    3102             :                    N_("display photo IDs during signature verification")},
    3103             :                   {"show-policy-urls",VERIFY_SHOW_POLICY_URLS,NULL,
    3104             :                    N_("show policy URLs during signature verification")},
    3105             :                   {"show-notations",VERIFY_SHOW_NOTATIONS,NULL,
    3106             :                    N_("show all notations during signature verification")},
    3107             :                   {"show-std-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
    3108             :                    N_("show IETF standard notations during signature verification")},
    3109             :                   {"show-standard-notations",VERIFY_SHOW_STD_NOTATIONS,NULL,
    3110             :                    NULL},
    3111             :                   {"show-user-notations",VERIFY_SHOW_USER_NOTATIONS,NULL,
    3112             :                    N_("show user-supplied notations during signature verification")},
    3113             :                   {"show-keyserver-urls",VERIFY_SHOW_KEYSERVER_URLS,NULL,
    3114             :                    N_("show preferred keyserver URLs during signature verification")},
    3115             :                   {"show-uid-validity",VERIFY_SHOW_UID_VALIDITY,NULL,
    3116             :                    N_("show user ID validity during signature verification")},
    3117             :                   {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
    3118             :                    N_("show revoked and expired user IDs in signature verification")},
    3119             :                   {"show-primary-uid-only",VERIFY_SHOW_PRIMARY_UID_ONLY,NULL,
    3120             :                    N_("show only the primary user ID in signature verification")},
    3121             :                   {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
    3122             :                    N_("validate signatures with PKA data")},
    3123             :                   {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
    3124             :                    N_("elevate the trust of signatures with valid PKA data")},
    3125             :                   {NULL,0,NULL,NULL}
    3126             :                 };
    3127             : 
    3128           0 :               if(!parse_options(pargs.r.ret_str,&opt.verify_options,vopts,1))
    3129             :                 {
    3130           0 :                   if(configname)
    3131           0 :                     log_error(_("%s:%d: invalid verify options\n"),
    3132             :                               configname,configlineno);
    3133             :                   else
    3134           0 :                     log_error(_("invalid verify options\n"));
    3135             :                 }
    3136             :             }
    3137           0 :             break;
    3138           0 :           case oTempDir: opt.temp_dir=pargs.r.ret_str; break;
    3139             :           case oExecPath:
    3140           0 :             if(set_exec_path(pargs.r.ret_str))
    3141           0 :               log_error(_("unable to set exec-path to %s\n"),pargs.r.ret_str);
    3142             :             else
    3143           0 :               opt.exec_path_set=1;
    3144           0 :             break;
    3145             :           case oSetNotation:
    3146           0 :             add_notation_data( pargs.r.ret_str, 0 );
    3147           0 :             add_notation_data( pargs.r.ret_str, 1 );
    3148           0 :             break;
    3149           0 :           case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
    3150           0 :           case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
    3151             :           case oShowNotation:
    3152           0 :             deprecated_warning(configname,configlineno,"--show-notation",
    3153             :                                "--list-options ","show-notations");
    3154           0 :             deprecated_warning(configname,configlineno,"--show-notation",
    3155             :                                "--verify-options ","show-notations");
    3156           0 :             opt.list_options|=LIST_SHOW_NOTATIONS;
    3157           0 :             opt.verify_options|=VERIFY_SHOW_NOTATIONS;
    3158           0 :             break;
    3159             :           case oNoShowNotation:
    3160           0 :             deprecated_warning(configname,configlineno,"--no-show-notation",
    3161             :                                "--list-options ","no-show-notations");
    3162           0 :             deprecated_warning(configname,configlineno,"--no-show-notation",
    3163             :                                "--verify-options ","no-show-notations");
    3164           0 :             opt.list_options&=~LIST_SHOW_NOTATIONS;
    3165           0 :             opt.verify_options&=~VERIFY_SHOW_NOTATIONS;
    3166           0 :             break;
    3167         375 :           case oUtf8Strings: utf8_strings = 1; break;
    3168           0 :           case oNoUtf8Strings: utf8_strings = 0; break;
    3169             :           case oDisableCipherAlgo:
    3170             :             {
    3171           0 :               int algo = string_to_cipher_algo (pargs.r.ret_str);
    3172           0 :               gcry_cipher_ctl (NULL, GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
    3173             :             }
    3174           0 :             break;
    3175             :           case oDisablePubkeyAlgo:
    3176             :             {
    3177           0 :               int algo = gcry_pk_map_name (pargs.r.ret_str);
    3178           0 :               gcry_pk_ctl (GCRYCTL_DISABLE_ALGO, &algo, sizeof algo);
    3179             :             }
    3180           0 :             break;
    3181           0 :           case oNoSigCache: opt.no_sig_cache = 1; break;
    3182           4 :           case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
    3183           0 :           case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
    3184           0 :           case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
    3185           0 :           case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
    3186           0 :           case oNoLiteral: opt.no_literal = 1; break;
    3187           0 :           case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
    3188           0 :           case oFastListMode: opt.fast_list_mode = 1; break;
    3189           0 :           case oFixedListMode: /* Dummy */ break;
    3190           0 :           case oLegacyListMode: opt.legacy_list_mode = 1; break;
    3191           0 :           case oPrintPKARecords: print_pka_records = 1; break;
    3192           0 :           case oPrintDANERecords: print_dane_records = 1; break;
    3193           0 :           case oListOnly: opt.list_only=1; break;
    3194           0 :           case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break;
    3195           0 :           case oIgnoreValidFrom: opt.ignore_valid_from = 1; break;
    3196           0 :           case oIgnoreCrcError: opt.ignore_crc_error = 1; break;
    3197           0 :           case oIgnoreMDCError: opt.ignore_mdc_error = 1; break;
    3198           0 :           case oNoRandomSeedFile: use_random_seed = 0; break;
    3199             :           case oAutoKeyRetrieve:
    3200             :           case oNoAutoKeyRetrieve:
    3201           0 :                 if(pargs.r_opt==oAutoKeyRetrieve)
    3202           0 :                   opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE;
    3203             :                 else
    3204           0 :                   opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE;
    3205           0 :                 break;
    3206           0 :           case oShowSessionKey: opt.show_session_key = 1; break;
    3207             :           case oOverrideSessionKey:
    3208           0 :                 opt.override_session_key = pargs.r.ret_str;
    3209           0 :                 break;
    3210             :           case oMergeOnly:
    3211           0 :                 deprecated_warning(configname,configlineno,"--merge-only",
    3212             :                                    "--import-options ","merge-only");
    3213           0 :                 opt.import_options|=IMPORT_MERGE_ONLY;
    3214           0 :             break;
    3215           0 :           case oAllowSecretKeyImport: /* obsolete */ break;
    3216           0 :           case oTryAllSecrets: opt.try_all_secrets = 1; break;
    3217           0 :           case oTrustedKey: register_trusted_key( pargs.r.ret_str ); break;
    3218             :           case oEnableSpecialFilenames:
    3219           0 :             iobuf_enable_special_filenames (1);
    3220           0 :             break;
    3221           0 :           case oNoExpensiveTrustChecks: opt.no_expensive_trust_checks=1; break;
    3222           0 :           case oAutoCheckTrustDB: opt.no_auto_check_trustdb=0; break;
    3223        1310 :           case oNoAutoCheckTrustDB: opt.no_auto_check_trustdb=1; break;
    3224           0 :           case oPreservePermissions: opt.preserve_permissions=1; break;
    3225             :           case oDefaultPreferenceList:
    3226           0 :             opt.def_preference_list = pargs.r.ret_str;
    3227           0 :             break;
    3228             :           case oDefaultKeyserverURL:
    3229             :             {
    3230             :               keyserver_spec_t keyserver;
    3231           0 :               keyserver = parse_keyserver_uri (pargs.r.ret_str,1 );
    3232           0 :               if (!keyserver)
    3233           0 :                 log_error (_("could not parse keyserver URL\n"));
    3234             :               else
    3235           0 :                 free_keyserver_spec (keyserver);
    3236             : 
    3237           0 :               opt.def_keyserver_url = pargs.r.ret_str;
    3238             :             }
    3239           0 :             break;
    3240             :           case oPersonalCipherPreferences:
    3241           0 :             pers_cipher_list=pargs.r.ret_str;
    3242           0 :             break;
    3243             :           case oPersonalDigestPreferences:
    3244           0 :             pers_digest_list=pargs.r.ret_str;
    3245           0 :             break;
    3246             :           case oPersonalCompressPreferences:
    3247           0 :             pers_compress_list=pargs.r.ret_str;
    3248           0 :             break;
    3249        1331 :           case oAgentProgram: opt.agent_program = pargs.r.ret_str;  break;
    3250           0 :           case oDirmngrProgram: opt.dirmngr_program = pargs.r.ret_str; break;
    3251             :           case oWeakDigest:
    3252           0 :             additional_weak_digest(pargs.r.ret_str);
    3253           0 :             break;
    3254             :           case oUnwrap:
    3255           0 :             opt.unwrap_encryption = 1;
    3256           0 :             break;
    3257             :           case oOnlySignTextIDs:
    3258           0 :             opt.only_sign_text_ids = 1;
    3259           0 :             break;
    3260             : 
    3261             :           case oDisplay:
    3262           0 :             set_opt_session_env ("DISPLAY", pargs.r.ret_str);
    3263           0 :             break;
    3264             :           case oTTYname:
    3265           0 :             set_opt_session_env ("GPG_TTY", pargs.r.ret_str);
    3266           0 :             break;
    3267             :           case oTTYtype:
    3268           0 :             set_opt_session_env ("TERM", pargs.r.ret_str);
    3269           0 :             break;
    3270             :           case oXauthority:
    3271           0 :             set_opt_session_env ("XAUTHORITY", pargs.r.ret_str);
    3272           0 :             break;
    3273             : 
    3274           0 :           case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
    3275           0 :           case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
    3276             : 
    3277        1125 :           case oGroup: add_group(pargs.r.ret_str); break;
    3278           0 :           case oUnGroup: rm_group(pargs.r.ret_str); break;
    3279             :           case oNoGroups:
    3280           0 :             while(opt.grouplist)
    3281             :               {
    3282           0 :                 struct groupitem *iter=opt.grouplist;
    3283           0 :                 free_strlist(iter->values);
    3284           0 :                 opt.grouplist=opt.grouplist->next;
    3285           0 :                 xfree(iter);
    3286             :               }
    3287           0 :             break;
    3288             : 
    3289             :           case oStrict:
    3290             :           case oNoStrict:
    3291             :             /* Not used */
    3292           0 :             break;
    3293             : 
    3294           0 :           case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
    3295           0 :           case oNoMangleDosFilenames: opt.mangle_dos_filenames = 0; break;
    3296           0 :           case oEnableProgressFilter: opt.enable_progress_filter = 1; break;
    3297           0 :           case oMultifile: multifile=1; break;
    3298             :           case oKeyidFormat:
    3299           0 :             if(ascii_strcasecmp(pargs.r.ret_str,"short")==0)
    3300           0 :               opt.keyid_format=KF_SHORT;
    3301           0 :             else if(ascii_strcasecmp(pargs.r.ret_str,"long")==0)
    3302           0 :               opt.keyid_format=KF_LONG;
    3303           0 :             else if(ascii_strcasecmp(pargs.r.ret_str,"0xshort")==0)
    3304           0 :               opt.keyid_format=KF_0xSHORT;
    3305           0 :             else if(ascii_strcasecmp(pargs.r.ret_str,"0xlong")==0)
    3306           0 :               opt.keyid_format=KF_0xLONG;
    3307           0 :             else if(ascii_strcasecmp(pargs.r.ret_str,"none")==0)
    3308           0 :               opt.keyid_format = KF_NONE;
    3309             :             else
    3310           0 :               log_error("unknown keyid-format '%s'\n",pargs.r.ret_str);
    3311           0 :             break;
    3312             : 
    3313             :           case oExitOnStatusWriteError:
    3314           0 :             opt.exit_on_status_write_error = 1;
    3315           0 :             break;
    3316             : 
    3317             :           case oLimitCardInsertTries:
    3318           0 :             opt.limit_card_insert_tries = pargs.r.ret_int;
    3319           0 :             break;
    3320             : 
    3321           0 :           case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
    3322           0 :           case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
    3323             : 
    3324             :           case oAutoKeyLocate:
    3325           0 :             if(!parse_auto_key_locate(pargs.r.ret_str))
    3326             :               {
    3327           0 :                 if(configname)
    3328           0 :                   log_error(_("%s:%d: invalid auto-key-locate list\n"),
    3329             :                             configname,configlineno);
    3330             :                 else
    3331           0 :                   log_error(_("invalid auto-key-locate list\n"));
    3332             :               }
    3333           0 :             break;
    3334             :           case oNoAutoKeyLocate:
    3335           0 :             release_akl();
    3336           0 :             break;
    3337             : 
    3338             :           case oEnableLargeRSA:
    3339             : #if SECMEM_BUFFER_SIZE >= 65536
    3340             :             opt.flags.large_rsa=1;
    3341             : #else
    3342           0 :             if (configname)
    3343           0 :               log_info("%s:%d: WARNING: gpg not built with large secure "
    3344             :                          "memory buffer.  Ignoring enable-large-rsa\n",
    3345             :                         configname,configlineno);
    3346             :             else
    3347           0 :               log_info("WARNING: gpg not built with large secure "
    3348             :                          "memory buffer.  Ignoring --enable-large-rsa\n");
    3349             : #endif /* SECMEM_BUFFER_SIZE >= 65536 */
    3350           0 :             break;
    3351           0 :           case oDisableLargeRSA: opt.flags.large_rsa=0;
    3352           0 :             break;
    3353             : 
    3354           0 :           case oEnableDSA2: opt.flags.dsa2=1; break;
    3355           0 :           case oDisableDSA2: opt.flags.dsa2=0; break;
    3356             : 
    3357             :           case oAllowMultisigVerification:
    3358             :           case oAllowMultipleMessages:
    3359           2 :             opt.flags.allow_multiple_messages=1;
    3360           2 :             break;
    3361             : 
    3362             :           case oNoAllowMultipleMessages:
    3363           0 :             opt.flags.allow_multiple_messages=0;
    3364           0 :             break;
    3365             : 
    3366             :           case oAllowWeakDigestAlgos:
    3367        1310 :             opt.flags.allow_weak_digest_algos = 1;
    3368        1310 :             break;
    3369             : 
    3370             :           case oFakedSystemTime:
    3371             :             {
    3372          53 :               time_t faked_time = isotime2epoch (pargs.r.ret_str);
    3373          53 :               if (faked_time == (time_t)(-1))
    3374          53 :                 faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
    3375          53 :               gnupg_set_time (faked_time, 0);
    3376             :             }
    3377          53 :             break;
    3378             : 
    3379           0 :           case oNoAutostart: opt.autostart = 0; break;
    3380             : 
    3381           0 :           case oNoop: break;
    3382             : 
    3383             :           default:
    3384           0 :             pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR;
    3385           0 :             break;
    3386             :           }
    3387             :       }
    3388             : 
    3389        3387 :     if (configfp)
    3390             :       {
    3391        1685 :         fclose( configfp );
    3392        1685 :         configfp = NULL;
    3393             :         /* Remember the first config file name. */
    3394        1685 :         if (!save_configname)
    3395        1685 :           save_configname = configname;
    3396             :         else
    3397           0 :           xfree(configname);
    3398        1685 :         configname = NULL;
    3399        1685 :         goto next_pass;
    3400             :       }
    3401        1702 :     xfree(configname); configname = NULL;
    3402        1702 :     if (log_get_errorcount (0))
    3403           0 :       g10_exit(2);
    3404             : 
    3405             :     /* The command --gpgconf-list is pretty simple and may be called
    3406             :        directly after the option parsing. */
    3407        1702 :     if (cmd == aGPGConfList)
    3408             :       {
    3409           0 :         gpgconf_list (save_configname ? save_configname : default_configname);
    3410           0 :         g10_exit (0);
    3411             :       }
    3412        1702 :     xfree (save_configname);
    3413        1702 :     xfree (default_configname);
    3414             : 
    3415        1702 :     if (print_dane_records)
    3416           0 :       log_error ("invalid option \"%s\"; use \"%s\" instead\n",
    3417             :                  "--print-dane-records",
    3418             :                  "--export-options export-dane");
    3419        1702 :     if (print_pka_records)
    3420           0 :       log_error ("invalid option \"%s\"; use \"%s\" instead\n",
    3421             :                  "--print-pks-records",
    3422             :                  "--export-options export-pka");
    3423        1702 :     if (log_get_errorcount (0))
    3424           0 :       g10_exit(2);
    3425             : 
    3426             : 
    3427        1702 :     if( nogreeting )
    3428        1330 :         greeting = 0;
    3429             : 
    3430        1702 :     if( greeting )
    3431             :       {
    3432           0 :         es_fprintf (es_stderr, "%s %s; %s\n",
    3433             :                     strusage(11), strusage(13), strusage(14) );
    3434           0 :         es_fprintf (es_stderr, "%s\n", strusage(15) );
    3435             :       }
    3436             : #ifdef IS_DEVELOPMENT_VERSION
    3437             :     if (!opt.batch)
    3438             :       {
    3439             :         const char *s;
    3440             : 
    3441             :         if((s=strusage(25)))
    3442             :           log_info("%s\n",s);
    3443             :         if((s=strusage(26)))
    3444             :           log_info("%s\n",s);
    3445             :         if((s=strusage(27)))
    3446             :           log_info("%s\n",s);
    3447             :       }
    3448             : #endif
    3449             : 
    3450             :     /* FIXME: We should use logging to a file only in server mode;
    3451             :        however we have not yet implemetyed that.  Thus we try to get
    3452             :        away with --batch as indication for logging to file
    3453             :        required. */
    3454        1702 :     if (logfile && opt.batch)
    3455             :       {
    3456           0 :         log_set_file (logfile);
    3457           0 :         log_set_prefix (NULL, GPGRT_LOG_WITH_PREFIX | GPGRT_LOG_WITH_TIME | GPGRT_LOG_WITH_PID);
    3458             :       }
    3459             : 
    3460        1702 :     if (opt.verbose > 2)
    3461           0 :         log_info ("using character set '%s'\n", get_native_charset ());
    3462             : 
    3463        1702 :     if( may_coredump && !opt.quiet )
    3464           0 :         log_info(_("WARNING: program may create a core file!\n"));
    3465             : 
    3466        1702 :     if (opt.flags.rfc4880bis)
    3467           0 :         log_info ("WARNING: using experimental features from RFC4880bis!\n");
    3468             :     else
    3469             :       {
    3470        1702 :         opt.mimemode = 0; /* This will use text mode instead.  */
    3471             :       }
    3472             : 
    3473        1702 :     if (eyes_only) {
    3474           0 :       if (opt.set_filename)
    3475           0 :           log_info(_("WARNING: %s overrides %s\n"),
    3476             :                    "--for-your-eyes-only","--set-filename");
    3477             : 
    3478           0 :       opt.set_filename="_CONSOLE";
    3479             :     }
    3480             : 
    3481        1702 :     if (opt.no_literal) {
    3482           0 :         log_info(_("Note: %s is not for normal use!\n"), "--no-literal");
    3483           0 :         if (opt.textmode)
    3484           0 :             log_error(_("%s not allowed with %s!\n"),
    3485             :                        "--textmode", "--no-literal" );
    3486           0 :         if (opt.set_filename)
    3487           0 :             log_error(_("%s makes no sense with %s!\n"),
    3488             :                         eyes_only?"--for-your-eyes-only":"--set-filename",
    3489             :                         "--no-literal" );
    3490             :     }
    3491             : 
    3492             : 
    3493        1702 :     if (opt.set_filesize)
    3494           0 :         log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
    3495        1702 :     if( opt.batch )
    3496        1329 :         tty_batchmode( 1 );
    3497             : 
    3498        1702 :     if (gnupg_faked_time_p ())
    3499             :       {
    3500             :         gnupg_isotime_t tbuf;
    3501             : 
    3502          53 :         log_info (_("WARNING: running with faked system time: "));
    3503          53 :         gnupg_get_isotime (tbuf);
    3504          53 :         dump_isotime (tbuf);
    3505          53 :         log_printf ("\n");
    3506             :       }
    3507             : 
    3508             :     /* Print a warning if an argument looks like an option.  */
    3509        1702 :     if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN))
    3510             :       {
    3511             :         int i;
    3512             : 
    3513        3352 :         for (i=0; i < argc; i++)
    3514        1653 :           if (argv[i][0] == '-' && argv[i][1] == '-')
    3515           0 :             log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
    3516             :       }
    3517             : 
    3518             : 
    3519        1702 :     gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
    3520             : 
    3521        1702 :     if(require_secmem && !got_secmem)
    3522             :       {
    3523           0 :         log_info(_("will not run with insecure memory due to %s\n"),
    3524             :                  "--require-secmem");
    3525           0 :         g10_exit(2);
    3526             :       }
    3527             : 
    3528        1702 :     set_debug (debug_level);
    3529        1702 :     if (DBG_CLOCK)
    3530           0 :       log_clock ("start");
    3531             : 
    3532             :     /* Do these after the switch(), so they can override settings. */
    3533        1702 :     if(PGP6)
    3534             :       {
    3535             :         /* That does not anymore work because we have no more support
    3536             :            for v3 signatures.  */
    3537           0 :         opt.disable_mdc=1;
    3538           0 :         opt.escape_from=1;
    3539           0 :         opt.ask_sig_expire=0;
    3540             :       }
    3541        1702 :     else if(PGP7)
    3542             :       {
    3543             :         /* That does not anymore work because we have no more support
    3544             :            for v3 signatures.  */
    3545           0 :         opt.escape_from=1;
    3546           0 :         opt.ask_sig_expire=0;
    3547             :       }
    3548        1702 :     else if(PGP8)
    3549             :       {
    3550           0 :         opt.escape_from=1;
    3551             :       }
    3552             : 
    3553             : 
    3554        1702 :     if( def_cipher_string ) {
    3555         364 :         opt.def_cipher_algo = string_to_cipher_algo (def_cipher_string);
    3556         364 :         xfree(def_cipher_string); def_cipher_string = NULL;
    3557         364 :         if ( openpgp_cipher_test_algo (opt.def_cipher_algo) )
    3558           0 :             log_error(_("selected cipher algorithm is invalid\n"));
    3559             :     }
    3560        1702 :     if( def_digest_string ) {
    3561          16 :         opt.def_digest_algo = string_to_digest_algo (def_digest_string);
    3562          16 :         xfree(def_digest_string); def_digest_string = NULL;
    3563          16 :         if ( openpgp_md_test_algo (opt.def_digest_algo) )
    3564           0 :             log_error(_("selected digest algorithm is invalid\n"));
    3565             :     }
    3566        1702 :     if( compress_algo_string ) {
    3567           0 :         opt.compress_algo = string_to_compress_algo(compress_algo_string);
    3568           0 :         xfree(compress_algo_string); compress_algo_string = NULL;
    3569           0 :         if( check_compress_algo(opt.compress_algo) )
    3570           0 :           log_error(_("selected compression algorithm is invalid\n"));
    3571             :     }
    3572        1702 :     if( cert_digest_string ) {
    3573           0 :         opt.cert_digest_algo = string_to_digest_algo (cert_digest_string);
    3574           0 :         xfree(cert_digest_string); cert_digest_string = NULL;
    3575           0 :         if (openpgp_md_test_algo(opt.cert_digest_algo))
    3576           0 :           log_error(_("selected certification digest algorithm is invalid\n"));
    3577             :     }
    3578        1702 :     if( s2k_cipher_string ) {
    3579           0 :         opt.s2k_cipher_algo = string_to_cipher_algo (s2k_cipher_string);
    3580           0 :         xfree(s2k_cipher_string); s2k_cipher_string = NULL;
    3581           0 :         if (openpgp_cipher_test_algo (opt.s2k_cipher_algo))
    3582           0 :           log_error(_("selected cipher algorithm is invalid\n"));
    3583             :     }
    3584        1702 :     if( s2k_digest_string ) {
    3585           0 :         opt.s2k_digest_algo = string_to_digest_algo (s2k_digest_string);
    3586           0 :         xfree(s2k_digest_string); s2k_digest_string = NULL;
    3587           0 :         if (openpgp_md_test_algo(opt.s2k_digest_algo))
    3588           0 :           log_error(_("selected digest algorithm is invalid\n"));
    3589             :     }
    3590        1702 :     if( opt.completes_needed < 1 )
    3591           0 :       log_error(_("completes-needed must be greater than 0\n"));
    3592        1702 :     if( opt.marginals_needed < 2 )
    3593           0 :       log_error(_("marginals-needed must be greater than 1\n"));
    3594        1702 :     if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
    3595           0 :       log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
    3596        1702 :     if(opt.def_cert_level<0 || opt.def_cert_level>3)
    3597           0 :       log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n"));
    3598        1702 :     if( opt.min_cert_level < 1 || opt.min_cert_level > 3 )
    3599           0 :       log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
    3600        1702 :     switch( opt.s2k_mode ) {
    3601             :       case 0:
    3602           0 :         log_info(_("Note: simple S2K mode (0) is strongly discouraged\n"));
    3603           0 :         break;
    3604        1702 :       case 1: case 3: break;
    3605             :       default:
    3606           0 :         log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
    3607             :     }
    3608             : 
    3609             :     /* This isn't actually needed, but does serve to error out if the
    3610             :        string is invalid. */
    3611        1702 :     if(opt.def_preference_list &&
    3612           0 :         keygen_set_std_prefs(opt.def_preference_list,0))
    3613           0 :       log_error(_("invalid default preferences\n"));
    3614             : 
    3615        1702 :     if(pers_cipher_list &&
    3616           0 :        keygen_set_std_prefs(pers_cipher_list,PREFTYPE_SYM))
    3617           0 :       log_error(_("invalid personal cipher preferences\n"));
    3618             : 
    3619        1702 :     if(pers_digest_list &&
    3620           0 :        keygen_set_std_prefs(pers_digest_list,PREFTYPE_HASH))
    3621           0 :       log_error(_("invalid personal digest preferences\n"));
    3622             : 
    3623        1702 :     if(pers_compress_list &&
    3624           0 :        keygen_set_std_prefs(pers_compress_list,PREFTYPE_ZIP))
    3625           0 :       log_error(_("invalid personal compress preferences\n"));
    3626             : 
    3627             :     /* We don't support all possible commands with multifile yet */
    3628        1702 :     if(multifile)
    3629             :       {
    3630             :         char *cmdname;
    3631             : 
    3632           0 :         switch(cmd)
    3633             :           {
    3634             :           case aSign:
    3635           0 :             cmdname="--sign";
    3636           0 :             break;
    3637             :           case aSignEncr:
    3638           0 :             cmdname="--sign --encrypt";
    3639           0 :             break;
    3640             :           case aClearsign:
    3641           0 :             cmdname="--clearsign";
    3642           0 :             break;
    3643             :           case aDetachedSign:
    3644           0 :             cmdname="--detach-sign";
    3645           0 :             break;
    3646             :           case aSym:
    3647           0 :             cmdname="--symmetric";
    3648           0 :             break;
    3649             :           case aEncrSym:
    3650           0 :             cmdname="--symmetric --encrypt";
    3651           0 :             break;
    3652             :           case aStore:
    3653           0 :             cmdname="--store";
    3654           0 :             break;
    3655             :           default:
    3656           0 :             cmdname=NULL;
    3657           0 :             break;
    3658             :           }
    3659             : 
    3660           0 :         if(cmdname)
    3661           0 :           log_error(_("%s does not yet work with %s\n"),cmdname,"--multifile");
    3662             :       }
    3663             : 
    3664        1702 :     if( log_get_errorcount(0) )
    3665           0 :         g10_exit(2);
    3666             : 
    3667        1702 :     if(opt.compress_level==0)
    3668           0 :       opt.compress_algo=COMPRESS_ALGO_NONE;
    3669             : 
    3670             :     /* Check our chosen algorithms against the list of legal
    3671             :        algorithms. */
    3672             : 
    3673        1702 :     if(!GNUPG)
    3674             :       {
    3675           0 :         const char *badalg=NULL;
    3676           0 :         preftype_t badtype=PREFTYPE_NONE;
    3677             : 
    3678           0 :         if(opt.def_cipher_algo
    3679           0 :            && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
    3680             :           {
    3681           0 :             badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
    3682           0 :             badtype = PREFTYPE_SYM;
    3683             :           }
    3684           0 :         else if(opt.def_digest_algo
    3685           0 :                 && !algo_available(PREFTYPE_HASH,opt.def_digest_algo,NULL))
    3686             :           {
    3687           0 :             badalg = gcry_md_algo_name (opt.def_digest_algo);
    3688           0 :             badtype = PREFTYPE_HASH;
    3689             :           }
    3690           0 :         else if(opt.cert_digest_algo
    3691           0 :                 && !algo_available(PREFTYPE_HASH,opt.cert_digest_algo,NULL))
    3692             :           {
    3693           0 :             badalg = gcry_md_algo_name (opt.cert_digest_algo);
    3694           0 :             badtype = PREFTYPE_HASH;
    3695             :           }
    3696           0 :         else if(opt.compress_algo!=-1
    3697           0 :                 && !algo_available(PREFTYPE_ZIP,opt.compress_algo,NULL))
    3698             :           {
    3699           0 :             badalg = compress_algo_to_string(opt.compress_algo);
    3700           0 :             badtype = PREFTYPE_ZIP;
    3701             :           }
    3702             : 
    3703           0 :         if(badalg)
    3704             :           {
    3705           0 :             switch(badtype)
    3706             :               {
    3707             :               case PREFTYPE_SYM:
    3708           0 :                 log_info(_("you may not use cipher algorithm '%s'"
    3709             :                            " while in %s mode\n"),
    3710             :                          badalg,compliance_option_string());
    3711           0 :                 break;
    3712             :               case PREFTYPE_HASH:
    3713           0 :                 log_info(_("you may not use digest algorithm '%s'"
    3714             :                            " while in %s mode\n"),
    3715             :                          badalg,compliance_option_string());
    3716           0 :                 break;
    3717             :               case PREFTYPE_ZIP:
    3718           0 :                 log_info(_("you may not use compression algorithm '%s'"
    3719             :                            " while in %s mode\n"),
    3720             :                          badalg,compliance_option_string());
    3721           0 :                 break;
    3722             :               default:
    3723           0 :                 BUG();
    3724             :               }
    3725             : 
    3726           0 :             compliance_failure();
    3727             :           }
    3728             :       }
    3729             : 
    3730             :     /* Set the random seed file. */
    3731        1702 :     if( use_random_seed ) {
    3732        1702 :       char *p = make_filename (gnupg_homedir (), "random_seed", NULL );
    3733        1702 :         gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p);
    3734        1702 :         if (!access (p, F_OK))
    3735        1682 :           register_secured_file (p);
    3736        1702 :         xfree(p);
    3737             :     }
    3738             : 
    3739             :     /* If there is no command but the --fingerprint is given, default
    3740             :        to the --list-keys command.  */
    3741        1702 :     if (!cmd && fpr_maybe_cmd)
    3742             :       {
    3743           0 :         set_cmd (&cmd, aListKeys);
    3744             :       }
    3745             : 
    3746             : 
    3747        1702 :     if( opt.verbose > 1 )
    3748           0 :         set_packet_list_mode(1);
    3749             : 
    3750             :     /* Add the keyrings, but not for some special commands.  We always
    3751             :      * need to add the keyrings if we are running under SELinux, this
    3752             :      * is so that the rings are added to the list of secured files.
    3753             :      * We do not add any keyring if --no-keyring has been used.  */
    3754        1702 :     if (default_keyring >= 0
    3755        1326 :         && (ALWAYS_ADD_KEYRINGS
    3756        2616 :             || (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest)))
    3757             :       {
    3758        1290 :         if (!nrings || default_keyring > 0)  /* Add default ring. */
    3759        1290 :             keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
    3760             :                                 KEYDB_RESOURCE_FLAG_DEFAULT);
    3761        1290 :         for (sl = nrings; sl; sl = sl->next )
    3762           0 :           keydb_add_resource (sl->d, sl->flags);
    3763             :       }
    3764        1702 :     FREE_STRLIST(nrings);
    3765             : 
    3766        1702 :     if (opt.pinentry_mode == PINENTRY_MODE_LOOPBACK)
    3767             :       /* In loopback mode, never ask for the password multiple
    3768             :          times.  */
    3769             :       {
    3770           0 :         opt.passphrase_repeat = 0;
    3771             :       }
    3772             : 
    3773        1702 :     if (cmd == aGPGConfTest)
    3774           0 :       g10_exit(0);
    3775             : 
    3776             : 
    3777        1702 :     if( pwfd != -1 )  /* Read the passphrase now. */
    3778         518 :         read_passphrase_from_fd( pwfd );
    3779             : 
    3780        1702 :     fname = argc? *argv : NULL;
    3781             : 
    3782        1702 :     if(fname && utf8_strings)
    3783         372 :       opt.flags.utf8_filename=1;
    3784             : 
    3785        1702 :     ctrl = xcalloc (1, sizeof *ctrl);
    3786        1702 :     gpg_init_default_ctrl (ctrl);
    3787             : 
    3788             : #ifndef NO_TRUST_MODELS
    3789        1702 :     switch (cmd)
    3790             :       {
    3791             :       case aPrimegen:
    3792             :       case aPrintMD:
    3793             :       case aPrintMDs:
    3794             :       case aGenRandom:
    3795             :       case aDeArmor:
    3796             :       case aEnArmor:
    3797             :       case aListConfig:
    3798             :       case aListGcryptConfig:
    3799         412 :         break;
    3800             :       case aFixTrustDB:
    3801             :       case aExportOwnerTrust:
    3802           0 :         rc = setup_trustdb (0, trustdb_name);
    3803           0 :         break;
    3804             :       case aListTrustDB:
    3805           0 :         rc = setup_trustdb (argc? 1:0, trustdb_name);
    3806           0 :         break;
    3807             :       default:
    3808             :         /* If we are using TM_ALWAYS, we do not need to create the
    3809             :            trustdb.  */
    3810        1290 :         rc = setup_trustdb (opt.trust_model != TM_ALWAYS, trustdb_name);
    3811        1290 :         break;
    3812             :       }
    3813        1702 :     if (rc)
    3814           0 :       log_error (_("failed to initialize the TrustDB: %s\n"),
    3815             :                  gpg_strerror (rc));
    3816             : #endif /*!NO_TRUST_MODELS*/
    3817             : 
    3818        1702 :     switch (cmd)
    3819             :       {
    3820             :       case aStore:
    3821             :       case aSym:
    3822             :       case aSign:
    3823             :       case aSignSym:
    3824             :       case aClearsign:
    3825         316 :         if (!opt.quiet && any_explicit_recipient)
    3826          22 :           log_info (_("WARNING: recipients (-r) given "
    3827             :                       "without using public key encryption\n"));
    3828         316 :         break;
    3829             :       default:
    3830        1386 :         break;
    3831             :       }
    3832             : 
    3833             : 
    3834             :     /* Check for certain command whether we need to migrate a
    3835             :        secring.gpg to the gpg-agent. */
    3836        1702 :     switch (cmd)
    3837             :       {
    3838             :       case aListSecretKeys:
    3839             :       case aSign:
    3840             :       case aSignEncr:
    3841             :       case aSignEncrSym:
    3842             :       case aSignSym:
    3843             :       case aClearsign:
    3844             :       case aDecrypt:
    3845             :       case aSignKey:
    3846             :       case aLSignKey:
    3847             :       case aEditKey:
    3848             :       case aPasswd:
    3849             :       case aDeleteSecretKeys:
    3850             :       case aDeleteSecretAndPublicKeys:
    3851             :       case aQuickKeygen:
    3852             :       case aQuickAddUid:
    3853             :       case aQuickAddKey:
    3854             :       case aQuickRevUid:
    3855             :       case aFullKeygen:
    3856             :       case aKeygen:
    3857             :       case aImport:
    3858             :       case aExportSecret:
    3859             :       case aExportSecretSub:
    3860             :       case aGenRevoke:
    3861             :       case aDesigRevoke:
    3862             :       case aCardEdit:
    3863             :       case aChangePIN:
    3864         186 :         migrate_secring (ctrl);
    3865         186 :         break;
    3866             :       case aListKeys:
    3867          47 :         if (opt.with_secret)
    3868           0 :           migrate_secring (ctrl);
    3869          47 :         break;
    3870             :       default:
    3871        1469 :         break;
    3872             :       }
    3873             : 
    3874             :     /* The command dispatcher.  */
    3875        1702 :     switch( cmd )
    3876             :       {
    3877             :       case aServer:
    3878           0 :         gpg_server (ctrl);
    3879           0 :         break;
    3880             : 
    3881             :       case aStore: /* only store the file */
    3882           0 :         if( argc > 1 )
    3883           0 :             wrong_args(_("--store [filename]"));
    3884           0 :         if( (rc = encrypt_store(fname)) )
    3885             :           {
    3886           0 :             write_status_failure ("store", rc);
    3887           0 :             log_error ("storing '%s' failed: %s\n",
    3888             :                        print_fname_stdin(fname),gpg_strerror (rc) );
    3889             :           }
    3890           0 :         break;
    3891             :       case aSym: /* encrypt the given file only with the symmetric cipher */
    3892         213 :         if( argc > 1 )
    3893           0 :             wrong_args(_("--symmetric [filename]"));
    3894         213 :         if( (rc = encrypt_symmetric(fname)) )
    3895             :           {
    3896           0 :             write_status_failure ("symencrypt", rc);
    3897           0 :             log_error (_("symmetric encryption of '%s' failed: %s\n"),
    3898             :                         print_fname_stdin(fname),gpg_strerror (rc) );
    3899             :           }
    3900         213 :         break;
    3901             : 
    3902             :       case aEncr: /* encrypt the given file */
    3903         219 :         if(multifile)
    3904           0 :           encrypt_crypt_files (ctrl, argc, argv, remusr);
    3905             :         else
    3906             :           {
    3907         219 :             if( argc > 1 )
    3908           0 :               wrong_args(_("--encrypt [filename]"));
    3909         219 :             if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 0, NULL, -1)) )
    3910             :               {
    3911           0 :                 write_status_failure ("encrypt", rc);
    3912           0 :                 log_error("%s: encryption failed: %s\n",
    3913             :                           print_fname_stdin(fname), gpg_strerror (rc) );
    3914             :               }
    3915             :           }
    3916         219 :         break;
    3917             : 
    3918             :       case aEncrSym:
    3919             :         /* This works with PGP 8 in the sense that it acts just like a
    3920             :            symmetric message.  It doesn't work at all with 2 or 6.  It
    3921             :            might work with 7, but alas, I don't have a copy to test
    3922             :            with right now. */
    3923           0 :         if( argc > 1 )
    3924           0 :           wrong_args(_("--symmetric --encrypt [filename]"));
    3925           0 :         else if(opt.s2k_mode==0)
    3926           0 :           log_error(_("you cannot use --symmetric --encrypt"
    3927             :                       " with --s2k-mode 0\n"));
    3928           0 :         else if(PGP6 || PGP7)
    3929           0 :           log_error(_("you cannot use --symmetric --encrypt"
    3930             :                       " while in %s mode\n"),compliance_option_string());
    3931             :         else
    3932             :           {
    3933           0 :             if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 1, NULL, -1)) )
    3934             :               {
    3935           0 :                 write_status_failure ("encrypt", rc);
    3936           0 :                 log_error ("%s: encryption failed: %s\n",
    3937             :                            print_fname_stdin(fname), gpg_strerror (rc) );
    3938             :               }
    3939             :           }
    3940           0 :         break;
    3941             : 
    3942             :       case aSign: /* sign the given file */
    3943          86 :         sl = NULL;
    3944          86 :         if( detached_sig ) { /* sign all files */
    3945          44 :             for( ; argc; argc--, argv++ )
    3946          28 :                 add_to_strlist( &sl, *argv );
    3947             :         }
    3948             :         else {
    3949          70 :             if( argc > 1 )
    3950           0 :                 wrong_args(_("--sign [filename]"));
    3951          70 :             if( argc ) {
    3952          69 :                 sl = xmalloc_clear( sizeof *sl + strlen(fname));
    3953          69 :                 strcpy(sl->d, fname);
    3954             :             }
    3955             :         }
    3956          86 :         if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 0, NULL, NULL)))
    3957             :           {
    3958           0 :             write_status_failure ("sign", rc);
    3959           0 :             log_error ("signing failed: %s\n", gpg_strerror (rc) );
    3960             :           }
    3961          86 :         free_strlist(sl);
    3962          86 :         break;
    3963             : 
    3964             :       case aSignEncr: /* sign and encrypt the given file */
    3965          27 :         if( argc > 1 )
    3966           0 :             wrong_args(_("--sign --encrypt [filename]"));
    3967          27 :         if( argc ) {
    3968          26 :             sl = xmalloc_clear( sizeof *sl + strlen(fname));
    3969          26 :             strcpy(sl->d, fname);
    3970             :         }
    3971             :         else
    3972           1 :             sl = NULL;
    3973          27 :         if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 1, remusr, NULL)))
    3974             :           {
    3975           0 :             write_status_failure ("sign-encrypt", rc);
    3976           0 :             log_error("%s: sign+encrypt failed: %s\n",
    3977             :                       print_fname_stdin(fname), gpg_strerror (rc) );
    3978             :           }
    3979          27 :         free_strlist(sl);
    3980          27 :         break;
    3981             : 
    3982             :       case aSignEncrSym: /* sign and encrypt the given file */
    3983           1 :         if( argc > 1 )
    3984           0 :             wrong_args(_("--symmetric --sign --encrypt [filename]"));
    3985           1 :         else if(opt.s2k_mode==0)
    3986           0 :           log_error(_("you cannot use --symmetric --sign --encrypt"
    3987             :                       " with --s2k-mode 0\n"));
    3988           1 :         else if(PGP6 || PGP7)
    3989           0 :           log_error(_("you cannot use --symmetric --sign --encrypt"
    3990             :                       " while in %s mode\n"),compliance_option_string());
    3991             :         else
    3992             :           {
    3993           1 :             if( argc )
    3994             :               {
    3995           0 :                 sl = xmalloc_clear( sizeof *sl + strlen(fname));
    3996           0 :                 strcpy(sl->d, fname);
    3997             :               }
    3998             :             else
    3999           1 :               sl = NULL;
    4000           1 :             if ((rc = sign_file (ctrl, sl, detached_sig, locusr,
    4001             :                                  2, remusr, NULL)))
    4002             :               {
    4003           0 :                 write_status_failure ("sign-encrypt", rc);
    4004           0 :                 log_error("%s: symmetric+sign+encrypt failed: %s\n",
    4005             :                           print_fname_stdin(fname), gpg_strerror (rc) );
    4006             :               }
    4007           1 :             free_strlist(sl);
    4008             :           }
    4009           1 :         break;
    4010             : 
    4011             :       case aSignSym: /* sign and conventionally encrypt the given file */
    4012           7 :         if (argc > 1)
    4013           0 :             wrong_args(_("--sign --symmetric [filename]"));
    4014           7 :         rc = sign_symencrypt_file (ctrl, fname, locusr);
    4015           7 :         if (rc)
    4016             :           {
    4017           0 :             write_status_failure ("sign-symencrypt", rc);
    4018           0 :             log_error("%s: sign+symmetric failed: %s\n",
    4019             :                       print_fname_stdin(fname), gpg_strerror (rc) );
    4020             :           }
    4021           7 :         break;
    4022             : 
    4023             :       case aClearsign: /* make a clearsig */
    4024          10 :         if( argc > 1 )
    4025           0 :             wrong_args(_("--clearsign [filename]"));
    4026          10 :         if( (rc = clearsign_file (ctrl, fname, locusr, NULL)) )
    4027             :           {
    4028           0 :             write_status_failure ("sign", rc);
    4029           0 :             log_error("%s: clearsign failed: %s\n",
    4030             :                       print_fname_stdin(fname), gpg_strerror (rc) );
    4031             :           }
    4032          10 :         break;
    4033             : 
    4034             :       case aVerify:
    4035          44 :         if (multifile)
    4036             :           {
    4037           0 :             if ((rc = verify_files (ctrl, argc, argv)))
    4038           0 :               log_error("verify files failed: %s\n", gpg_strerror (rc) );
    4039             :           }
    4040             :         else
    4041             :           {
    4042          44 :             if ((rc = verify_signatures (ctrl, argc, argv)))
    4043           0 :               log_error("verify signatures failed: %s\n", gpg_strerror (rc) );
    4044             :           }
    4045          41 :         if (rc)
    4046           0 :           write_status_failure ("verify", rc);
    4047          41 :         break;
    4048             : 
    4049             :       case aDecrypt:
    4050          12 :         if (multifile)
    4051           0 :           decrypt_messages (ctrl, argc, argv);
    4052             :         else
    4053             :           {
    4054          12 :             if( argc > 1 )
    4055           0 :               wrong_args(_("--decrypt [filename]"));
    4056          12 :             if( (rc = decrypt_message (ctrl, fname) ))
    4057             :               {
    4058           0 :                 write_status_failure ("decrypt", rc);
    4059           0 :                 log_error("decrypt_message failed: %s\n", gpg_strerror (rc) );
    4060             :               }
    4061             :           }
    4062          12 :         break;
    4063             : 
    4064             :       case aQuickSignKey:
    4065             :       case aQuickLSignKey:
    4066             :         {
    4067             :           const char *fpr;
    4068             : 
    4069           0 :           if (argc < 1)
    4070           0 :             wrong_args ("--quick-[l]sign-key fingerprint [userids]");
    4071           0 :           fpr = *argv++; argc--;
    4072           0 :           sl = NULL;
    4073           0 :           for( ; argc; argc--, argv++)
    4074           0 :             append_to_strlist2 (&sl, *argv, utf8_strings);
    4075           0 :           keyedit_quick_sign (ctrl, fpr, sl, locusr, (cmd == aQuickLSignKey));
    4076           0 :           free_strlist (sl);
    4077             :         }
    4078           0 :         break;
    4079             : 
    4080             :       case aSignKey:
    4081           0 :         if( argc != 1 )
    4082           0 :           wrong_args(_("--sign-key user-id"));
    4083             :         /* fall through */
    4084             :       case aLSignKey:
    4085           0 :         if( argc != 1 )
    4086           0 :           wrong_args(_("--lsign-key user-id"));
    4087             :         /* fall through */
    4088             : 
    4089           0 :         sl=NULL;
    4090             : 
    4091           0 :         if(cmd==aSignKey)
    4092           0 :           append_to_strlist(&sl,"sign");
    4093           0 :         else if(cmd==aLSignKey)
    4094           0 :           append_to_strlist(&sl,"lsign");
    4095             :         else
    4096           0 :           BUG();
    4097             : 
    4098           0 :         append_to_strlist( &sl, "save" );
    4099           0 :         username = make_username( fname );
    4100           0 :         keyedit_menu (ctrl, username, locusr, sl, 0, 0 );
    4101           0 :         xfree(username);
    4102           0 :         free_strlist(sl);
    4103           0 :         break;
    4104             : 
    4105             :       case aEditKey: /* Edit a key signature */
    4106           0 :         if( !argc )
    4107           0 :             wrong_args(_("--edit-key user-id [commands]"));
    4108           0 :         username = make_username( fname );
    4109           0 :         if( argc > 1 ) {
    4110           0 :             sl = NULL;
    4111           0 :             for( argc--, argv++ ; argc; argc--, argv++ )
    4112           0 :                 append_to_strlist( &sl, *argv );
    4113           0 :             keyedit_menu (ctrl, username, locusr, sl, 0, 1 );
    4114           0 :             free_strlist(sl);
    4115             :         }
    4116             :         else
    4117           0 :             keyedit_menu (ctrl, username, locusr, NULL, 0, 1 );
    4118           0 :         xfree(username);
    4119           0 :         break;
    4120             : 
    4121             :       case aPasswd:
    4122           0 :         if (argc != 1)
    4123           0 :           wrong_args (_("--passwd <user-id>"));
    4124             :         else
    4125             :           {
    4126           0 :             username = make_username (fname);
    4127           0 :             keyedit_passwd (ctrl, username);
    4128           0 :             xfree (username);
    4129             :           }
    4130           0 :         break;
    4131             : 
    4132             :       case aDeleteKeys:
    4133             :       case aDeleteSecretKeys:
    4134             :       case aDeleteSecretAndPublicKeys:
    4135           8 :         sl = NULL;
    4136             :         /* I'm adding these in reverse order as add_to_strlist2
    4137             :            reverses them again, and it's easier to understand in the
    4138             :            proper order :) */
    4139          17 :         for( ; argc; argc-- )
    4140           9 :           add_to_strlist2( &sl, argv[argc-1], utf8_strings );
    4141           8 :         delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys);
    4142           8 :         free_strlist(sl);
    4143           8 :         break;
    4144             : 
    4145             :       case aCheckKeys:
    4146           0 :         opt.check_sigs = 1;
    4147             :       case aListSigs:
    4148           0 :         opt.list_sigs = 1;
    4149             :       case aListKeys:
    4150          47 :         sl = NULL;
    4151          97 :         for( ; argc; argc--, argv++ )
    4152          50 :             add_to_strlist2( &sl, *argv, utf8_strings );
    4153          47 :         public_key_list (ctrl, sl, 0);
    4154          47 :         free_strlist(sl);
    4155          47 :         break;
    4156             :       case aListSecretKeys:
    4157          14 :         sl = NULL;
    4158          25 :         for( ; argc; argc--, argv++ )
    4159          11 :             add_to_strlist2( &sl, *argv, utf8_strings );
    4160          14 :         secret_key_list (ctrl, sl);
    4161          14 :         free_strlist(sl);
    4162          14 :         break;
    4163             :       case aLocateKeys:
    4164           0 :         sl = NULL;
    4165           0 :         for (; argc; argc--, argv++)
    4166           0 :           add_to_strlist2( &sl, *argv, utf8_strings );
    4167           0 :         public_key_list (ctrl, sl, 1);
    4168           0 :         free_strlist (sl);
    4169           0 :         break;
    4170             : 
    4171             :       case aQuickKeygen:
    4172             :         {
    4173             :           const char *x_algo, *x_usage, *x_expire;
    4174             : 
    4175           0 :           if (argc < 1 || argc > 4)
    4176           0 :             wrong_args("--quick-gen-key USER-ID [ALGO [USAGE [EXPIRE]]]");
    4177           0 :           username = make_username (fname);
    4178           0 :           argv++, argc--;
    4179           0 :           x_algo = "";
    4180           0 :           x_usage = "";
    4181           0 :           x_expire = "";
    4182           0 :           if (argc)
    4183             :             {
    4184           0 :               x_algo = *argv++; argc--;
    4185           0 :               if (argc)
    4186             :                 {
    4187           0 :                   x_usage = *argv++; argc--;
    4188           0 :                   if (argc)
    4189             :                     {
    4190           0 :                       x_expire = *argv++; argc--;
    4191             :                     }
    4192             :                 }
    4193             :             }
    4194           0 :           quick_generate_keypair (ctrl, username, x_algo, x_usage, x_expire);
    4195           0 :           xfree (username);
    4196             :         }
    4197           0 :         break;
    4198             : 
    4199             :       case aKeygen: /* generate a key */
    4200           2 :         if( opt.batch ) {
    4201           2 :             if( argc > 1 )
    4202           0 :                 wrong_args("--gen-key [parameterfile]");
    4203           2 :             generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
    4204             :         }
    4205             :         else {
    4206           0 :             if (opt.command_fd != -1 && argc)
    4207             :               {
    4208           0 :                 if( argc > 1 )
    4209           0 :                   wrong_args("--gen-key [parameterfile]");
    4210             : 
    4211           0 :                 opt.batch = 1;
    4212           0 :                 generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0);
    4213             :               }
    4214           0 :             else if (argc)
    4215           0 :               wrong_args ("--gen-key");
    4216             :             else
    4217           0 :               generate_keypair (ctrl, 0, NULL, NULL, 0);
    4218             :         }
    4219           2 :         break;
    4220             : 
    4221             :       case aFullKeygen: /* Generate a key with all options. */
    4222           0 :         if (opt.batch)
    4223             :           {
    4224           0 :             if (argc > 1)
    4225           0 :               wrong_args ("--full-gen-key [parameterfile]");
    4226           0 :             generate_keypair (ctrl, 1, argc? *argv : NULL, NULL, 0);
    4227             :           }
    4228             :         else
    4229             :           {
    4230           0 :             if (argc)
    4231           0 :               wrong_args("--full-gen-key");
    4232           0 :             generate_keypair (ctrl, 1, NULL, NULL, 0);
    4233             :         }
    4234           0 :         break;
    4235             : 
    4236             :       case aQuickAddUid:
    4237             :         {
    4238             :           const char *uid, *newuid;
    4239             : 
    4240           0 :           if (argc != 2)
    4241           0 :             wrong_args ("--quick-adduid USER-ID NEW-USER-ID");
    4242           0 :           uid = *argv++; argc--;
    4243           0 :           newuid = *argv++; argc--;
    4244           0 :           keyedit_quick_adduid (ctrl, uid, newuid);
    4245             :         }
    4246           0 :         break;
    4247             : 
    4248             :       case aQuickAddKey:
    4249             :         {
    4250             :           const char *x_fpr, *x_algo, *x_usage, *x_expire;
    4251             : 
    4252           0 :           if (argc < 1 || argc > 4)
    4253           0 :             wrong_args ("--quick-addkey FINGERPRINT [ALGO [USAGE [EXPIRE]]]");
    4254           0 :           x_fpr = *argv++; argc--;
    4255           0 :           x_algo = "";
    4256           0 :           x_usage = "";
    4257           0 :           x_expire = "";
    4258           0 :           if (argc)
    4259             :             {
    4260           0 :               x_algo = *argv++; argc--;
    4261           0 :               if (argc)
    4262             :                 {
    4263           0 :                   x_usage = *argv++; argc--;
    4264           0 :                   if (argc)
    4265             :                    {
    4266           0 :                      x_expire = *argv++; argc--;
    4267             :                    }
    4268             :                 }
    4269             :             }
    4270           0 :           keyedit_quick_addkey (ctrl, x_fpr, x_algo, x_usage, x_expire);
    4271             :         }
    4272           0 :         break;
    4273             : 
    4274             :       case aQuickRevUid:
    4275             :         {
    4276             :           const char *uid, *uidtorev;
    4277             : 
    4278           0 :           if (argc != 2)
    4279           0 :             wrong_args ("--quick-revuid USER-ID USER-ID-TO-REVOKE");
    4280           0 :           uid = *argv++; argc--;
    4281           0 :           uidtorev = *argv++; argc--;
    4282           0 :           keyedit_quick_revuid (ctrl, uid, uidtorev);
    4283             :         }
    4284           0 :         break;
    4285             : 
    4286             :       case aFastImport:
    4287           0 :         opt.import_options |= IMPORT_FAST;
    4288             :       case aImport:
    4289          24 :         import_keys (ctrl, argc? argv:NULL, argc, NULL, opt.import_options);
    4290          24 :         break;
    4291             : 
    4292             :         /* TODO: There are a number of command that use this same
    4293             :            "make strlist, call function, report error, free strlist"
    4294             :            pattern.  Join them together here and avoid all that
    4295             :            duplicated code. */
    4296             : 
    4297             :       case aExport:
    4298             :       case aSendKeys:
    4299             :       case aRecvKeys:
    4300           4 :         sl = NULL;
    4301          12 :         for( ; argc; argc--, argv++ )
    4302           8 :             append_to_strlist2( &sl, *argv, utf8_strings );
    4303           4 :         if( cmd == aSendKeys )
    4304           0 :             rc = keyserver_export (ctrl, sl );
    4305           4 :         else if( cmd == aRecvKeys )
    4306           0 :             rc = keyserver_import (ctrl, sl );
    4307             :         else
    4308             :           {
    4309           4 :             export_stats_t stats = export_new_stats ();
    4310           4 :             rc = export_pubkeys (ctrl, sl, opt.export_options, stats);
    4311           4 :             export_print_stats (stats);
    4312           4 :             export_release_stats (stats);
    4313             :           }
    4314           4 :         if(rc)
    4315             :           {
    4316           0 :             if(cmd==aSendKeys)
    4317             :               {
    4318           0 :                 write_status_failure ("send-keys", rc);
    4319           0 :                 log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc));
    4320             :               }
    4321           0 :             else if(cmd==aRecvKeys)
    4322             :               {
    4323           0 :                 write_status_failure ("recv-keys", rc);
    4324           0 :                 log_error (_("keyserver receive failed: %s\n"),
    4325             :                            gpg_strerror (rc));
    4326             :               }
    4327             :             else
    4328             :               {
    4329           0 :                 write_status_failure ("export", rc);
    4330           0 :                 log_error (_("key export failed: %s\n"), gpg_strerror (rc));
    4331             :               }
    4332             :           }
    4333           4 :         free_strlist(sl);
    4334           4 :         break;
    4335             : 
    4336             :       case aExportSshKey:
    4337           0 :         if (argc != 1)
    4338           0 :           wrong_args ("--export-ssh-key <user-id>");
    4339           0 :         rc = export_ssh_key (ctrl, argv[0]);
    4340           0 :         if (rc)
    4341             :           {
    4342           0 :             write_status_failure ("export-ssh-key", rc);
    4343           0 :             log_error (_("export as ssh key failed: %s\n"), gpg_strerror (rc));
    4344             :           }
    4345           0 :         break;
    4346             : 
    4347             :      case aSearchKeys:
    4348           0 :         sl = NULL;
    4349           0 :         for (; argc; argc--, argv++)
    4350           0 :           append_to_strlist2 (&sl, *argv, utf8_strings);
    4351           0 :         rc = keyserver_search (ctrl, sl);
    4352           0 :         if (rc)
    4353             :           {
    4354           0 :             write_status_failure ("search-keys", rc);
    4355           0 :             log_error (_("keyserver search failed: %s\n"), gpg_strerror (rc));
    4356             :           }
    4357           0 :         free_strlist (sl);
    4358           0 :         break;
    4359             : 
    4360             :       case aRefreshKeys:
    4361           0 :         sl = NULL;
    4362           0 :         for( ; argc; argc--, argv++ )
    4363           0 :             append_to_strlist2( &sl, *argv, utf8_strings );
    4364           0 :         rc = keyserver_refresh (ctrl, sl);
    4365           0 :         if(rc)
    4366             :           {
    4367           0 :             write_status_failure ("refresh-keys", rc);
    4368           0 :             log_error (_("keyserver refresh failed: %s\n"),gpg_strerror (rc));
    4369             :           }
    4370           0 :         free_strlist(sl);
    4371           0 :         break;
    4372             : 
    4373             :       case aFetchKeys:
    4374           0 :         sl = NULL;
    4375           0 :         for( ; argc; argc--, argv++ )
    4376           0 :             append_to_strlist2( &sl, *argv, utf8_strings );
    4377           0 :         rc = keyserver_fetch (ctrl, sl);
    4378           0 :         if(rc)
    4379             :           {
    4380           0 :             write_status_failure ("fetch-keys", rc);
    4381           0 :             log_error ("key fetch failed: %s\n",gpg_strerror (rc));
    4382             :           }
    4383           0 :         free_strlist(sl);
    4384           0 :         break;
    4385             : 
    4386             :       case aExportSecret:
    4387           3 :         sl = NULL;
    4388           9 :         for( ; argc; argc--, argv++ )
    4389           6 :             add_to_strlist2( &sl, *argv, utf8_strings );
    4390             :         {
    4391           3 :           export_stats_t stats = export_new_stats ();
    4392           3 :           export_seckeys (ctrl, sl, stats);
    4393           3 :           export_print_stats (stats);
    4394           3 :           export_release_stats (stats);
    4395             :         }
    4396           3 :         free_strlist(sl);
    4397           3 :         break;
    4398             : 
    4399             :       case aExportSecretSub:
    4400           0 :         sl = NULL;
    4401           0 :         for( ; argc; argc--, argv++ )
    4402           0 :             add_to_strlist2( &sl, *argv, utf8_strings );
    4403             :         {
    4404           0 :           export_stats_t stats = export_new_stats ();
    4405           0 :           export_secsubkeys (ctrl, sl, stats);
    4406           0 :           export_print_stats (stats);
    4407           0 :           export_release_stats (stats);
    4408             :         }
    4409           0 :         free_strlist(sl);
    4410           0 :         break;
    4411             : 
    4412             :       case aGenRevoke:
    4413           0 :         if( argc != 1 )
    4414           0 :             wrong_args("--gen-revoke user-id");
    4415           0 :         username =  make_username(*argv);
    4416           0 :         gen_revoke( username );
    4417           0 :         xfree( username );
    4418           0 :         break;
    4419             : 
    4420             :       case aDesigRevoke:
    4421           0 :         if (argc != 1)
    4422           0 :             wrong_args ("--desig-revoke user-id");
    4423           0 :         username = make_username (*argv);
    4424           0 :         gen_desig_revoke (ctrl, username, locusr);
    4425           0 :         xfree (username);
    4426           0 :         break;
    4427             : 
    4428             :       case aDeArmor:
    4429          36 :         if( argc > 1 )
    4430           0 :             wrong_args("--dearmor [file]");
    4431          36 :         rc = dearmor_file( argc? *argv: NULL );
    4432          36 :         if( rc )
    4433             :           {
    4434           0 :             write_status_failure ("dearmor", rc);
    4435           0 :             log_error (_("dearmoring failed: %s\n"), gpg_strerror (rc));
    4436             :           }
    4437          36 :         break;
    4438             : 
    4439             :       case aEnArmor:
    4440           0 :         if( argc > 1 )
    4441           0 :             wrong_args("--enarmor [file]");
    4442           0 :         rc = enarmor_file( argc? *argv: NULL );
    4443           0 :         if( rc )
    4444             :           {
    4445           0 :             write_status_failure ("enarmor", rc);
    4446           0 :             log_error (_("enarmoring failed: %s\n"), gpg_strerror (rc));
    4447             :           }
    4448           0 :         break;
    4449             : 
    4450             : 
    4451             :       case aPrimegen:
    4452             : #if 0 /*FIXME*/
    4453             :         {   int mode = argc < 2 ? 0 : atoi(*argv);
    4454             : 
    4455             :             if( mode == 1 && argc == 2 ) {
    4456             :                 mpi_print (es_stdout,
    4457             :                            generate_public_prime( atoi(argv[1]) ), 1);
    4458             :             }
    4459             :             else if( mode == 2 && argc == 3 ) {
    4460             :                 mpi_print (es_stdout, generate_elg_prime(
    4461             :                                              0, atoi(argv[1]),
    4462             :                                              atoi(argv[2]), NULL,NULL ), 1);
    4463             :             }
    4464             :             else if( mode == 3 && argc == 3 ) {
    4465             :                 MPI *factors;
    4466             :                 mpi_print (es_stdout, generate_elg_prime(
    4467             :                                              1, atoi(argv[1]),
    4468             :                                              atoi(argv[2]), NULL,&factors ), 1);
    4469             :                 es_putc ('\n', es_stdout);
    4470             :                 mpi_print (es_stdout, factors[0], 1 ); /* print q */
    4471             :             }
    4472             :             else if( mode == 4 && argc == 3 ) {
    4473             :                 MPI g = mpi_alloc(1);
    4474             :                 mpi_print (es_stdout, generate_elg_prime(
    4475             :                                                  0, atoi(argv[1]),
    4476             :                                                  atoi(argv[2]), g, NULL ), 1);
    4477             :                 es_putc ('\n', es_stdout);
    4478             :                 mpi_print (es_stdout, g, 1 );
    4479             :                 mpi_free (g);
    4480             :             }
    4481             :             else
    4482             :                 wrong_args("--gen-prime mode bits [qbits] ");
    4483             :             es_putc ('\n', es_stdout);
    4484             :         }
    4485             : #endif
    4486           0 :         wrong_args("--gen-prime not yet supported ");
    4487           0 :         break;
    4488             : 
    4489             :       case aGenRandom:
    4490             :         {
    4491           0 :             int level = argc ? atoi(*argv):0;
    4492           0 :             int count = argc > 1 ? atoi(argv[1]): 0;
    4493           0 :             int endless = !count;
    4494             : 
    4495           0 :             if( argc < 1 || argc > 2 || level < 0 || level > 2 || count < 0 )
    4496           0 :                 wrong_args("--gen-random 0|1|2 [count]");
    4497             : 
    4498           0 :             while( endless || count ) {
    4499             :                 byte *p;
    4500             :                 /* Wee need a multiple of 3, so that in case of
    4501             :                    armored output we get a correct string.  No
    4502             :                    linefolding is done, as it is best to levae this to
    4503             :                    other tools */
    4504           0 :                 size_t n = !endless && count < 99? count : 99;
    4505             : 
    4506           0 :                 p = gcry_random_bytes (n, level);
    4507             : #ifdef HAVE_DOSISH_SYSTEM
    4508             :                 setmode ( fileno(stdout), O_BINARY );
    4509             : #endif
    4510           0 :                 if (opt.armor) {
    4511           0 :                     char *tmp = make_radix64_string (p, n);
    4512           0 :                     es_fputs (tmp, es_stdout);
    4513           0 :                     xfree (tmp);
    4514           0 :                     if (n%3 == 1)
    4515           0 :                       es_putc ('=', es_stdout);
    4516           0 :                     if (n%3)
    4517           0 :                       es_putc ('=', es_stdout);
    4518             :                 } else {
    4519           0 :                     es_fwrite( p, n, 1, es_stdout );
    4520             :                 }
    4521           0 :                 xfree(p);
    4522           0 :                 if( !endless )
    4523           0 :                     count -= n;
    4524             :             }
    4525           0 :             if (opt.armor)
    4526           0 :               es_putc ('\n', es_stdout);
    4527             :         }
    4528           0 :         break;
    4529             : 
    4530             :       case aPrintMD:
    4531           1 :         if( argc < 1)
    4532           0 :             wrong_args("--print-md algo [files]");
    4533             :         {
    4534           1 :             int all_algos = (**argv=='*' && !(*argv)[1]);
    4535           1 :             int algo = all_algos? 0 : gcry_md_map_name (*argv);
    4536             : 
    4537           1 :             if( !algo && !all_algos )
    4538           0 :                 log_error(_("invalid hash algorithm '%s'\n"), *argv );
    4539             :             else {
    4540           1 :                 argc--; argv++;
    4541           1 :                 if( !argc )
    4542           0 :                     print_mds(NULL, algo);
    4543             :                 else {
    4544           2 :                     for(; argc; argc--, argv++ )
    4545           1 :                         print_mds(*argv, algo);
    4546             :                 }
    4547             :             }
    4548             :         }
    4549           1 :         break;
    4550             : 
    4551             :       case aPrintMDs: /* old option */
    4552           2 :         if( !argc )
    4553           2 :             print_mds(NULL,0);
    4554             :         else {
    4555           0 :             for(; argc; argc--, argv++ )
    4556           0 :                 print_mds(*argv,0);
    4557             :         }
    4558           2 :         break;
    4559             : 
    4560             : #ifndef NO_TRUST_MODELS
    4561             :       case aListTrustDB:
    4562           0 :         if( !argc )
    4563           0 :           list_trustdb (es_stdout, NULL);
    4564             :         else {
    4565           0 :             for( ; argc; argc--, argv++ )
    4566           0 :               list_trustdb (es_stdout, *argv );
    4567             :         }
    4568           0 :         break;
    4569             : 
    4570             :       case aUpdateTrustDB:
    4571           0 :         if( argc )
    4572           0 :             wrong_args("--update-trustdb");
    4573           0 :         update_trustdb (ctrl);
    4574           0 :         break;
    4575             : 
    4576             :       case aCheckTrustDB:
    4577             :         /* Old versions allowed for arguments - ignore them */
    4578           1 :         check_trustdb (ctrl);
    4579           1 :         break;
    4580             : 
    4581             :       case aFixTrustDB:
    4582           0 :         how_to_fix_the_trustdb ();
    4583           0 :         break;
    4584             : 
    4585             :       case aListTrustPath:
    4586           0 :         if( !argc )
    4587           0 :             wrong_args("--list-trust-path <user-ids>");
    4588           0 :         for( ; argc; argc--, argv++ ) {
    4589           0 :             username = make_username( *argv );
    4590           0 :             list_trust_path( username );
    4591           0 :             xfree(username);
    4592             :         }
    4593           0 :         break;
    4594             : 
    4595             :       case aExportOwnerTrust:
    4596           0 :         if( argc )
    4597           0 :             wrong_args("--export-ownertrust");
    4598           0 :         export_ownertrust();
    4599           0 :         break;
    4600             : 
    4601             :       case aImportOwnerTrust:
    4602           0 :         if( argc > 1 )
    4603           0 :             wrong_args("--import-ownertrust [file]");
    4604           0 :         import_ownertrust( argc? *argv:NULL );
    4605           0 :         break;
    4606             : #endif /*!NO_TRUST_MODELS*/
    4607             : 
    4608             :       case aRebuildKeydbCaches:
    4609           0 :         if (argc)
    4610           0 :             wrong_args ("--rebuild-keydb-caches");
    4611           0 :         keydb_rebuild_caches (1);
    4612           0 :         break;
    4613             : 
    4614             : #ifdef ENABLE_CARD_SUPPORT
    4615             :       case aCardStatus:
    4616           0 :         if (argc)
    4617           0 :             wrong_args ("--card-status");
    4618           0 :         card_status (es_stdout, NULL, 0);
    4619           0 :         break;
    4620             : 
    4621             :       case aCardEdit:
    4622           0 :         if (argc) {
    4623           0 :             sl = NULL;
    4624           0 :             for (argc--, argv++ ; argc; argc--, argv++)
    4625           0 :                 append_to_strlist (&sl, *argv);
    4626           0 :             card_edit (ctrl, sl);
    4627           0 :             free_strlist (sl);
    4628             :         }
    4629             :         else
    4630           0 :           card_edit (ctrl, NULL);
    4631           0 :         break;
    4632             : 
    4633             :       case aChangePIN:
    4634           0 :         if (!argc)
    4635           0 :             change_pin (0,1);
    4636           0 :         else if (argc == 1)
    4637           0 :             change_pin (atoi (*argv),1);
    4638             :         else
    4639           0 :             wrong_args ("--change-pin [no]");
    4640           0 :         break;
    4641             : #endif /* ENABLE_CARD_SUPPORT*/
    4642             : 
    4643             :       case aListConfig:
    4644             :         {
    4645         373 :           char *str=collapse_args(argc,argv);
    4646         373 :           list_config(str);
    4647         373 :           xfree(str);
    4648             :         }
    4649         373 :         break;
    4650             : 
    4651             :       case aListGcryptConfig:
    4652             :         /* Fixme: It would be nice to integrate that with
    4653             :            --list-config but unfortunately there is no way yet to have
    4654             :            libgcrypt print it to an estream for further parsing.  */
    4655           0 :         gcry_control (GCRYCTL_PRINT_CONFIG, stdout);
    4656           0 :         break;
    4657             : 
    4658             :       case aTOFUPolicy:
    4659             : #ifdef USE_TOFU
    4660             :         {
    4661             :           int policy;
    4662             :           int i;
    4663             :           KEYDB_HANDLE hd;
    4664             : 
    4665           4 :           if (argc < 2)
    4666           0 :             wrong_args ("--tofu-policy POLICY KEYID [KEYID...]");
    4667             : 
    4668           4 :           policy = parse_tofu_policy (argv[0]);
    4669             : 
    4670           4 :           hd = keydb_new ();
    4671           4 :           if (! hd)
    4672           0 :             g10_exit (1);
    4673             : 
    4674           4 :           tofu_begin_batch_update (ctrl);
    4675             : 
    4676           8 :           for (i = 1; i < argc; i ++)
    4677             :             {
    4678             :               KEYDB_SEARCH_DESC desc;
    4679             :               kbnode_t kb;
    4680             : 
    4681           4 :               rc = classify_user_id (argv[i], &desc, 0);
    4682           4 :               if (rc)
    4683             :                 {
    4684           0 :                   log_error (_("error parsing key specification '%s': %s\n"),
    4685           0 :                              argv[i], gpg_strerror (rc));
    4686           0 :                   g10_exit (1);
    4687             :                 }
    4688             : 
    4689           4 :               if (! (desc.mode == KEYDB_SEARCH_MODE_SHORT_KID
    4690           0 :                      || desc.mode == KEYDB_SEARCH_MODE_LONG_KID
    4691           0 :                      || desc.mode == KEYDB_SEARCH_MODE_FPR16
    4692           0 :                      || desc.mode == KEYDB_SEARCH_MODE_FPR20
    4693           0 :                      || desc.mode == KEYDB_SEARCH_MODE_FPR
    4694           0 :                      || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP))
    4695             :                 {
    4696           0 :                   log_error (_("'%s' does not appear to be a valid"
    4697             :                                " key ID, fingerprint or keygrip\n"),
    4698           0 :                              argv[i]);
    4699           0 :                   g10_exit (1);
    4700             :                 }
    4701             : 
    4702           4 :               rc = keydb_search_reset (hd);
    4703           4 :               if (rc)
    4704             :                 {
    4705             :                   /* This should not happen, thus no need to tranalate
    4706             :                      the string.  */
    4707           0 :                   log_error ("keydb_search_reset failed: %s\n",
    4708             :                              gpg_strerror (rc));
    4709           0 :                   g10_exit (1);
    4710             :                 }
    4711             : 
    4712           4 :               rc = keydb_search (hd, &desc, 1, NULL);
    4713           4 :               if (rc)
    4714             :                 {
    4715           0 :                   log_error (_("key \"%s\" not found: %s\n"), argv[i],
    4716             :                              gpg_strerror (rc));
    4717           0 :                   g10_exit (1);
    4718             :                 }
    4719             : 
    4720           4 :               rc = keydb_get_keyblock (hd, &kb);
    4721           4 :               if (rc)
    4722             :                 {
    4723           0 :                   log_error (_("error reading keyblock: %s\n"),
    4724             :                              gpg_strerror (rc));
    4725           0 :                   g10_exit (1);
    4726             :                 }
    4727             : 
    4728           4 :               merge_keys_and_selfsig (kb);
    4729           4 :               if (tofu_set_policy (ctrl, kb, policy))
    4730           0 :                 g10_exit (1);
    4731             :             }
    4732             : 
    4733           4 :           tofu_end_batch_update (ctrl);
    4734             : 
    4735           4 :           keydb_release (hd);
    4736             :         }
    4737             : #endif /*USE_TOFU*/
    4738           4 :         break;
    4739             : 
    4740             :       case aListPackets:
    4741             :       default:
    4742         564 :         if( argc > 1 )
    4743           0 :             wrong_args(_("[filename]"));
    4744             :         /* Issue some output for the unix newbie */
    4745         564 :         if (!fname && !opt.outfile
    4746           0 :             && gnupg_isatty (fileno (stdin))
    4747           0 :             && gnupg_isatty (fileno (stdout))
    4748           0 :             && gnupg_isatty (fileno (stderr)))
    4749           0 :             log_info(_("Go ahead and type your message ...\n"));
    4750             : 
    4751         564 :         a = iobuf_open(fname);
    4752         564 :         if (a && is_secured_file (iobuf_get_fd (a)))
    4753             :           {
    4754           0 :             iobuf_close (a);
    4755           0 :             a = NULL;
    4756           0 :             gpg_err_set_errno (EPERM);
    4757             :           }
    4758         564 :         if( !a )
    4759           0 :             log_error(_("can't open '%s'\n"), print_fname_stdin(fname));
    4760             :         else {
    4761             : 
    4762         564 :             if( !opt.no_armor ) {
    4763         564 :                 if( use_armor_filter( a ) ) {
    4764          61 :                     afx = new_armor_context ();
    4765          61 :                     push_armor_filter (afx, a);
    4766             :                 }
    4767             :             }
    4768         564 :             if( cmd == aListPackets ) {
    4769          13 :                 opt.list_packets=1;
    4770          13 :                 set_packet_list_mode(1);
    4771             :             }
    4772         564 :             rc = proc_packets (ctrl, NULL, a );
    4773         564 :             if( rc )
    4774             :               {
    4775           0 :                 write_status_failure ("-", rc);
    4776           0 :                 log_error ("processing message failed: %s\n",
    4777             :                            gpg_strerror (rc));
    4778             :               }
    4779         564 :             iobuf_close(a);
    4780             :         }
    4781         564 :         break;
    4782             :       }
    4783             : 
    4784             :     /* cleanup */
    4785        1699 :     gpg_deinit_default_ctrl (ctrl);
    4786        1699 :     xfree (ctrl);
    4787        1699 :     release_armor_context (afx);
    4788        1699 :     FREE_STRLIST(remusr);
    4789        1699 :     FREE_STRLIST(locusr);
    4790        1699 :     g10_exit(0);
    4791             :     return 8; /*NEVER REACHED*/
    4792             : }
    4793             : 
    4794             : 
    4795             : /* Note: This function is used by signal handlers!. */
    4796             : static void
    4797        1702 : emergency_cleanup (void)
    4798             : {
    4799        1702 :   gcry_control (GCRYCTL_TERM_SECMEM );
    4800        1702 : }
    4801             : 
    4802             : 
    4803             : void
    4804        1702 : g10_exit( int rc )
    4805             : {
    4806        1702 :   gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
    4807        1702 :   if (DBG_CLOCK)
    4808           0 :     log_clock ("stop");
    4809             : 
    4810        1702 :   if ( (opt.debug & DBG_MEMSTAT_VALUE) )
    4811             :     {
    4812           0 :       keydb_dump_stats ();
    4813           0 :       gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
    4814           0 :       gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
    4815             :     }
    4816        1702 :   if (opt.debug)
    4817           0 :     gcry_control (GCRYCTL_DUMP_SECMEM_STATS );
    4818             : 
    4819        1702 :   emergency_cleanup ();
    4820             : 
    4821        1702 :   rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
    4822        1702 :   exit (rc);
    4823             : }
    4824             : 
    4825             : 
    4826             : /* Pretty-print hex hashes.  This assumes at least an 80-character
    4827             :    display, but there are a few other similar assumptions in the
    4828             :    display code. */
    4829             : static void
    4830           0 : print_hex (gcry_md_hd_t md, int algo, const char *fname)
    4831             : {
    4832           0 :   int i,n,count,indent=0;
    4833             :   const byte *p;
    4834             : 
    4835           0 :   if (fname)
    4836           0 :     indent = es_printf("%s: ",fname);
    4837             : 
    4838           0 :   if (indent>40)
    4839             :     {
    4840           0 :       es_printf ("\n");
    4841           0 :       indent=0;
    4842             :     }
    4843             : 
    4844           0 :   if (algo==DIGEST_ALGO_RMD160)
    4845           0 :     indent += es_printf("RMD160 = ");
    4846           0 :   else if (algo>0)
    4847           0 :     indent += es_printf("%6s = ", gcry_md_algo_name (algo));
    4848             :   else
    4849           0 :     algo = abs(algo);
    4850             : 
    4851           0 :   count = indent;
    4852             : 
    4853           0 :   p = gcry_md_read (md, algo);
    4854           0 :   n = gcry_md_get_algo_dlen (algo);
    4855             : 
    4856           0 :   count += es_printf ("%02X",*p++);
    4857             : 
    4858           0 :   for(i=1;i<n;i++,p++)
    4859             :     {
    4860           0 :       if(n==16)
    4861             :         {
    4862           0 :           if(count+2>79)
    4863             :             {
    4864           0 :               es_printf ("\n%*s",indent," ");
    4865           0 :               count = indent;
    4866             :             }
    4867             :           else
    4868           0 :             count += es_printf(" ");
    4869             : 
    4870           0 :           if (!(i%8))
    4871           0 :             count += es_printf(" ");
    4872             :         }
    4873           0 :       else if (n==20)
    4874             :         {
    4875           0 :           if(!(i%2))
    4876             :             {
    4877           0 :               if(count+4>79)
    4878             :                 {
    4879           0 :                   es_printf ("\n%*s",indent," ");
    4880           0 :                   count=indent;
    4881             :                 }
    4882             :               else
    4883           0 :                 count += es_printf(" ");
    4884             :             }
    4885             : 
    4886           0 :           if (!(i%10))
    4887           0 :             count += es_printf(" ");
    4888             :         }
    4889             :       else
    4890             :         {
    4891           0 :           if(!(i%4))
    4892             :             {
    4893           0 :               if (count+8>79)
    4894             :                 {
    4895           0 :                   es_printf ("\n%*s",indent," ");
    4896           0 :                   count=indent;
    4897             :                 }
    4898             :               else
    4899           0 :                 count += es_printf(" ");
    4900             :             }
    4901             :         }
    4902             : 
    4903           0 :       count += es_printf("%02X",*p);
    4904             :     }
    4905             : 
    4906           0 :   es_printf ("\n");
    4907           0 : }
    4908             : 
    4909             : static void
    4910          15 : print_hashline( gcry_md_hd_t md, int algo, const char *fname )
    4911             : {
    4912             :   int i, n;
    4913             :   const byte *p;
    4914             : 
    4915          15 :   if ( fname )
    4916             :     {
    4917          23 :       for (p = fname; *p; p++ )
    4918             :         {
    4919          22 :           if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' )
    4920           0 :             es_printf ("%%%02X", *p );
    4921             :           else
    4922          22 :             es_putc (*p, es_stdout);
    4923             :         }
    4924             :     }
    4925          15 :   es_putc (':', es_stdout);
    4926          15 :   es_printf ("%d:", algo);
    4927          15 :   p = gcry_md_read (md, algo);
    4928          15 :   n = gcry_md_get_algo_dlen (algo);
    4929         491 :   for(i=0; i < n ; i++, p++ )
    4930         476 :     es_printf ("%02X", *p);
    4931          15 :   es_fputs (":\n", es_stdout);
    4932          15 : }
    4933             : 
    4934             : 
    4935             : static void
    4936           3 : print_mds( const char *fname, int algo )
    4937             : {
    4938             :   estream_t fp;
    4939             :   char buf[1024];
    4940             :   size_t n;
    4941             :   gcry_md_hd_t md;
    4942             : 
    4943           3 :   if (!fname)
    4944             :     {
    4945           2 :       fp = es_stdin;
    4946           2 :       es_set_binary (fp);
    4947             :     }
    4948             :   else
    4949             :     {
    4950           1 :       fp = es_fopen (fname, "rb" );
    4951           1 :       if (fp && is_secured_file (es_fileno (fp)))
    4952             :         {
    4953           0 :           es_fclose (fp);
    4954           0 :           fp = NULL;
    4955           0 :           gpg_err_set_errno (EPERM);
    4956             :         }
    4957             :     }
    4958           3 :   if (!fp)
    4959             :     {
    4960           0 :       log_error("%s: %s\n", fname?fname:"[stdin]", strerror(errno) );
    4961           3 :       return;
    4962             :     }
    4963             : 
    4964           3 :   gcry_md_open (&md, 0, 0);
    4965           3 :   if (algo)
    4966           1 :     gcry_md_enable (md, algo);
    4967             :   else
    4968             :     {
    4969           2 :       if (!gcry_md_test_algo (GCRY_MD_MD5))
    4970           2 :         gcry_md_enable (md, GCRY_MD_MD5);
    4971           2 :       gcry_md_enable (md, GCRY_MD_SHA1);
    4972           2 :       if (!gcry_md_test_algo (GCRY_MD_RMD160))
    4973           2 :         gcry_md_enable (md, GCRY_MD_RMD160);
    4974           2 :       if (!gcry_md_test_algo (GCRY_MD_SHA224))
    4975           2 :         gcry_md_enable (md, GCRY_MD_SHA224);
    4976           2 :       if (!gcry_md_test_algo (GCRY_MD_SHA256))
    4977           2 :         gcry_md_enable (md, GCRY_MD_SHA256);
    4978           2 :       if (!gcry_md_test_algo (GCRY_MD_SHA384))
    4979           2 :         gcry_md_enable (md, GCRY_MD_SHA384);
    4980           2 :       if (!gcry_md_test_algo (GCRY_MD_SHA512))
    4981           2 :         gcry_md_enable (md, GCRY_MD_SHA512);
    4982             :     }
    4983             : 
    4984          51 :   while ((n=es_fread (buf, 1, DIM(buf), fp)))
    4985          45 :     gcry_md_write (md, buf, n);
    4986             : 
    4987           3 :   if (es_ferror(fp))
    4988           0 :     log_error ("%s: %s\n", fname?fname:"[stdin]", strerror(errno));
    4989             :   else
    4990             :     {
    4991           3 :       gcry_md_final (md);
    4992           3 :       if (opt.with_colons)
    4993             :         {
    4994           3 :           if ( algo )
    4995           1 :             print_hashline (md, algo, fname);
    4996             :           else
    4997             :             {
    4998           2 :               if (!gcry_md_test_algo (GCRY_MD_MD5))
    4999           2 :                 print_hashline( md, GCRY_MD_MD5, fname );
    5000           2 :               print_hashline( md, GCRY_MD_SHA1, fname );
    5001           2 :               if (!gcry_md_test_algo (GCRY_MD_RMD160))
    5002           2 :                 print_hashline( md, GCRY_MD_RMD160, fname );
    5003           2 :               if (!gcry_md_test_algo (GCRY_MD_SHA224))
    5004           2 :                 print_hashline (md, GCRY_MD_SHA224, fname);
    5005           2 :               if (!gcry_md_test_algo (GCRY_MD_SHA256))
    5006           2 :                 print_hashline( md, GCRY_MD_SHA256, fname );
    5007           2 :               if (!gcry_md_test_algo (GCRY_MD_SHA384))
    5008           2 :                 print_hashline ( md, GCRY_MD_SHA384, fname );
    5009           2 :               if (!gcry_md_test_algo (GCRY_MD_SHA512))
    5010           2 :                 print_hashline ( md, GCRY_MD_SHA512, fname );
    5011             :             }
    5012             :         }
    5013             :       else
    5014             :         {
    5015           0 :           if (algo)
    5016           0 :             print_hex (md, -algo, fname);
    5017             :           else
    5018             :             {
    5019           0 :               if (!gcry_md_test_algo (GCRY_MD_MD5))
    5020           0 :                 print_hex (md, GCRY_MD_MD5, fname);
    5021           0 :               print_hex (md, GCRY_MD_SHA1, fname );
    5022           0 :               if (!gcry_md_test_algo (GCRY_MD_RMD160))
    5023           0 :                 print_hex (md, GCRY_MD_RMD160, fname );
    5024           0 :               if (!gcry_md_test_algo (GCRY_MD_SHA224))
    5025           0 :                 print_hex (md, GCRY_MD_SHA224, fname);
    5026           0 :               if (!gcry_md_test_algo (GCRY_MD_SHA256))
    5027           0 :                 print_hex (md, GCRY_MD_SHA256, fname );
    5028           0 :               if (!gcry_md_test_algo (GCRY_MD_SHA384))
    5029           0 :                 print_hex (md, GCRY_MD_SHA384, fname );
    5030           0 :               if (!gcry_md_test_algo (GCRY_MD_SHA512))
    5031           0 :                 print_hex (md, GCRY_MD_SHA512, fname );
    5032             :             }
    5033             :         }
    5034             :     }
    5035           3 :   gcry_md_close (md);
    5036             : 
    5037           3 :   if (fp != es_stdin)
    5038           1 :     es_fclose (fp);
    5039             : }
    5040             : 
    5041             : 
    5042             : /****************
    5043             :  * Check the supplied name,value string and add it to the notation
    5044             :  * data to be used for signatures.  which==0 for sig notations, and 1
    5045             :  * for cert notations.
    5046             : */
    5047             : static void
    5048           0 : add_notation_data( const char *string, int which )
    5049             : {
    5050             :   struct notation *notation;
    5051             : 
    5052           0 :   notation=string_to_notation(string,utf8_strings);
    5053           0 :   if(notation)
    5054             :     {
    5055           0 :       if(which)
    5056             :         {
    5057           0 :           notation->next=opt.cert_notations;
    5058           0 :           opt.cert_notations=notation;
    5059             :         }
    5060             :       else
    5061             :         {
    5062           0 :           notation->next=opt.sig_notations;
    5063           0 :           opt.sig_notations=notation;
    5064             :         }
    5065             :     }
    5066           0 : }
    5067             : 
    5068             : static void
    5069           0 : add_policy_url( const char *string, int which )
    5070             : {
    5071           0 :   unsigned int i,critical=0;
    5072             :   strlist_t sl;
    5073             : 
    5074           0 :   if(*string=='!')
    5075             :     {
    5076           0 :       string++;
    5077           0 :       critical=1;
    5078             :     }
    5079             : 
    5080           0 :   for(i=0;i<strlen(string);i++)
    5081           0 :     if( !isascii (string[i]) || iscntrl(string[i]))
    5082             :       break;
    5083             : 
    5084           0 :   if(i==0 || i<strlen(string))
    5085             :     {
    5086           0 :       if(which)
    5087           0 :         log_error(_("the given certification policy URL is invalid\n"));
    5088             :       else
    5089           0 :         log_error(_("the given signature policy URL is invalid\n"));
    5090             :     }
    5091             : 
    5092           0 :   if(which)
    5093           0 :     sl=add_to_strlist( &opt.cert_policy_url, string );
    5094             :   else
    5095           0 :     sl=add_to_strlist( &opt.sig_policy_url, string );
    5096             : 
    5097           0 :   if(critical)
    5098           0 :     sl->flags |= 1;
    5099           0 : }
    5100             : 
    5101             : static void
    5102           0 : add_keyserver_url( const char *string, int which )
    5103             : {
    5104           0 :   unsigned int i,critical=0;
    5105             :   strlist_t sl;
    5106             : 
    5107           0 :   if(*string=='!')
    5108             :     {
    5109           0 :       string++;
    5110           0 :       critical=1;
    5111             :     }
    5112             : 
    5113           0 :   for(i=0;i<strlen(string);i++)
    5114           0 :     if( !isascii (string[i]) || iscntrl(string[i]))
    5115             :       break;
    5116             : 
    5117           0 :   if(i==0 || i<strlen(string))
    5118             :     {
    5119           0 :       if(which)
    5120           0 :         BUG();
    5121             :       else
    5122           0 :         log_error(_("the given preferred keyserver URL is invalid\n"));
    5123             :     }
    5124             : 
    5125           0 :   if(which)
    5126           0 :     BUG();
    5127             :   else
    5128           0 :     sl=add_to_strlist( &opt.sig_keyserver_url, string );
    5129             : 
    5130           0 :   if(critical)
    5131           0 :     sl->flags |= 1;
    5132           0 : }

Generated by: LCOV version 1.11