From 4aeeaa65ad09fa72ee21c5597b1ce6255ec7dfa8 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 12 Jan 2022 13:34:31 +0900
Subject: [PATCH] gpg: Fix adding the list of ultimate trusted keys.

* g10/keygen.c (do_generate_keypair): Remove another call to
update_ownertrust.
* g10/trust.c (update_ownertrust): Add call to tdb_update_utk.
* g10/trustdb.c (tdb_update_utk): New.
* g10/trustdb.h (tdb_update_utk): New.

--

GnuPG-bug-id: 5742
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/keygen.c  |  2 --
 g10/trust.c   |  4 ++++
 g10/trustdb.c | 43 +++++++++++++++++++++++++++++++++++++++++++
 g10/trustdb.h |  1 +
 4 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/g10/keygen.c b/g10/keygen.c
index bb243522d..8cd977c26 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -5617,8 +5617,6 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
 
           pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
 
-          update_ownertrust (ctrl, pk, TRUST_ULTIMATE);
-
           if (!opt.flags.no_auto_trust_new_key)
             update_ownertrust (ctrl, pk,
                                ((get_ownertrust (ctrl, pk) & ~TRUST_MASK)
diff --git a/g10/trust.c b/g10/trust.c
index 3f53e4bf3..9749bd786 100644
--- a/g10/trust.c
+++ b/g10/trust.c
@@ -267,7 +267,11 @@ update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust)
   (void)pk;
   (void)new_trust;
 #else
+  u32 keyid[2];
+
   tdb_update_ownertrust (ctrl, pk, new_trust, 0);
+  keyid_from_pk (pk, keyid);
+  tdb_update_utk (keyid, (new_trust & TRUST_ULTIMATE));
 #endif
 }
 
diff --git a/g10/trustdb.c b/g10/trustdb.c
index bcaa196d9..e8cd62d5f 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -308,6 +308,49 @@ add_utk (u32 *kid)
 }
 
 
+/* Add/remove KID to/from the list of ultimately trusted keys.  */
+void
+tdb_update_utk (u32 *kid, int add)
+{
+  struct key_item *k, *k_prev;
+
+  k_prev = NULL;
+  for (k = utk_list; k; k = k->next)
+    if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+      break;
+    else
+      k_prev = k;
+
+  if (add)
+    {
+      if (!k)
+        {
+          k = new_key_item ();
+          k->kid[0] = kid[0];
+          k->kid[1] = kid[1];
+          k->ownertrust = TRUST_ULTIMATE;
+          k->next = utk_list;
+          utk_list = k;
+          if ( opt.verbose > 1 )
+            log_info(_("key %s: accepted as trusted key\n"), keystr(kid));
+        }
+    }
+  else
+    {
+      if (k)
+        {
+          if (k_prev)
+            k_prev->next = k->next;
+          else
+            utk_list = NULL;
+
+          xfree (k->trust_regexp);
+          xfree (k);
+        }
+    }
+}
+
+
 /****************
  * Verify that all our secret keys are usable and put them into the utk_list.
  */
diff --git a/g10/trustdb.h b/g10/trustdb.h
index 4f1e1e2c1..3015da042 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -80,6 +80,7 @@ int tdb_keyid_is_utk (u32 *kid);
 /* Return the list of ultimately trusted keys.  The caller must not
  * modify this list nor must it free the list.  */
 struct key_item *tdb_utks (void);
+void tdb_update_utk (u32 *kid, int add);
 void check_trustdb (ctrl_t ctrl);
 void update_trustdb (ctrl_t ctrl);
 int setup_trustdb( int level, const char *dbname );