security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Pass CTRL to many more functions. 

--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-03-31 20:03:52 +02:00
parent 5e89144cbc
commit 8f2671d2cc
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
38 changed files with 885 additions and 751 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
g10/call-agent.c
View File

@ -160,7 +160,8 @@ default_inq_cb (void *opaque, const char *line)
char buf[32]; char buf[32];
if (parm->keyinfo.keyid) if (parm->keyinfo.keyid)
emit_status_need_passphrase (parm->keyinfo.keyid, emit_status_need_passphrase (parm->ctrl,
parm->keyinfo.keyid,
parm->keyinfo.mainkeyid, parm->keyinfo.mainkeyid,
parm->keyinfo.pubkey_algo); parm->keyinfo.pubkey_algo);

2
g10/call-dirmngr.c
View File

@ -1068,7 +1068,7 @@ gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
/* We are going to parse the keyblock, thus we better make sure the /* We are going to parse the keyblock, thus we better make sure the
all information is readily available. */ all information is readily available. */
if (keyblock) if (keyblock)
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
err = open_context (ctrl, &ctx); err = open_context (ctrl, &ctx);
if (err) if (err)

23
g10/card-util.c
View File

@ -362,7 +362,8 @@ fpr_is_ff (const char *fpr)
/* Print all available information about the current card. */ /* Print all available information about the current card. */
static void static void
current_card_status (estream_t fp, char *serialno, size_t serialnobuflen) current_card_status (ctrl_t ctrl, estream_t fp,
char *serialno, size_t serialnobuflen)
{ {
struct agent_card_info_s info; struct agent_card_info_s info;
PKT_public_key *pk = xcalloc (1, sizeof *pk); PKT_public_key *pk = xcalloc (1, sizeof *pk);
@ -609,9 +610,9 @@ current_card_status (estream_t fp, char *serialno, size_t serialnobuflen)
/* If the fingerprint is all 0xff, the key has no asssociated /* If the fingerprint is all 0xff, the key has no asssociated
OpenPGP certificate. */ OpenPGP certificate. */
if ( thefpr && !fpr_is_ff (thefpr) if ( thefpr && !fpr_is_ff (thefpr)
&& !get_pubkey_byfprint (pk, &keyblock, thefpr, 20)) && !get_pubkey_byfprint (ctrl, pk, &keyblock, thefpr, 20))
{ {
print_pubkey_info (fp, pk); print_pubkey_info (ctrl, fp, pk);
if (keyblock) if (keyblock)
print_card_key_info (fp, keyblock); print_card_key_info (fp, keyblock);
} }
@ -629,7 +630,7 @@ current_card_status (estream_t fp, char *serialno, size_t serialnobuflen)
Print all available information for current card when SERIALNO is NULL. Print all available information for current card when SERIALNO is NULL.
Or print llfor all cards when SERIALNO is "all". */ Or print llfor all cards when SERIALNO is "all". */
void void
card_status (estream_t fp, const char *serialno) card_status (ctrl_t ctrl, estream_t fp, const char *serialno)
{ {
int err; int err;
strlist_t card_list, sl; strlist_t card_list, sl;
@ -638,7 +639,7 @@ card_status (estream_t fp, const char *serialno)
if (serialno == NULL) if (serialno == NULL)
{ {
current_card_status (fp, NULL, 0); current_card_status (ctrl, fp, NULL, 0);
return; return;
} }
@ -673,7 +674,7 @@ card_status (estream_t fp, const char *serialno)
continue; continue;
} }
current_card_status (fp, NULL, 0); current_card_status (ctrl, fp, NULL, 0);
xfree (serialno1); xfree (serialno1);
if (!all_cards) if (!all_cards)
@ -1510,7 +1511,7 @@ generate_card_keys (ctrl_t ctrl)
/* This function is used by the key edit menu to generate an arbitrary /* This function is used by the key edit menu to generate an arbitrary
subkey. */ subkey. */
gpg_error_t gpg_error_t
card_generate_subkey (KBNODE pub_keyblock) card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
gpg_error_t err; gpg_error_t err;
struct agent_card_info_s info; struct agent_card_info_s info;
@ -1581,7 +1582,7 @@ card_generate_subkey (KBNODE pub_keyblock)
the serialnumber and thus it won't harm. */ the serialnumber and thus it won't harm. */
} }
err = generate_card_subkeypair (pub_keyblock, keyno, info.serialno); err = generate_card_subkeypair (ctrl, pub_keyblock, keyno, info.serialno);
leave: leave:
agent_release_card_info (&info); agent_release_card_info (&info);
@ -1987,12 +1988,14 @@ card_edit (ctrl_t ctrl, strlist_t commands)
{ {
if (opt.with_colons) if (opt.with_colons)
{ {
current_card_status (es_stdout, serialnobuf, DIM (serialnobuf)); current_card_status (ctrl, es_stdout,
serialnobuf, DIM (serialnobuf));
fflush (stdout); fflush (stdout);
} }
else else
{ {
current_card_status (NULL, serialnobuf, DIM (serialnobuf)); current_card_status (ctrl, NULL,
serialnobuf, DIM (serialnobuf));
tty_printf("\n"); tty_printf("\n");
} }
redisplay = 0; redisplay = 0;

20
g10/delkey.c
View File

@ -47,7 +47,8 @@
* key can't be deleted for that reason. * key can't be deleted for that reason.
*/ */
static gpg_error_t static gpg_error_t
do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) do_delete_key (ctrl_t ctrl, const char *username, int secret, int force,
int *r_sec_avail)
{ {
gpg_error_t err; gpg_error_t err;
kbnode_t keyblock = NULL; kbnode_t keyblock = NULL;
@ -137,9 +138,9 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
else else
{ {
if (secret) if (secret)
print_seckey_info (pk); print_seckey_info (ctrl, pk);
else else
print_pubkey_info (NULL, pk ); print_pubkey_info (ctrl, NULL, pk );
tty_printf( "\n" ); tty_printf( "\n" );
yes = cpr_get_answer_is_yes yes = cpr_get_answer_is_yes
@ -180,7 +181,8 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key)) if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
continue; /* No secret key for that public (sub)key. */ continue; /* No secret key for that public (sub)key. */
prompt = gpg_format_keydesc (node->pkt->pkt.public_key, prompt = gpg_format_keydesc (ctrl,
node->pkt->pkt.public_key,
FORMAT_KEYDESC_DELKEY, 1); FORMAT_KEYDESC_DELKEY, 1);
err = hexkeygrip_from_pk (node->pkt->pkt.public_key, &hexgrip); err = hexkeygrip_from_pk (node->pkt->pkt.public_key, &hexgrip);
/* NB: We require --yes to advise the agent not to /* NB: We require --yes to advise the agent not to
@ -232,7 +234,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
revalidation_mark(). This makes sense - only deleting keys revalidation_mark(). This makes sense - only deleting keys
that have ownertrust set should trigger this. */ that have ownertrust set should trigger this. */
if (!secret && pk && clear_ownertrusts (pk)) if (!secret && pk && clear_ownertrusts (ctrl, pk))
{ {
if (opt.verbose) if (opt.verbose)
log_info (_("ownertrust information cleared\n")); log_info (_("ownertrust information cleared\n"));
@ -249,7 +251,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail )
* Delete a public or secret key from a keyring. * Delete a public or secret key from a keyring.
*/ */
gpg_error_t gpg_error_t
delete_keys (strlist_t names, int secret, int allow_both) delete_keys (ctrl_t ctrl, strlist_t names, int secret, int allow_both)
{ {
gpg_error_t err; gpg_error_t err;
int avail; int avail;
@ -260,14 +262,14 @@ delete_keys (strlist_t names, int secret, int allow_both)
for ( ;names ; names=names->next ) for ( ;names ; names=names->next )
{ {
err = do_delete_key (names->d, secret, force, &avail); err = do_delete_key (ctrl, names->d, secret, force, &avail);
if (err && avail) if (err && avail)
{ {
if (allow_both) if (allow_both)
{ {
err = do_delete_key (names->d, 1, 0, &avail); err = do_delete_key (ctrl, names->d, 1, 0, &avail);
if (!err) if (!err)
err = do_delete_key (names->d, 0, 0, &avail); err = do_delete_key (ctrl, names->d, 0, 0, &avail);
} }
else else
{ {

17
g10/encrypt.c
View File

@ -41,7 +41,8 @@
static int encrypt_simple( const char *filename, int mode, int use_seskey ); static int encrypt_simple( const char *filename, int mode, int use_seskey );
static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, iobuf_t out ); static int write_pubkey_enc_from_list (ctrl_t ctrl,
PK_LIST pk_list, DEK *dek, iobuf_t out);
/**************** /****************
* Encrypt FILENAME with only the symmetric cipher. Take input from * Encrypt FILENAME with only the symmetric cipher. Take input from
@ -634,7 +635,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (DBG_CRYPTO) if (DBG_CRYPTO)
log_printhex ("DEK is: ", cfx.dek->key, cfx.dek->keylen ); log_printhex ("DEK is: ", cfx.dek->key, cfx.dek->keylen );
rc = write_pubkey_enc_from_list (pk_list, cfx.dek, out); rc = write_pubkey_enc_from_list (ctrl, pk_list, cfx.dek, out);
if (rc) if (rc)
goto leave; goto leave;
@ -828,7 +829,8 @@ encrypt_filter (void *opaque, int control,
if (DBG_CRYPTO) if (DBG_CRYPTO)
log_printhex ("DEK is: ", efx->cfx.dek->key, efx->cfx.dek->keylen); log_printhex ("DEK is: ", efx->cfx.dek->key, efx->cfx.dek->keylen);
rc = write_pubkey_enc_from_list (efx->pk_list, efx->cfx.dek, a); rc = write_pubkey_enc_from_list (efx->ctrl,
efx->pk_list, efx->cfx.dek, a);
if (rc) if (rc)
return rc; return rc;
@ -864,7 +866,8 @@ encrypt_filter (void *opaque, int control,
* Write a pubkey-enc packet for the public key PK to OUT. * Write a pubkey-enc packet for the public key PK to OUT.
*/ */
int int
write_pubkey_enc (PKT_public_key *pk, int throw_keyid, DEK *dek, iobuf_t out) write_pubkey_enc (ctrl_t ctrl,
PKT_public_key *pk, int throw_keyid, DEK *dek, iobuf_t out)
{ {
PACKET pkt; PACKET pkt;
PKT_pubkey_enc *enc; PKT_pubkey_enc *enc;
@ -899,7 +902,7 @@ write_pubkey_enc (PKT_public_key *pk, int throw_keyid, DEK *dek, iobuf_t out)
{ {
if ( opt.verbose ) if ( opt.verbose )
{ {
char *ustr = get_user_id_string_native (enc->keyid); char *ustr = get_user_id_string_native (ctrl, enc->keyid);
log_info (_("%s/%s encrypted for: \"%s\"\n"), log_info (_("%s/%s encrypted for: \"%s\"\n"),
openpgp_pk_algo_name (enc->pubkey_algo), openpgp_pk_algo_name (enc->pubkey_algo),
openpgp_cipher_algo_name (dek->algo), openpgp_cipher_algo_name (dek->algo),
@ -924,7 +927,7 @@ write_pubkey_enc (PKT_public_key *pk, int throw_keyid, DEK *dek, iobuf_t out)
* Write pubkey-enc packets from the list of PKs to OUT. * Write pubkey-enc packets from the list of PKs to OUT.
*/ */
static int static int
write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out) write_pubkey_enc_from_list (ctrl_t ctrl, PK_LIST pk_list, DEK *dek, iobuf_t out)
{ {
if (opt.throw_keyids && (PGP6 || PGP7 || PGP8)) if (opt.throw_keyids && (PGP6 || PGP7 || PGP8))
{ {
@ -937,7 +940,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out)
{ {
PKT_public_key *pk = pk_list->pk; PKT_public_key *pk = pk_list->pk;
int throw_keyid = (opt.throw_keyids || (pk_list->flags&1)); int throw_keyid = (opt.throw_keyids || (pk_list->flags&1));
int rc = write_pubkey_enc (pk, throw_keyid, dek, out); int rc = write_pubkey_enc (ctrl, pk, throw_keyid, dek, out);
if (rc) if (rc)
return rc; return rc;
} }

28
g10/export.c
View File

@ -1188,7 +1188,7 @@ receive_seckey_from_agent (ctrl_t ctrl, gcry_cipher_hd_t cipherhd,
if (opt.verbose) if (opt.verbose)
log_info ("key %s: asking agent for the secret parts\n", hexgrip); log_info ("key %s: asking agent for the secret parts\n", hexgrip);
prompt = gpg_format_keydesc (pk, FORMAT_KEYDESC_EXPORT,1); prompt = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_EXPORT,1);
err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr, err = agent_export_key (ctrl, hexgrip, prompt, !cleartext, cache_nonce_addr,
&wrappedkey, &wrappedkeylen); &wrappedkey, &wrappedkeylen);
xfree (prompt); xfree (prompt);
@ -1336,15 +1336,19 @@ write_keyblock_to_output (kbnode_t keyblock, int with_armor,
* KEYBLOCK must not have any blocks marked as deleted. * KEYBLOCK must not have any blocks marked as deleted.
*/ */
static void static void
apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) apply_keep_uid_filter (ctrl_t ctrl, kbnode_t keyblock, recsel_expr_t selector)
{ {
kbnode_t node; kbnode_t node;
struct impex_filter_parm_s parm;
parm.ctrl = ctrl;
for (node = keyblock->next; node; node = node->next ) for (node = keyblock->next; node; node = node->next )
{ {
if (node->pkt->pkttype == PKT_USER_ID) if (node->pkt->pkttype == PKT_USER_ID)
{ {
if (!recsel_select (selector, impex_filter_getval, node)) parm.node = node;
if (!recsel_select (selector, impex_filter_getval, &parm))
{ {
/* log_debug ("keep-uid: deleting '%s'\n", */ /* log_debug ("keep-uid: deleting '%s'\n", */
/* node->pkt->pkt.user_id->name); */ /* node->pkt->pkt.user_id->name); */
@ -1372,16 +1376,21 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector)
* KEYBLOCK must not have any blocks marked as deleted. * KEYBLOCK must not have any blocks marked as deleted.
*/ */
static void static void
apply_drop_subkey_filter (kbnode_t keyblock, recsel_expr_t selector) apply_drop_subkey_filter (ctrl_t ctrl, kbnode_t keyblock,
recsel_expr_t selector)
{ {
kbnode_t node; kbnode_t node;
struct impex_filter_parm_s parm;
parm.ctrl = ctrl;
for (node = keyblock->next; node; node = node->next ) for (node = keyblock->next; node; node = node->next )
{ {
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
|| node->pkt->pkttype == PKT_SECRET_SUBKEY) || node->pkt->pkttype == PKT_SECRET_SUBKEY)
{ {
if (recsel_select (selector, impex_filter_getval, node)) parm.node = node;
if (recsel_select (selector, impex_filter_getval, &parm))
{ {
/*log_debug ("drop-subkey: deleting a key\n");*/ /*log_debug ("drop-subkey: deleting a key\n");*/
/* The subkey packet and all following packets up to the /* The subkey packet and all following packets up to the
@ -1990,19 +1999,20 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret,
* UID sigs (0x10, 0x11, 0x12, and 0x13). A designated * UID sigs (0x10, 0x11, 0x12, and 0x13). A designated
* revocation is never stripped, even with export-minimal set. */ * revocation is never stripped, even with export-minimal set. */
if ((options & EXPORT_CLEAN)) if ((options & EXPORT_CLEAN))
clean_key (keyblock, opt.verbose, (options&EXPORT_MINIMAL), NULL, NULL); clean_key (ctrl, keyblock, opt.verbose,
(options&EXPORT_MINIMAL), NULL, NULL);
if (export_keep_uid) if (export_keep_uid)
{ {
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
apply_keep_uid_filter (keyblock, export_keep_uid); apply_keep_uid_filter (ctrl, keyblock, export_keep_uid);
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
} }
if (export_drop_subkey) if (export_drop_subkey)
{ {
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
apply_drop_subkey_filter (keyblock, export_drop_subkey); apply_drop_subkey_filter (ctrl, keyblock, export_drop_subkey);
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
} }
@ -2139,7 +2149,7 @@ export_ssh_key (ctrl_t ctrl, const char *userid)
1 /* No AKL lookup. */); 1 /* No AKL lookup. */);
if (!err) if (!err)
{ {
err = getkey_next (getkeyctx, NULL, NULL); err = getkey_next (ctrl, getkeyctx, NULL, NULL);
if (!err) if (!err)
err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
else if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY) else if (gpg_err_code (err) == GPG_ERR_NO_PUBKEY)

140
g10/getkey.c
View File

@ -139,10 +139,9 @@ typedef struct user_id_db
static user_id_db_t user_id_db; static user_id_db_t user_id_db;
static int uid_cache_entries; /* Number of entries in uid cache. */ static int uid_cache_entries; /* Number of entries in uid cache. */
static void merge_selfsigs (kbnode_t keyblock); static void merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock);
static int lookup (getkey_ctx_t ctx, static int lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
kbnode_t *ret_keyblock, kbnode_t *ret_found_key, kbnode_t *ret_keyblock, kbnode_t *ret_found_key);
int want_secret);
static kbnode_t finish_lookup (kbnode_t keyblock, static kbnode_t finish_lookup (kbnode_t keyblock,
unsigned int req_usage, int want_exact, unsigned int req_usage, int want_exact,
unsigned int *r_flags); unsigned int *r_flags);
@ -532,7 +531,7 @@ get_pubkeys (ctrl_t ctrl,
err = get_pubkey_byname (ctrl, &ctx, pk, search_terms, &kb, NULL, err = get_pubkey_byname (ctrl, &ctx, pk, search_terms, &kb, NULL,
include_unusable, 1); include_unusable, 1);
else else
err = getkey_next (ctx, pk, &kb); err = getkey_next (ctrl, ctx, pk, &kb);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
/* No more results. */ /* No more results. */
@ -697,7 +696,7 @@ pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
* has definitely been merged into the public key using * has definitely been merged into the public key using
* merge_selfsigs. */ * merge_selfsigs. */
int int
get_pubkey (PKT_public_key * pk, u32 * keyid) get_pubkey (ctrl_t ctrl, PKT_public_key * pk, u32 * keyid)
{ {
int internal = 0; int internal = 0;
int rc = 0; int rc = 0;
@ -748,7 +747,7 @@ get_pubkey (PKT_public_key * pk, u32 * keyid)
ctx.items[0].u.kid[0] = keyid[0]; ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1]; ctx.items[0].u.kid[1] = keyid[1];
ctx.req_usage = pk->req_usage; ctx.req_usage = pk->req_usage;
rc = lookup (&ctx, &kb, &found_key, 0); rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
if (!rc) if (!rc)
{ {
pk_from_block (pk, kb, found_key); pk_from_block (pk, kb, found_key);
@ -852,7 +851,7 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
* The self-signed data has already been merged into the public key * The self-signed data has already been merged into the public key
* using merge_selfsigs. */ * using merge_selfsigs. */
kbnode_t kbnode_t
get_pubkeyblock (u32 * keyid) get_pubkeyblock (ctrl_t ctrl, u32 * keyid)
{ {
struct getkey_ctx_s ctx; struct getkey_ctx_s ctx;
int rc = 0; int rc = 0;
@ -868,7 +867,7 @@ get_pubkeyblock (u32 * keyid)
ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID; ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
ctx.items[0].u.kid[0] = keyid[0]; ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1]; ctx.items[0].u.kid[1] = keyid[1];
rc = lookup (&ctx, &keyblock, NULL, 0); rc = lookup (ctrl, &ctx, 0, &keyblock, NULL);
getkey_end (&ctx); getkey_end (&ctx);
return rc ? NULL : keyblock; return rc ? NULL : keyblock;
@ -893,7 +892,7 @@ get_pubkeyblock (u32 * keyid)
* The self-signed data has already been merged into the public key * The self-signed data has already been merged into the public key
* using merge_selfsigs. */ * using merge_selfsigs. */
gpg_error_t gpg_error_t
get_seckey (PKT_public_key *pk, u32 *keyid) get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
{ {
gpg_error_t err; gpg_error_t err;
struct getkey_ctx_s ctx; struct getkey_ctx_s ctx;
@ -911,7 +910,7 @@ get_seckey (PKT_public_key *pk, u32 *keyid)
ctx.items[0].u.kid[0] = keyid[0]; ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1]; ctx.items[0].u.kid[1] = keyid[1];
ctx.req_usage = pk->req_usage; ctx.req_usage = pk->req_usage;
err = lookup (&ctx, &keyblock, &found_key, 1); err = lookup (ctrl, &ctx, 1, &keyblock, &found_key);
if (!err) if (!err)
{ {
pk_from_block (pk, keyblock, found_key); pk_from_block (pk, keyblock, found_key);
@ -933,15 +932,14 @@ get_seckey (PKT_public_key *pk, u32 *keyid)
/* Skip unusable keys. A key is unusable if it is revoked, expired or /* Skip unusable keys. A key is unusable if it is revoked, expired or
disabled or if the selected user id is revoked or expired. */ disabled or if the selected user id is revoked or expired. */
static int static int
skip_unusable (void *dummy, u32 * keyid, int uid_no) skip_unusable (void *opaque, u32 * keyid, int uid_no)
{ {
ctrl_t ctrl = opaque;
int unusable = 0; int unusable = 0;
KBNODE keyblock; KBNODE keyblock;
PKT_public_key *pk; PKT_public_key *pk;
(void) dummy; keyblock = get_pubkeyblock (ctrl, keyid);
keyblock = get_pubkeyblock (keyid);
if (!keyblock) if (!keyblock)
{ {
log_error ("error checking usability status of %s\n", keystr (keyid)); log_error ("error checking usability status of %s\n", keystr (keyid));
@ -1034,7 +1032,7 @@ leave:
returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
(if want_secret is set) is returned if the key is not found. */ (if want_secret is set) is returned if the key is not found. */
static int static int
key_byname (GETKEY_CTX *retctx, strlist_t namelist, key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
PKT_public_key *pk, PKT_public_key *pk,
int want_secret, int include_unusable, int want_secret, int include_unusable,
KBNODE * ret_kb, KEYDB_HANDLE * ret_kdbhd) KBNODE * ret_kb, KEYDB_HANDLE * ret_kdbhd)
@ -1063,7 +1061,10 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist,
ctx->nitems = 1; ctx->nitems = 1;
ctx->items[0].mode = KEYDB_SEARCH_MODE_FIRST; ctx->items[0].mode = KEYDB_SEARCH_MODE_FIRST;
if (!include_unusable) if (!include_unusable)
ctx->items[0].skipfnc = skip_unusable; {
ctx->items[0].skipfnc = skip_unusable;
ctx->items[0].skipfncvalue = ctrl;
}
} }
else else
{ {
@ -1096,7 +1097,10 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist,
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR16 && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR16
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR20 && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR20
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR) && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR)
ctx->items[n].skipfnc = skip_unusable; {
ctx->items[n].skipfnc = skip_unusable;
ctx->items[n].skipfncvalue = ctrl;
}
} }
} }
@ -1117,7 +1121,7 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist,
ctx->req_usage = pk->req_usage; ctx->req_usage = pk->req_usage;
} }
rc = lookup (ctx, ret_kb, &found_key, want_secret); rc = lookup (ctrl, ctx, want_secret, ret_kb, &found_key);
if (!rc && pk) if (!rc && pk)
{ {
pk_from_block (pk, *ret_kb, found_key); pk_from_block (pk, *ret_kb, found_key);
@ -1273,7 +1277,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
* only try the local keyring). In this case, lookup NAME in * only try the local keyring). In this case, lookup NAME in
* the local keyring. */ * the local keyring. */
add_to_strlist (&namelist, name); add_to_strlist (&namelist, name);
rc = key_byname (retctx, namelist, pk, 0, rc = key_byname (ctrl, retctx, namelist, pk, 0,
include_unusable, ret_keyblock, ret_kdbhd); include_unusable, ret_keyblock, ret_kdbhd);
} }
@ -1310,7 +1314,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
*retctx = NULL; *retctx = NULL;
} }
add_to_strlist (&namelist, name); add_to_strlist (&namelist, name);
rc = key_byname (anylocalfirst ? retctx : NULL, rc = key_byname (ctrl, anylocalfirst ? retctx : NULL,
namelist, pk, 0, namelist, pk, 0,
include_unusable, ret_keyblock, ret_kdbhd); include_unusable, ret_keyblock, ret_kdbhd);
break; break;
@ -1427,7 +1431,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
getkey_end (*retctx); getkey_end (*retctx);
*retctx = NULL; *retctx = NULL;
} }
rc = key_byname (anylocalfirst ? retctx : NULL, rc = key_byname (ctrl, anylocalfirst ? retctx : NULL,
namelist, pk, 0, namelist, pk, 0,
include_unusable, ret_keyblock, ret_kdbhd); include_unusable, ret_keyblock, ret_kdbhd);
} }
@ -1596,7 +1600,7 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
struct pubkey_cmp_cookie new; struct pubkey_cmp_cookie new;
kbnode_t new_keyblock; kbnode_t new_keyblock;
while (getkey_next (ctx, &new.key, &new_keyblock) == 0) while (getkey_next (ctrl, ctx, &new.key, &new_keyblock) == 0)
{ {
int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock); int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
release_kbnode (new_keyblock); release_kbnode (new_keyblock);
@ -1656,7 +1660,7 @@ get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
{ {
release_kbnode (*ret_keyblock); release_kbnode (*ret_keyblock);
*ret_keyblock = NULL; *ret_keyblock = NULL;
rc = getkey_next (ctx, NULL, ret_keyblock); rc = getkey_next (ctrl, ctx, NULL, ret_keyblock);
} }
} }
} }
@ -1718,7 +1722,7 @@ get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
{ {
/* Warning: node flag bits 0 and 1 should be preserved by /* Warning: node flag bits 0 and 1 should be preserved by
* merge_selfsigs. FIXME: Check whether this still holds. */ * merge_selfsigs. FIXME: Check whether this still holds. */
merge_selfsigs (keyblock); merge_selfsigs (ctrl, keyblock);
found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags); found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags);
print_status_key_considered (keyblock, infoflags); print_status_key_considered (keyblock, infoflags);
if (found_key) if (found_key)
@ -1761,7 +1765,7 @@ get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
* be done by creating a userID conforming to the unified fingerprint * be done by creating a userID conforming to the unified fingerprint
* style. */ * style. */
int int
get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock, get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
const byte * fprint, size_t fprint_len) const byte * fprint, size_t fprint_len)
{ {
int rc; int rc;
@ -1786,7 +1790,7 @@ get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
: KEYDB_SEARCH_MODE_FPR20; : KEYDB_SEARCH_MODE_FPR20;
memcpy (ctx.items[0].u.fpr, fprint, fprint_len); memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
rc = lookup (&ctx, &kb, &found_key, 0); rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
if (!rc && pk) if (!rc && pk)
pk_from_block (pk, kb, found_key); pk_from_block (pk, kb, found_key);
if (!rc && r_keyblock) if (!rc && r_keyblock)
@ -1911,7 +1915,7 @@ parse_def_secret_key (ctrl_t ctrl)
continue; continue;
} }
merge_selfsigs (kb); merge_selfsigs (ctrl, kb);
err = gpg_error (GPG_ERR_NO_SECKEY); err = gpg_error (GPG_ERR_NO_SECKEY);
node = kb; node = kb;
@ -2024,7 +2028,7 @@ get_seckey_default (ctrl_t ctrl, PKT_public_key *pk)
else else
include_unusable = 0; include_unusable = 0;
err = key_byname (NULL, namelist, pk, 1, include_unusable, NULL, NULL); err = key_byname (ctrl, NULL, namelist, pk, 1, include_unusable, NULL, NULL);
free_strlist (namelist); free_strlist (namelist);
@ -2069,10 +2073,10 @@ get_seckey_default (ctrl_t ctrl, PKT_public_key *pk)
* returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY * returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
* (if want_secret is set) is returned if the key is not found. */ * (if want_secret is set) is returned if the key is not found. */
gpg_error_t gpg_error_t
getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk, getkey_bynames (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
strlist_t names, int want_secret, kbnode_t *ret_keyblock) strlist_t names, int want_secret, kbnode_t *ret_keyblock)
{ {
return key_byname (retctx, names, pk, want_secret, 1, return key_byname (ctrl, retctx, names, pk, want_secret, 1,
ret_keyblock, NULL); ret_keyblock, NULL);
} }
@ -2136,7 +2140,7 @@ getkey_byname (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
else else
with_unusable = 0; with_unusable = 0;
err = key_byname (retctx, namelist, pk, want_secret, with_unusable, err = key_byname (ctrl, retctx, namelist, pk, want_secret, with_unusable,
ret_keyblock, NULL); ret_keyblock, NULL);
/* FIXME: Check that we really return GPG_ERR_NO_SECKEY if /* FIXME: Check that we really return GPG_ERR_NO_SECKEY if
@ -2165,7 +2169,8 @@ getkey_byname (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
* The self-signed data has already been merged into the public key * The self-signed data has already been merged into the public key
* using merge_selfsigs. */ * using merge_selfsigs. */
gpg_error_t gpg_error_t
getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock) getkey_next (ctrl_t ctrl, getkey_ctx_t ctx,
PKT_public_key *pk, kbnode_t *ret_keyblock)
{ {
int rc; /* Fixme: Make sure this is proper gpg_error */ int rc; /* Fixme: Make sure this is proper gpg_error */
KBNODE keyblock = NULL; KBNODE keyblock = NULL;
@ -2183,7 +2188,8 @@ getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
if (pk && ret_keyblock == NULL) if (pk && ret_keyblock == NULL)
ret_keyblock = &keyblock; ret_keyblock = &keyblock;
rc = lookup (ctx, ret_keyblock, pk ? &found_key : NULL, ctx->want_secret); rc = lookup (ctrl, ctx, ctx->want_secret,
ret_keyblock, pk ? &found_key : NULL);
if (!rc && pk) if (!rc && pk)
{ {
log_assert (found_key); log_assert (found_key);
@ -2255,12 +2261,12 @@ setup_main_keyids (kbnode_t keyblock)
* useful, however, if you change the keyblock, e.g., by adding or * useful, however, if you change the keyblock, e.g., by adding or
* removing a self-signed data packet. */ * removing a self-signed data packet. */
void void
merge_keys_and_selfsig (KBNODE keyblock) merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock)
{ {
if (!keyblock) if (!keyblock)
; ;
else if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY) else if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
merge_selfsigs (keyblock); merge_selfsigs (ctrl, keyblock);
else else
log_debug ("FIXME: merging secret key blocks is not anymore available\n"); log_debug ("FIXME: merging secret key blocks is not anymore available\n");
} }
@ -2481,7 +2487,7 @@ sig_to_revoke_info (PKT_signature * sig, struct revoke_info *rinfo)
field is set to 1 and the other user id's is_primary are set to field is set to 1 and the other user id's is_primary are set to
0. */ 0. */
static void static void
merge_selfsigs_main (KBNODE keyblock, int *r_revoked, merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
struct revoke_info *rinfo) struct revoke_info *rinfo)
{ {
PKT_public_key *pk = NULL; PKT_public_key *pk = NULL;
@ -2564,7 +2570,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1]) if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
/* Self sig. */ /* Self sig. */
{ {
if (check_key_signature (keyblock, k, NULL)) if (check_key_signature (ctrl, keyblock, k, NULL))
; /* Signature did not verify. */ ; /* Signature did not verify. */
else if (IS_KEY_REV (sig)) else if (IS_KEY_REV (sig))
{ {
@ -2689,7 +2695,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
if (IS_KEY_REV (sig) && if (IS_KEY_REV (sig) &&
(sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1])) (sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1]))
{ {
int rc = check_revocation_keys (pk, sig); int rc = check_revocation_keys (ctrl, pk, sig);
if (rc == 0) if (rc == 0)
{ {
*r_revoked = 2; *r_revoked = 2;
@ -2746,7 +2752,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
PKT_signature *sig = k->pkt->pkt.signature; PKT_signature *sig = k->pkt->pkt.signature;
if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1]) if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
{ {
if (check_key_signature (keyblock, k, NULL)) if (check_key_signature (ctrl, keyblock, k, NULL))
; /* signature did not verify */ ; /* signature did not verify */
else if ((IS_UID_SIG (sig) || IS_UID_REV (sig)) else if ((IS_UID_SIG (sig) || IS_UID_REV (sig))
&& sig->timestamp >= sigdate) && sig->timestamp >= sigdate)
@ -2812,9 +2818,10 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
revoked the user should also remove the revoked the user should also remove the
ultimate trust flag. */ ultimate trust flag. */
if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0 if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0
&& check_key_signature2 (keyblock, k, ultimate_pk, && check_key_signature2 (ctrl,
keyblock, k, ultimate_pk,
NULL, NULL, NULL, NULL) == 0 NULL, NULL, NULL, NULL) == 0
&& get_ownertrust (ultimate_pk) == TRUST_ULTIMATE) && get_ownertrust (ctrl, ultimate_pk) == TRUST_ULTIMATE)
{ {
free_public_key (ultimate_pk); free_public_key (ultimate_pk);
pk->flags.valid = 1; pk->flags.valid = 1;
@ -3050,7 +3057,7 @@ buf_to_sig (const byte * buf, size_t len)
flags.chosen_selfsig flags.chosen_selfsig
*/ */
static void static void
merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode) merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
{ {
PKT_public_key *mainpk = NULL, *subpk = NULL; PKT_public_key *mainpk = NULL, *subpk = NULL;
PKT_signature *sig; PKT_signature *sig;
@ -3089,7 +3096,7 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
sig = k->pkt->pkt.signature; sig = k->pkt->pkt.signature;
if (sig->keyid[0] == mainkid[0] && sig->keyid[1] == mainkid[1]) if (sig->keyid[0] == mainkid[0] && sig->keyid[1] == mainkid[1])
{ {
if (check_key_signature (keyblock, k, NULL)) if (check_key_signature (ctrl, keyblock, k, NULL))
; /* Signature did not verify. */ ; /* Signature did not verify. */
else if (IS_SUBKEY_REV (sig)) else if (IS_SUBKEY_REV (sig))
{ {
@ -3241,7 +3248,7 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
See documentation for merge_selfsigs_main, merge_selfsigs_subkey See documentation for merge_selfsigs_main, merge_selfsigs_subkey
and fixup_uidnode for exactly which fields are updated. */ and fixup_uidnode for exactly which fields are updated. */
static void static void
merge_selfsigs (KBNODE keyblock) merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock)
{ {
KBNODE k; KBNODE k;
int revoked; int revoked;
@ -3264,14 +3271,14 @@ merge_selfsigs (KBNODE keyblock)
BUG (); BUG ();
} }
merge_selfsigs_main (keyblock, &revoked, &rinfo); merge_selfsigs_main (ctrl, keyblock, &revoked, &rinfo);
/* Now merge in the data from each of the subkeys. */ /* Now merge in the data from each of the subkeys. */
for (k = keyblock; k; k = k->next) for (k = keyblock; k; k = k->next)
{ {
if (k->pkt->pkttype == PKT_PUBLIC_SUBKEY) if (k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{ {
merge_selfsigs_subkey (keyblock, k); merge_selfsigs_subkey (ctrl, keyblock, k);
} }
} }
@ -3670,8 +3677,8 @@ print_status_key_considered (kbnode_t keyblock, unsigned int flags)
*RET_KEYBLOCK is deallocated. Therefore, if RET_FOUND_KEY is not *RET_KEYBLOCK is deallocated. Therefore, if RET_FOUND_KEY is not
NULL, then RET_KEYBLOCK must not be NULL. */ NULL, then RET_KEYBLOCK must not be NULL. */
static int static int
lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key, lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
int want_secret) kbnode_t *ret_keyblock, kbnode_t *ret_found_key)
{ {
int rc; int rc;
int no_suitable_key = 0; int no_suitable_key = 0;
@ -3708,7 +3715,7 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
/* Warning: node flag bits 0 and 1 should be preserved by /* Warning: node flag bits 0 and 1 should be preserved by
* merge_selfsigs. */ * merge_selfsigs. */
merge_selfsigs (keyblock); merge_selfsigs (ctrl, keyblock);
found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact, found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact,
&infoflags); &infoflags);
print_status_key_considered (keyblock, infoflags); print_status_key_considered (keyblock, infoflags);
@ -3868,7 +3875,8 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
break; break;
case 3: /* Init search context to enum all secret keys. */ case 3: /* Init search context to enum all secret keys. */
err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock); err = getkey_bynames (ctrl, &c->ctx, NULL, NULL, 1,
&keyblock);
if (err) if (err)
{ {
release_kbnode (keyblock); release_kbnode (keyblock);
@ -3882,7 +3890,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
case 4: /* Get next item from the context. */ case 4: /* Get next item from the context. */
if (c->ctx) if (c->ctx)
{ {
err = getkey_next (c->ctx, NULL, &keyblock); err = getkey_next (ctrl, c->ctx, NULL, &keyblock);
if (err) if (err)
{ {
release_kbnode (keyblock); release_kbnode (keyblock);
@ -3946,7 +3954,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
/* Return a string with a printable representation of the user_id. /* Return a string with a printable representation of the user_id.
* this string must be freed by xfree. */ * this string must be freed by xfree. */
static char * static char *
get_user_id_string (u32 * keyid, int mode, size_t *r_len) get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
{ {
user_id_db_t r; user_id_db_t r;
keyid_list_t a; keyid_list_t a;
@ -3990,7 +3998,7 @@ get_user_id_string (u32 * keyid, int mode, size_t *r_len)
} }
} }
} }
while (++pass < 2 && !get_pubkey (NULL, keyid)); while (++pass < 2 && !get_pubkey (ctrl, NULL, keyid));
if (mode == 2) if (mode == 2)
p = xstrdup (user_id_not_found_utf8 ()); p = xstrdup (user_id_not_found_utf8 ());
@ -4006,9 +4014,9 @@ get_user_id_string (u32 * keyid, int mode, size_t *r_len)
char * char *
get_user_id_string_native (u32 * keyid) get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
{ {
char *p = get_user_id_string (keyid, 0, NULL); char *p = get_user_id_string (ctrl, keyid, 0, NULL);
char *p2 = utf8_to_native (p, strlen (p), 0); char *p2 = utf8_to_native (p, strlen (p), 0);
xfree (p); xfree (p);
return p2; return p2;
@ -4016,26 +4024,26 @@ get_user_id_string_native (u32 * keyid)
char * char *
get_long_user_id_string (u32 * keyid) get_long_user_id_string (ctrl_t ctrl, u32 * keyid)
{ {
return get_user_id_string (keyid, 1, NULL); return get_user_id_string (ctrl, keyid, 1, NULL);
} }
/* Please try to use get_user_byfpr instead of this one. */ /* Please try to use get_user_byfpr instead of this one. */
char * char *
get_user_id (u32 * keyid, size_t * rn) get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn)
{ {
return get_user_id_string (keyid, 2, rn); return get_user_id_string (ctrl, keyid, 2, rn);
} }
/* Please try to use get_user_id_byfpr_native instead of this one. */ /* Please try to use get_user_id_byfpr_native instead of this one. */
char * char *
get_user_id_native (u32 * keyid) get_user_id_native (ctrl_t ctrl, u32 *keyid)
{ {
size_t rn; size_t rn;
char *p = get_user_id (keyid, &rn); char *p = get_user_id (ctrl, keyid, &rn);
char *p2 = utf8_to_native (p, rn, 0); char *p2 = utf8_to_native (p, rn, 0);
xfree (p); xfree (p);
return p2; return p2;
@ -4048,7 +4056,7 @@ get_user_id_native (u32 * keyid)
terminated. To determine the length of the string, you must use terminated. To determine the length of the string, you must use
*RN. */ *RN. */
char * char *
get_user_id_byfpr (const byte *fpr, size_t *rn) get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn)
{ {
user_id_db_t r; user_id_db_t r;
char *p; char *p;
@ -4076,7 +4084,7 @@ get_user_id_byfpr (const byte *fpr, size_t *rn)
} }
} }
while (++pass < 2 while (++pass < 2
&& !get_pubkey_byfprint (NULL, NULL, fpr, MAX_FINGERPRINT_LEN)); && !get_pubkey_byfprint (ctrl, NULL, NULL, fpr, MAX_FINGERPRINT_LEN));
p = xstrdup (user_id_not_found_utf8 ()); p = xstrdup (user_id_not_found_utf8 ());
*rn = strlen (p); *rn = strlen (p);
return p; return p;
@ -4086,10 +4094,10 @@ get_user_id_byfpr (const byte *fpr, size_t *rn)
encoding. The returned string needs to be freed. Unlike encoding. The returned string needs to be freed. Unlike
get_user_id_byfpr, the returned string is NUL terminated. */ get_user_id_byfpr, the returned string is NUL terminated. */
char * char *
get_user_id_byfpr_native (const byte *fpr) get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr)
{ {
size_t rn; size_t rn;
char *p = get_user_id_byfpr (fpr, &rn); char *p = get_user_id_byfpr (ctrl, fpr, &rn);
char *p2 = utf8_to_native (p, rn, 0); char *p2 = utf8_to_native (p, rn, 0);
xfree (p); xfree (p);
return p2; return p2;

21
g10/gpg.c
View File

@ -4292,7 +4292,8 @@ main (int argc, char **argv)
proper order :) */ proper order :) */
for( ; argc; argc-- ) for( ; argc; argc-- )
add_to_strlist2( &sl, argv[argc-1], utf8_strings ); add_to_strlist2( &sl, argv[argc-1], utf8_strings );
delete_keys(sl,cmd==aDeleteSecretKeys,cmd==aDeleteSecretAndPublicKeys); delete_keys (ctrl, sl,
cmd==aDeleteSecretKeys, cmd==aDeleteSecretAndPublicKeys);
free_strlist(sl); free_strlist(sl);
break; break;
@ -4591,7 +4592,7 @@ main (int argc, char **argv)
if( argc != 1 ) if( argc != 1 )
wrong_args("--generate-revocation user-id"); wrong_args("--generate-revocation user-id");
username = make_username(*argv); username = make_username(*argv);
gen_revoke( username ); gen_revoke (ctrl, username );
xfree( username ); xfree( username );
break; break;
@ -4738,10 +4739,10 @@ main (int argc, char **argv)
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
case aListTrustDB: case aListTrustDB:
if( !argc ) if( !argc )
list_trustdb (es_stdout, NULL); list_trustdb (ctrl, es_stdout, NULL);
else { else {
for( ; argc; argc--, argv++ ) for( ; argc; argc--, argv++ )
list_trustdb (es_stdout, *argv ); list_trustdb (ctrl, es_stdout, *argv );
} }
break; break;
@ -4773,28 +4774,28 @@ main (int argc, char **argv)
case aExportOwnerTrust: case aExportOwnerTrust:
if( argc ) if( argc )
wrong_args("--export-ownertrust"); wrong_args("--export-ownertrust");
export_ownertrust(); export_ownertrust (ctrl);
break; break;
case aImportOwnerTrust: case aImportOwnerTrust:
if( argc > 1 ) if( argc > 1 )
wrong_args("--import-ownertrust [file]"); wrong_args("--import-ownertrust [file]");
import_ownertrust( argc? *argv:NULL ); import_ownertrust (ctrl, argc? *argv:NULL );
break; break;
#endif /*!NO_TRUST_MODELS*/ #endif /*!NO_TRUST_MODELS*/
case aRebuildKeydbCaches: case aRebuildKeydbCaches:
if (argc) if (argc)
wrong_args ("--rebuild-keydb-caches"); wrong_args ("--rebuild-keydb-caches");
keydb_rebuild_caches (1); keydb_rebuild_caches (ctrl, 1);
break; break;
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
case aCardStatus: case aCardStatus:
if (argc == 0) if (argc == 0)
card_status (es_stdout, NULL); card_status (ctrl, es_stdout, NULL);
else if (argc == 1) else if (argc == 1)
card_status (es_stdout, *argv); card_status (ctrl, es_stdout, *argv);
else else
wrong_args ("--card-status [serialno]"); wrong_args ("--card-status [serialno]");
break; break;
@ -4906,7 +4907,7 @@ main (int argc, char **argv)
g10_exit (1); g10_exit (1);
} }
merge_keys_and_selfsig (kb); merge_keys_and_selfsig (ctrl, kb);
if (tofu_set_policy (ctrl, kb, policy)) if (tofu_set_policy (ctrl, kb, policy))
g10_exit (1); g10_exit (1);

17
g10/gpgcompose.c
View File

@ -42,6 +42,11 @@ struct filter
struct filter *next; struct filter *next;
}; };
/* Hack to ass CTRL to some functions. */
static ctrl_t global_ctrl;
static struct filter *filters; static struct filter *filters;
static void static void
@ -1609,7 +1614,7 @@ mksubpkt_callback (PKT_signature *sig, void *cookie)
if (err) if (err)
{ {
u32 keyid[2]; u32 keyid[2];
keyid_from_fingerprint (revkey->fpr, 20, keyid); keyid_from_fingerprint (global_ctrl, revkey->fpr, 20, keyid);
log_fatal ("adding revocation key %s: %s\n", log_fatal ("adding revocation key %s: %s\n",
keystr (keyid), gpg_strerror (err)); keystr (keyid), gpg_strerror (err));
} }
@ -1793,7 +1798,8 @@ signature (const char *option, int argc, char *argv[], void *cookie)
/* Changing the issuer's key id is fragile. Check to make sure /* Changing the issuer's key id is fragile. Check to make sure
make_keysig_packet didn't recompute the keyid. */ make_keysig_packet didn't recompute the keyid. */
keyid_copy (keyid, si.issuer_pk->keyid); keyid_copy (keyid, si.issuer_pk->keyid);
err = make_keysig_packet (&sig, si.pk, si.uid, si.sk, si.issuer_pk, err = make_keysig_packet (global_ctrl,
&sig, si.pk, si.uid, si.sk, si.issuer_pk,
si.class, si.digest_algo, si.class, si.digest_algo,
si.timestamp, si.expiration, si.timestamp, si.expiration,
mksubpkt_callback, &si, NULL); mksubpkt_callback, &si, NULL);
@ -2446,7 +2452,7 @@ pk_esk (const char *option, int argc, char *argv[], void *cookie)
make_session_key (&session_key); make_session_key (&session_key);
} }
err = write_pubkey_enc (&pk, pi.throw_keyid, &session_key, out); err = write_pubkey_enc (global_ctrl, &pk, pi.throw_keyid, &session_key, out);
if (err) if (err)
log_fatal ("%s: writing pk_esk packet for %s: %s\n", log_fatal ("%s: writing pk_esk packet for %s: %s\n",
option, pi.keyid, gpg_strerror (err)); option, pi.keyid, gpg_strerror (err));
@ -2967,7 +2973,7 @@ main (int argc, char *argv[])
/* Allow notations in the IETF space, for instance. */ /* Allow notations in the IETF space, for instance. */
opt.expert = 1; opt.expert = 1;
ctrl = xcalloc (1, sizeof *ctrl); global_ctrl = ctrl = xcalloc (1, sizeof *ctrl);
keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG, keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
KEYDB_RESOURCE_FLAG_DEFAULT); KEYDB_RESOURCE_FLAG_DEFAULT);
@ -3035,7 +3041,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
} }
void void
show_basic_key_info (KBNODE keyblock) show_basic_key_info (ctrl_t ctrl, KBNODE keyblock)
{ {
(void)ctrl;
(void) keyblock; (void) keyblock;
} }

17
g10/gpgv.c
View File

@ -299,10 +299,12 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
} }
void void
read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck, read_trust_options (ctrl_t ctrl,
byte *marginals, byte *completes, byte *cert_depth, byte *trust_model, ulong *created, ulong *nextcheck,
byte *min_cert_level) byte *marginals, byte *completes, byte *cert_depth,
byte *min_cert_level)
{ {
(void)ctrl;
(void)trust_model; (void)trust_model;
(void)created; (void)created;
(void)nextcheck; (void)nextcheck;
@ -318,8 +320,9 @@ read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
*/ */
int int
cache_disabled_value(PKT_public_key *pk) cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
{ {
(void)ctrl;
(void)pk; (void)pk;
return 0; return 0;
} }
@ -371,16 +374,18 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
} }
int int
get_ownertrust_info (PKT_public_key *pk, int no_create) get_ownertrust_info (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{ {
(void)ctrl;
(void)pk; (void)pk;
(void)no_create; (void)no_create;
return '?'; return '?';
} }
unsigned int unsigned int
get_ownertrust (PKT_public_key *pk) get_ownertrust (ctrl_t ctrl, PKT_public_key *pk)
{ {
(void)ctrl;
(void)pk; (void)pk;
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
} }

126
g10/import.c
View File

@ -112,11 +112,12 @@ static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
import_screener_t screener, void *screener_arg); import_screener_t screener, void *screener_arg);
static int import_revoke_cert (ctrl_t ctrl, static int import_revoke_cert (ctrl_t ctrl,
kbnode_t node, struct import_stats_s *stats); kbnode_t node, struct import_stats_s *stats);
static int chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self); static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
static int delete_inv_parts (kbnode_t keyblock, int *non_self);
static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock,
u32 *keyid, unsigned int options); u32 *keyid, unsigned int options);
static int any_uid_left (kbnode_t keyblock); static int any_uid_left (kbnode_t keyblock);
static int merge_blocks (kbnode_t keyblock_orig, static int merge_blocks (ctrl_t ctrl, kbnode_t keyblock_orig,
kbnode_t keyblock, u32 *keyid, kbnode_t keyblock, u32 *keyid,
int *n_uids, int *n_sigs, int *n_subk ); int *n_uids, int *n_sigs, int *n_subk );
static int append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs); static int append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs);
@ -361,13 +362,13 @@ read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock)
collapse_uids (&keyblock); collapse_uids (&keyblock);
clear_kbnode_flags (keyblock); clear_kbnode_flags (keyblock);
if (chk_self_sigs (keyblock, keyid, &non_self)) if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
{ {
err = gpg_error (GPG_ERR_INV_KEYRING); err = gpg_error (GPG_ERR_INV_KEYRING);
goto leave; goto leave;
} }
if (!delete_inv_parts (keyblock, keyid, 0) ) if (!delete_inv_parts (ctrl, keyblock, keyid, 0) )
{ {
err = gpg_error (GPG_ERR_NO_USER_ID); err = gpg_error (GPG_ERR_NO_USER_ID);
goto leave; goto leave;
@ -907,7 +908,7 @@ read_block( IOBUF a, int with_meta,
by reordering the keyblock so that it reads "pk uid sig sub1 bind1 by reordering the keyblock so that it reads "pk uid sig sub1 bind1
sub2 sub3". Returns TRUE if the keyblock was modified. */ sub2 sub3". Returns TRUE if the keyblock was modified. */
static int static int
fix_pks_corruption (kbnode_t keyblock) fix_pks_corruption (ctrl_t ctrl, kbnode_t keyblock)
{ {
int changed = 0; int changed = 0;
int keycount = 0; int keycount = 0;
@ -946,7 +947,7 @@ fix_pks_corruption (kbnode_t keyblock)
selfsig. This is not necessary here as the subkey and selfsig. This is not necessary here as the subkey and
binding sig will be rejected later if that is the binding sig will be rejected later if that is the
case. */ case. */
if (check_key_signature (keyblock,node,NULL)) if (check_key_signature (ctrl, keyblock,node,NULL))
{ {
/* Not a match, so undo the changes. */ /* Not a match, so undo the changes. */
sknode->next = node->next; sknode->next = node->next;
@ -979,7 +980,7 @@ fix_pks_corruption (kbnode_t keyblock)
We need to detect and delete them before doing a merge. This We need to detect and delete them before doing a merge. This
function returns the number of removed sigs. */ function returns the number of removed sigs. */
static int static int
fix_bad_direct_key_sigs (kbnode_t keyblock, u32 *keyid) fix_bad_direct_key_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid)
{ {
gpg_error_t err; gpg_error_t err;
kbnode_t node; kbnode_t node;
@ -992,7 +993,7 @@ fix_bad_direct_key_sigs (kbnode_t keyblock, u32 *keyid)
if (node->pkt->pkttype == PKT_SIGNATURE if (node->pkt->pkttype == PKT_SIGNATURE
&& IS_KEY_SIG (node->pkt->pkt.signature)) && IS_KEY_SIG (node->pkt->pkt.signature))
{ {
err = check_key_signature (keyblock, node, NULL); err = check_key_signature (ctrl, keyblock, node, NULL);
if (err && gpg_err_code (err) != GPG_ERR_PUBKEY_ALGO ) if (err && gpg_err_code (err) != GPG_ERR_PUBKEY_ALGO )
{ {
/* If we don't know the error, we can't decide; this is /* If we don't know the error, we can't decide; this is
@ -1067,7 +1068,7 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock)
PKT_public_key *pk; PKT_public_key *pk;
int problem=0; int problem=0;
merge_keys_and_selfsig(keyblock); merge_keys_and_selfsig (ctrl, keyblock);
pk=keyblock->pkt->pkt.public_key; pk=keyblock->pkt->pkt.public_key;
for(node=keyblock;node;node=node->next) for(node=keyblock;node;node=node->next)
@ -1174,8 +1175,10 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock)
const char * const char *
impex_filter_getval (void *cookie, const char *propname) impex_filter_getval (void *cookie, const char *propname)
{ {
/* FIXME: Malloc our static buffers and access them via the cookie. */ /* FIXME: Malloc our static buffers and access them via PARM. */
kbnode_t node = cookie; struct impex_filter_parm_s *parm = cookie;
ctrl_t ctrl = parm->ctrl;
kbnode_t node = parm->node;
static char numbuf[20]; static char numbuf[20];
const char *result; const char *result;
@ -1293,15 +1296,19 @@ impex_filter_getval (void *cookie, const char *propname)
* KEYBLOCK must not have any blocks marked as deleted. * KEYBLOCK must not have any blocks marked as deleted.
*/ */
static void static void
apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector) apply_keep_uid_filter (ctrl_t ctrl, kbnode_t keyblock, recsel_expr_t selector)
{ {
kbnode_t node; kbnode_t node;
struct impex_filter_parm_s parm;
parm.ctrl = ctrl;
for (node = keyblock->next; node; node = node->next ) for (node = keyblock->next; node; node = node->next )
{ {
if (node->pkt->pkttype == PKT_USER_ID) if (node->pkt->pkttype == PKT_USER_ID)
{ {
if (!recsel_select (selector, impex_filter_getval, node)) parm.node = node;
if (!recsel_select (selector, impex_filter_getval, &parm))
{ {
/* log_debug ("keep-uid: deleting '%s'\n", */ /* log_debug ("keep-uid: deleting '%s'\n", */
@ -1330,12 +1337,15 @@ apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector)
* KEYBLOCK must not have any blocks marked as deleted. * KEYBLOCK must not have any blocks marked as deleted.
*/ */
static void static void
apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_t selector) apply_drop_sig_filter (ctrl_t ctrl, kbnode_t keyblock, recsel_expr_t selector)
{ {
kbnode_t node; kbnode_t node;
int active = 0; int active = 0;
u32 main_keyid[2]; u32 main_keyid[2];
PKT_signature *sig; PKT_signature *sig;
struct impex_filter_parm_s parm;
parm.ctrl = ctrl;
keyid_from_pk (keyblock->pkt->pkt.public_key, main_keyid); keyid_from_pk (keyblock->pkt->pkt.public_key, main_keyid);
@ -1360,7 +1370,8 @@ apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_t selector)
if (IS_UID_SIG(sig) || IS_UID_REV(sig)) if (IS_UID_SIG(sig) || IS_UID_REV(sig))
{ {
if (recsel_select (selector, impex_filter_getval, node)) parm.node = node;
if (recsel_select (selector, impex_filter_getval, &parm))
delete_kbnode (node); delete_kbnode (node);
} }
} }
@ -1442,9 +1453,9 @@ import_one (ctrl_t ctrl,
{ {
if (is_status_enabled()) if (is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id); print_import_check (pk, uidnode->pkt->pkt.user_id);
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
tty_printf ("\n"); tty_printf ("\n");
show_basic_key_info (keyblock); show_basic_key_info (ctrl, keyblock);
tty_printf ("\n"); tty_printf ("\n");
if (!cpr_get_answer_is_yes ("import.okay", if (!cpr_get_answer_is_yes ("import.okay",
"Do you want to import this key? (y/N) ")) "Do you want to import this key? (y/N) "))
@ -1458,16 +1469,18 @@ import_one (ctrl_t ctrl,
end result, but does result in less logging which might confuse end result, but does result in less logging which might confuse
the user. */ the user. */
if (options&IMPORT_CLEAN) if (options&IMPORT_CLEAN)
clean_key (keyblock,opt.verbose,options&IMPORT_MINIMAL,NULL,NULL); clean_key (ctrl, keyblock,
opt.verbose, (options&IMPORT_MINIMAL), NULL, NULL);
clear_kbnode_flags( keyblock ); clear_kbnode_flags( keyblock );
if ((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock) if ((options&IMPORT_REPAIR_PKS_SUBKEY_BUG)
&& fix_pks_corruption (ctrl, keyblock)
&& opt.verbose) && opt.verbose)
log_info (_("key %s: PKS subkey corruption repaired\n"), log_info (_("key %s: PKS subkey corruption repaired\n"),
keystr_from_pk(pk)); keystr_from_pk(pk));
if (chk_self_sigs (keyblock, keyid, &non_self)) if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
return 0; /* Invalid keyblock - error already printed. */ return 0; /* Invalid keyblock - error already printed. */
/* If we allow such a thing, mark unsigned uids as valid */ /* If we allow such a thing, mark unsigned uids as valid */
@ -1488,7 +1501,7 @@ import_one (ctrl_t ctrl,
} }
} }
if (!delete_inv_parts (keyblock, keyid, options ) ) if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
{ {
if (!silent) if (!silent)
{ {
@ -1506,13 +1519,13 @@ import_one (ctrl_t ctrl,
/* Apply import filter. */ /* Apply import filter. */
if (import_filter.keep_uid) if (import_filter.keep_uid)
{ {
apply_keep_uid_filter (keyblock, import_filter.keep_uid); apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
any_filter = 1; any_filter = 1;
} }
if (import_filter.drop_sig) if (import_filter.drop_sig)
{ {
apply_drop_sig_filter (keyblock, import_filter.drop_sig); apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
commit_kbnode (&keyblock); commit_kbnode (&keyblock);
any_filter = 1; any_filter = 1;
} }
@ -1534,7 +1547,7 @@ import_one (ctrl_t ctrl,
if ((options & IMPORT_SHOW) if ((options & IMPORT_SHOW)
&& !((options & IMPORT_EXPORT) && !opt.armor && !opt.outfile)) && !((options & IMPORT_EXPORT) && !opt.armor && !opt.outfile))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
merge_keys_done = 1; merge_keys_done = 1;
/* Note that we do not want to show the validity because the key /* Note that we do not want to show the validity because the key
* has not yet imported. */ * has not yet imported. */
@ -1547,7 +1560,7 @@ import_one (ctrl_t ctrl,
{ {
if (!merge_keys_done) if (!merge_keys_done)
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
merge_keys_done = 1; merge_keys_done = 1;
} }
rc = write_keyblock_to_output (keyblock, opt.armor, opt.export_options); rc = write_keyblock_to_output (keyblock, opt.armor, opt.export_options);
@ -1604,23 +1617,23 @@ import_one (ctrl_t ctrl,
be made to happen with the trusted-key command and by be made to happen with the trusted-key command and by
importing and locally exported key. */ importing and locally exported key. */
clear_ownertrusts (pk); clear_ownertrusts (ctrl, pk);
if (non_self) if (non_self)
revalidation_mark (); revalidation_mark (ctrl);
} }
keydb_release (hd); keydb_release (hd);
/* We are ready. */ /* We are ready. */
if (!opt.quiet && !silent) if (!opt.quiet && !silent)
{ {
char *p = get_user_id_byfpr_native (fpr2); char *p = get_user_id_byfpr_native (ctrl, fpr2);
log_info (_("key %s: public key \"%s\" imported\n"), log_info (_("key %s: public key \"%s\" imported\n"),
keystr(keyid), p); keystr(keyid), p);
xfree(p); xfree(p);
} }
if (is_status_enabled()) if (is_status_enabled())
{ {
char *us = get_long_user_id_string( keyid ); char *us = get_long_user_id_string (ctrl, keyid);
write_status_text( STATUS_IMPORTED, us ); write_status_text( STATUS_IMPORTED, us );
xfree(us); xfree(us);
print_import_ok (pk, 1); print_import_ok (pk, 1);
@ -1669,7 +1682,7 @@ import_one (ctrl_t ctrl,
} }
/* Make sure the original direct key sigs are all sane. */ /* Make sure the original direct key sigs are all sane. */
n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid); n_sigs_cleaned = fix_bad_direct_key_sigs (ctrl, keyblock_orig, keyid);
if (n_sigs_cleaned) if (n_sigs_cleaned)
commit_kbnode (&keyblock_orig); commit_kbnode (&keyblock_orig);
@ -1677,7 +1690,7 @@ import_one (ctrl_t ctrl,
clear_kbnode_flags( keyblock_orig ); clear_kbnode_flags( keyblock_orig );
clear_kbnode_flags( keyblock ); clear_kbnode_flags( keyblock );
n_uids = n_sigs = n_subk = n_uids_cleaned = 0; n_uids = n_sigs = n_subk = n_uids_cleaned = 0;
rc = merge_blocks (keyblock_orig, keyblock, rc = merge_blocks (ctrl, keyblock_orig, keyblock,
keyid, &n_uids, &n_sigs, &n_subk ); keyid, &n_uids, &n_sigs, &n_subk );
if (rc ) if (rc )
{ {
@ -1686,7 +1699,7 @@ import_one (ctrl_t ctrl,
} }
if ((options & IMPORT_CLEAN)) if ((options & IMPORT_CLEAN))
clean_key (keyblock_orig,opt.verbose,options&IMPORT_MINIMAL, clean_key (ctrl, keyblock_orig, opt.verbose, (options&IMPORT_MINIMAL),
&n_uids_cleaned,&n_sigs_cleaned); &n_uids_cleaned,&n_sigs_cleaned);
if (n_uids || n_sigs || n_subk || n_sigs_cleaned || n_uids_cleaned) if (n_uids || n_sigs || n_subk || n_sigs_cleaned || n_uids_cleaned)
@ -1698,12 +1711,12 @@ import_one (ctrl_t ctrl,
log_error (_("error writing keyring '%s': %s\n"), log_error (_("error writing keyring '%s': %s\n"),
keydb_get_resource_name (hd), gpg_strerror (rc) ); keydb_get_resource_name (hd), gpg_strerror (rc) );
else if (non_self) else if (non_self)
revalidation_mark (); revalidation_mark (ctrl);
/* We are ready. */ /* We are ready. */
if (!opt.quiet && !silent) if (!opt.quiet && !silent)
{ {
char *p = get_user_id_byfpr_native (fpr2); char *p = get_user_id_byfpr_native (ctrl, fpr2);
if (n_uids == 1 ) if (n_uids == 1 )
log_info( _("key %s: \"%s\" 1 new user ID\n"), log_info( _("key %s: \"%s\" 1 new user ID\n"),
keystr(keyid),p); keystr(keyid),p);
@ -1754,7 +1767,7 @@ import_one (ctrl_t ctrl,
if (!opt.quiet && !silent) if (!opt.quiet && !silent)
{ {
char *p = get_user_id_byfpr_native (fpr2); char *p = get_user_id_byfpr_native (ctrl, fpr2);
log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p); log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
xfree(p); xfree(p);
} }
@ -2059,7 +2072,7 @@ transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
/* Send the wrapped key to the agent. */ /* Send the wrapped key to the agent. */
{ {
char *desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_IMPORT, 1); char *desc = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_IMPORT, 1);
err = agent_import_key (ctrl, desc, &cache_nonce, err = agent_import_key (ctrl, desc, &cache_nonce,
wrappedkey, wrappedkeylen, batch, force); wrappedkey, wrappedkeylen, batch, force);
xfree (desc); xfree (desc);
@ -2279,7 +2292,7 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
/* Fixme: we should do this based on the fingerprint or /* Fixme: we should do this based on the fingerprint or
even better let import_one return the merged even better let import_one return the merged
keyblock. */ keyblock. */
node = get_pubkeyblock (keyid); node = get_pubkeyblock (ctrl, keyid);
if (!node) if (!node)
log_error ("key %s: failed to re-lookup public key\n", log_error ("key %s: failed to re-lookup public key\n",
keystr_from_pk (pk)); keystr_from_pk (pk));
@ -2356,7 +2369,7 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
keyid[1] = node->pkt->pkt.signature->keyid[1]; keyid[1] = node->pkt->pkt.signature->keyid[1];
pk = xmalloc_clear( sizeof *pk ); pk = xmalloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid ); rc = get_pubkey (ctrl, pk, keyid );
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY ) if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY )
{ {
log_error(_("key %s: no public key -" log_error(_("key %s: no public key -"
@ -2405,7 +2418,7 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
/* it is okay, that node is not in keyblock because /* it is okay, that node is not in keyblock because
* check_key_signature works fine for sig_class 0x20 in this * check_key_signature works fine for sig_class 0x20 in this
* special case. */ * special case. */
rc = check_key_signature( keyblock, node, NULL); rc = check_key_signature (ctrl, keyblock, node, NULL);
if (rc ) if (rc )
{ {
log_error( _("key %s: invalid revocation certificate" log_error( _("key %s: invalid revocation certificate"
@ -2440,7 +2453,7 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
/* we are ready */ /* we are ready */
if (!opt.quiet ) if (!opt.quiet )
{ {
char *p=get_user_id_native (keyid); char *p=get_user_id_native (ctrl, keyid);
log_info( _("key %s: \"%s\" revocation certificate imported\n"), log_info( _("key %s: \"%s\" revocation certificate imported\n"),
keystr(keyid),p); keystr(keyid),p);
xfree(p); xfree(p);
@ -2450,10 +2463,10 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
/* If the key we just revoked was ultimately trusted, remove its /* If the key we just revoked was ultimately trusted, remove its
ultimate trust. This doesn't stop the user from putting the ultimate trust. This doesn't stop the user from putting the
ultimate trust back, but is a reasonable solution for now. */ ultimate trust back, but is a reasonable solution for now. */
if(get_ownertrust(pk)==TRUST_ULTIMATE) if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE)
clear_ownertrusts(pk); clear_ownertrusts (ctrl, pk);
revalidation_mark (); revalidation_mark (ctrl);
leave: leave:
keydb_release (hd); keydb_release (hd);
@ -2477,7 +2490,7 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
* is invalid. * is invalid.
*/ */
static int static int
chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self ) chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
{ {
kbnode_t n, knode = NULL; kbnode_t n, knode = NULL;
PKT_signature *sig; PKT_signature *sig;
@ -2510,7 +2523,7 @@ chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self )
/* This just caches the sigs for later use. That way we /* This just caches the sigs for later use. That way we
import a fully-cached key which speeds things up. */ import a fully-cached key which speeds things up. */
if (!opt.no_sig_cache) if (!opt.no_sig_cache)
check_key_signature (keyblock, n, NULL); check_key_signature (ctrl, keyblock, n, NULL);
if ( IS_UID_SIG(sig) || IS_UID_REV(sig) ) if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
{ {
@ -2525,7 +2538,7 @@ chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self )
/* If it hasn't been marked valid yet, keep trying. */ /* If it hasn't been marked valid yet, keep trying. */
if (!(unode->flag & NODE_GOOD_SELFSIG)) if (!(unode->flag & NODE_GOOD_SELFSIG))
{ {
rc = check_key_signature (keyblock, n, NULL); rc = check_key_signature (ctrl, keyblock, n, NULL);
if ( rc ) if ( rc )
{ {
if ( opt.verbose ) if ( opt.verbose )
@ -2548,7 +2561,7 @@ chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self )
} }
else if (IS_KEY_SIG (sig)) else if (IS_KEY_SIG (sig))
{ {
rc = check_key_signature (keyblock, n, NULL); rc = check_key_signature (ctrl, keyblock, n, NULL);
if ( rc ) if ( rc )
{ {
if (opt.verbose) if (opt.verbose)
@ -2574,7 +2587,7 @@ chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self )
} }
else else
{ {
rc = check_key_signature (keyblock, n, NULL); rc = check_key_signature (ctrl, keyblock, n, NULL);
if ( rc ) if ( rc )
{ {
if (opt.verbose) if (opt.verbose)
@ -2625,7 +2638,7 @@ chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self )
} }
else else
{ {
rc = check_key_signature (keyblock, n, NULL); rc = check_key_signature (ctrl, keyblock, n, NULL);
if ( rc ) if ( rc )
{ {
if(opt.verbose) if(opt.verbose)
@ -2672,7 +2685,8 @@ chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self )
* Returns: True if at least one valid user-id is left over. * Returns: True if at least one valid user-id is left over.
*/ */
static int static int
delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options) delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
unsigned int options)
{ {
kbnode_t node; kbnode_t node;
int nvalid=0, uid_seen=0, subkey_seen=0; int nvalid=0, uid_seen=0, subkey_seen=0;
@ -2767,7 +2781,7 @@ delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options)
if(node->pkt->pkt.signature->keyid[0]==keyid[0] if(node->pkt->pkt.signature->keyid[0]==keyid[0]
&& node->pkt->pkt.signature->keyid[1]==keyid[1]) && node->pkt->pkt.signature->keyid[1]==keyid[1])
{ {
int rc = check_key_signature( keyblock, node, NULL); int rc = check_key_signature (ctrl, keyblock, node, NULL);
if (rc ) if (rc )
{ {
if(opt.verbose) if(opt.verbose)
@ -2968,8 +2982,8 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
{ {
u32 keyid[2]; u32 keyid[2];
keyid_from_fingerprint(sig->revkey[idx].fpr, keyid_from_fingerprint (ctrl, sig->revkey[idx].fpr,
MAX_FINGERPRINT_LEN,keyid); MAX_FINGERPRINT_LEN, keyid);
for(inode=keyblock->next;inode;inode=inode->next) for(inode=keyblock->next;inode;inode=inode->next)
{ {
@ -3041,7 +3055,7 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock)
* Note: We indicate newly inserted packets with NODE_FLAG_A. * Note: We indicate newly inserted packets with NODE_FLAG_A.
*/ */
static int static int
merge_blocks (kbnode_t keyblock_orig, kbnode_t keyblock, merge_blocks (ctrl_t ctrl, kbnode_t keyblock_orig, kbnode_t keyblock,
u32 *keyid, int *n_uids, int *n_sigs, int *n_subk ) u32 *keyid, int *n_uids, int *n_sigs, int *n_subk )
{ {
kbnode_t onode, node; kbnode_t onode, node;
@ -3078,7 +3092,7 @@ merge_blocks (kbnode_t keyblock_orig, kbnode_t keyblock,
++*n_sigs; ++*n_sigs;
if(!opt.quiet) if(!opt.quiet)
{ {
char *p=get_user_id_native (keyid); char *p = get_user_id_native (ctrl, keyid);
log_info(_("key %s: \"%s\" revocation" log_info(_("key %s: \"%s\" revocation"
" certificate added\n"), keystr(keyid),p); " certificate added\n"), keystr(keyid),p);
xfree(p); xfree(p);

4
g10/keydb.c
View File

@ -1674,7 +1674,7 @@ keydb_locate_writable (KEYDB_HANDLE hd)
/* Rebuild the on-disk caches of all key resources. */ /* Rebuild the on-disk caches of all key resources. */
void void
keydb_rebuild_caches (int noisy) keydb_rebuild_caches (ctrl_t ctrl, int noisy)
{ {
int i, rc; int i, rc;
@ -1687,7 +1687,7 @@ keydb_rebuild_caches (int noisy)
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */ case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
break; break;
case KEYDB_RESOURCE_TYPE_KEYRING: case KEYDB_RESOURCE_TYPE_KEYRING:
rc = keyring_rebuild_cache (all_resources[i].token,noisy); rc = keyring_rebuild_cache (ctrl, all_resources[i].token,noisy);
if (rc) if (rc)
log_error (_("failed to rebuild keyring cache: %s\n"), log_error (_("failed to rebuild keyring cache: %s\n"),
gpg_strerror (rc)); gpg_strerror (rc));

44
g10/keydb.h
View File

@ -186,7 +186,7 @@ gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd); gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd);
/* Rebuild the on-disk caches of all key resources. */ /* Rebuild the on-disk caches of all key resources. */
void keydb_rebuild_caches (int noisy); void keydb_rebuild_caches (ctrl_t ctrl, int noisy);
/* Return the number of skipped blocks (because they were to large to /* Return the number of skipped blocks (because they were to large to
read from a keybox) since the last search reset. */ read from a keybox) since the last search reset. */
@ -215,7 +215,7 @@ gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
/*-- pkclist.c --*/ /*-- pkclist.c --*/
void show_revocation_reason( PKT_public_key *pk, int mode ); void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig); int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
void release_pk_list (PK_LIST pk_list); void release_pk_list (PK_LIST pk_list);
@ -258,13 +258,15 @@ void set_next_passphrase( const char *s );
char *get_last_passphrase(void); char *get_last_passphrase(void);
void next_to_last_passphrase(void); void next_to_last_passphrase(void);
void emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo); void emit_status_need_passphrase (ctrl_t ctrl, u32 *keyid,
u32 *mainkeyid, int pubkey_algo);
#define FORMAT_KEYDESC_NORMAL 0 #define FORMAT_KEYDESC_NORMAL 0
#define FORMAT_KEYDESC_IMPORT 1 #define FORMAT_KEYDESC_IMPORT 1
#define FORMAT_KEYDESC_EXPORT 2 #define FORMAT_KEYDESC_EXPORT 2
#define FORMAT_KEYDESC_DELKEY 3 #define FORMAT_KEYDESC_DELKEY 3
char *gpg_format_keydesc (PKT_public_key *pk, int mode, int escaped); char *gpg_format_keydesc (ctrl_t ctrl,
PKT_public_key *pk, int mode, int escaped);
/*-- getkey.c --*/ /*-- getkey.c --*/
@ -276,7 +278,7 @@ void cache_public_key( PKT_public_key *pk );
void getkey_disable_caches(void); void getkey_disable_caches(void);
/* Return the public key with the key id KEYID and store it at PK. */ /* Return the public key with the key id KEYID and store it at PK. */
int get_pubkey( PKT_public_key *pk, u32 *keyid ); int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
/* Similar to get_pubkey, but it does not take PK->REQ_USAGE into /* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
account nor does it merge in the self-signed data. This function account nor does it merge in the self-signed data. This function
@ -284,7 +286,7 @@ int get_pubkey( PKT_public_key *pk, u32 *keyid );
int get_pubkey_fast (PKT_public_key *pk, u32 *keyid); int get_pubkey_fast (PKT_public_key *pk, u32 *keyid);
/* Return the key block for the key with KEYID. */ /* Return the key block for the key with KEYID. */
kbnode_t get_pubkeyblock (u32 *keyid); kbnode_t get_pubkeyblock (ctrl_t ctrl, u32 *keyid);
/* A list used by get_pubkeys to gather all of the matches. */ /* A list used by get_pubkeys to gather all of the matches. */
struct pubkey_s struct pubkey_s
@ -330,10 +332,10 @@ gpg_error_t get_pubkey_fromfile (ctrl_t ctrl,
/* Return the public key with the key id KEYID iff the secret key is /* Return the public key with the key id KEYID iff the secret key is
* available and store it at PK. */ * available and store it at PK. */
gpg_error_t get_seckey (PKT_public_key *pk, u32 *keyid); gpg_error_t get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
/* Lookup a key with the specified fingerprint. */ /* Lookup a key with the specified fingerprint. */
int get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock, int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
const byte *fprint, size_t fprint_len); const byte *fprint, size_t fprint_len);
/* This function is similar to get_pubkey_byfprint, but it doesn't /* This function is similar to get_pubkey_byfprint, but it doesn't
@ -354,7 +356,8 @@ const char *parse_def_secret_key (ctrl_t ctrl);
gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk); gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk);
/* Search for keys matching some criteria. */ /* Search for keys matching some criteria. */
gpg_error_t getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk, gpg_error_t getkey_bynames (ctrl_t ctrl,
getkey_ctx_t *retctx, PKT_public_key *pk,
strlist_t names, int want_secret, strlist_t names, int want_secret,
kbnode_t *ret_keyblock); kbnode_t *ret_keyblock);
@ -365,8 +368,8 @@ gpg_error_t getkey_byname (ctrl_t ctrl,
kbnode_t *ret_keyblock); kbnode_t *ret_keyblock);
/* Return the next search result. */ /* Return the next search result. */
gpg_error_t getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, gpg_error_t getkey_next (ctrl_t ctrl, getkey_ctx_t ctx,
kbnode_t *ret_keyblock); PKT_public_key *pk, kbnode_t *ret_keyblock);
/* Release any resources used by a key listing context. */ /* Release any resources used by a key listing context. */
void getkey_end (getkey_ctx_t ctx); void getkey_end (getkey_ctx_t ctx);
@ -383,14 +386,14 @@ void setup_main_keyids (kbnode_t keyblock);
/* This function merges information from the self-signed data into the /* This function merges information from the self-signed data into the
data structures. */ data structures. */
void merge_keys_and_selfsig (kbnode_t keyblock); void merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock);
char*get_user_id_string_native( u32 *keyid ); char*get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
char*get_long_user_id_string( u32 *keyid ); char*get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
char*get_user_id( u32 *keyid, size_t *rn ); char*get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn);
char*get_user_id_native( u32 *keyid ); char*get_user_id_native (ctrl_t ctrl, u32 *keyid);
char *get_user_id_byfpr (const byte *fpr, size_t *rn); char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
char *get_user_id_byfpr_native (const byte *fpr); char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
void release_akl(void); void release_akl(void);
int parse_auto_key_locate(char *options); int parse_auto_key_locate(char *options);
@ -449,8 +452,9 @@ const char *pk_keyid_str (PKT_public_key *pk);
const char *keystr_from_desc(KEYDB_SEARCH_DESC *desc); const char *keystr_from_desc(KEYDB_SEARCH_DESC *desc);
u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid ); u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
u32 keyid_from_sig( PKT_signature *sig, u32 *keyid ); u32 keyid_from_sig (PKT_signature *sig, u32 *keyid );
u32 keyid_from_fingerprint(const byte *fprint, size_t fprint_len, u32 *keyid); u32 keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint, size_t fprint_len,
u32 *keyid);
byte *namehash_from_uid(PKT_user_id *uid); byte *namehash_from_uid(PKT_user_id *uid);
unsigned nbits_from_pk( PKT_public_key *pk ); unsigned nbits_from_pk( PKT_public_key *pk );
const char *datestr_from_pk( PKT_public_key *pk ); const char *datestr_from_pk( PKT_public_key *pk );

278
g10/keyedit.c
View File

@ -59,24 +59,27 @@ static void show_key_with_all_names (ctrl_t ctrl, estream_t fp,
int with_revoker, int with_fpr, int with_revoker, int with_fpr,
int with_subkeys, int with_prefs, int with_subkeys, int with_prefs,
int nowarn); int nowarn);
static void show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys); static void show_key_and_fingerprint (ctrl_t ctrl,
kbnode_t keyblock, int with_subkeys);
static void show_key_and_grip (kbnode_t keyblock); static void show_key_and_grip (kbnode_t keyblock);
static void subkey_expire_warning (kbnode_t keyblock); static void subkey_expire_warning (kbnode_t keyblock);
static int menu_adduid (ctrl_t ctrl, kbnode_t keyblock, static int menu_adduid (ctrl_t ctrl, kbnode_t keyblock,
int photo, const char *photo_name, const char *uidstr); int photo, const char *photo_name, const char *uidstr);
static void menu_deluid (KBNODE pub_keyblock); static void menu_deluid (KBNODE pub_keyblock);
static int menu_delsig (KBNODE pub_keyblock); static int menu_delsig (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_clean (KBNODE keyblock, int self_only); static int menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only);
static void menu_delkey (KBNODE pub_keyblock); static void menu_delkey (KBNODE pub_keyblock);
static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive); static int menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive);
static gpg_error_t menu_expire (kbnode_t pub_keyblock, static gpg_error_t menu_expire (ctrl_t ctrl, kbnode_t pub_keyblock,
int force_mainkey, u32 newexpiration); int force_mainkey, u32 newexpiration);
static int menu_changeusage (kbnode_t keyblock); static int menu_changeusage (ctrl_t ctrl, kbnode_t keyblock);
static int menu_backsign (KBNODE pub_keyblock); static int menu_backsign (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_primary_uid (KBNODE pub_keyblock); static int menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_preferences (KBNODE pub_keyblock); static int menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_set_keyserver_url (const char *url, KBNODE pub_keyblock); static int menu_set_keyserver_url (ctrl_t ctrl,
static int menu_set_notation (const char *string, KBNODE pub_keyblock); const char *url, kbnode_t pub_keyblock);
static int menu_set_notation (ctrl_t ctrl,
const char *string, kbnode_t pub_keyblock);
static int menu_select_uid (KBNODE keyblock, int idx); static int menu_select_uid (KBNODE keyblock, int idx);
static int menu_select_uid_namehash (KBNODE keyblock, const char *namehash); static int menu_select_uid_namehash (KBNODE keyblock, const char *namehash);
static int menu_select_key (KBNODE keyblock, int idx, char *p); static int menu_select_key (KBNODE keyblock, int idx, char *p);
@ -86,15 +89,15 @@ static int count_keys_with_flag (KBNODE keyblock, unsigned flag);
static int count_selected_uids (KBNODE keyblock); static int count_selected_uids (KBNODE keyblock);
static int real_uids_left (KBNODE keyblock); static int real_uids_left (KBNODE keyblock);
static int count_selected_keys (KBNODE keyblock); static int count_selected_keys (KBNODE keyblock);
static int menu_revsig (KBNODE keyblock); static int menu_revsig (ctrl_t ctrl, kbnode_t keyblock);
static int menu_revuid (ctrl_t ctrl, kbnode_t keyblock); static int menu_revuid (ctrl_t ctrl, kbnode_t keyblock);
static int core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node, static int core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
const struct revocation_reason_info *reason, const struct revocation_reason_info *reason,
int *modified); int *modified);
static int menu_revkey (KBNODE pub_keyblock); static int menu_revkey (ctrl_t ctrl, kbnode_t pub_keyblock);
static int menu_revsubkey (KBNODE pub_keyblock); static int menu_revsubkey (ctrl_t ctrl, kbnode_t pub_keyblock);
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
static int enable_disable_key (KBNODE keyblock, int disable); static int enable_disable_key (ctrl_t ctrl, kbnode_t keyblock, int disable);
#endif /*!NO_TRUST_MODELS*/ #endif /*!NO_TRUST_MODELS*/
static void menu_showphoto (ctrl_t ctrl, kbnode_t keyblock); static void menu_showphoto (ctrl_t ctrl, kbnode_t keyblock);
@ -126,7 +129,7 @@ struct sign_attrib
/* TODO: Fix duplicated code between here and the check-sigs/list-sigs /* TODO: Fix duplicated code between here and the check-sigs/list-sigs
code in keylist.c. */ code in keylist.c. */
static int static int
print_and_check_one_sig_colon (KBNODE keyblock, KBNODE node, print_and_check_one_sig_colon (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
int *inv_sigs, int *no_key, int *oth_err, int *inv_sigs, int *no_key, int *oth_err,
int *is_selfsig, int print_without_key) int *is_selfsig, int print_without_key)
{ {
@ -136,7 +139,7 @@ print_and_check_one_sig_colon (KBNODE keyblock, KBNODE node,
/* TODO: Make sure a cached sig record here still has the pk that /* TODO: Make sure a cached sig record here still has the pk that
issued it. See also keylist.c:list_keyblock_print */ issued it. See also keylist.c:list_keyblock_print */
rc = check_key_signature (keyblock, node, is_selfsig); rc = check_key_signature (ctrl, keyblock, node, is_selfsig);
switch (gpg_err_code (rc)) switch (gpg_err_code (rc))
{ {
case 0: case 0:
@ -199,7 +202,7 @@ print_and_check_one_sig_colon (KBNODE keyblock, KBNODE node,
* always be printed. * always be printed.
*/ */
static int static int
print_one_sig (int rc, KBNODE keyblock, KBNODE node, print_one_sig (ctrl_t ctrl, int rc, kbnode_t keyblock, kbnode_t node,
int *inv_sigs, int *no_key, int *oth_err, int *inv_sigs, int *no_key, int *oth_err,
int is_selfsig, int print_without_key, int extended) int is_selfsig, int print_without_key, int extended)
{ {
@ -269,7 +272,7 @@ print_one_sig (int rc, KBNODE keyblock, KBNODE node,
else else
{ {
size_t n; size_t n;
char *p = get_user_id (sig->keyid, &n); char *p = get_user_id (ctrl, sig->keyid, &n);
tty_print_utf8_string2 (NULL, p, n, tty_print_utf8_string2 (NULL, p, n,
opt.screen_columns - keystrlen () - 26 - opt.screen_columns - keystrlen () - 26 -
((opt. ((opt.
@ -316,14 +319,14 @@ print_one_sig (int rc, KBNODE keyblock, KBNODE node,
static int static int
print_and_check_one_sig (KBNODE keyblock, KBNODE node, print_and_check_one_sig (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
int *inv_sigs, int *no_key, int *oth_err, int *inv_sigs, int *no_key, int *oth_err,
int *is_selfsig, int print_without_key, int extended) int *is_selfsig, int print_without_key, int extended)
{ {
int rc; int rc;
rc = check_key_signature (keyblock, node, is_selfsig); rc = check_key_signature (ctrl, keyblock, node, is_selfsig);
return print_one_sig (rc, return print_one_sig (ctrl, rc,
keyblock, node, inv_sigs, no_key, oth_err, keyblock, node, inv_sigs, no_key, oth_err,
*is_selfsig, print_without_key, extended); *is_selfsig, print_without_key, extended);
} }
@ -388,7 +391,8 @@ sig_comparison (const void *av, const void *bv)
Returns 1 if the keyblock was modified, 0 otherwise. */ Returns 1 if the keyblock was modified, 0 otherwise. */
static int static int
check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs) check_all_keysigs (ctrl_t ctrl, kbnode_t kb,
int only_selected, int only_selfsigs)
{ {
gpg_error_t err; gpg_error_t err;
PKT_public_key *pk; PKT_public_key *pk;
@ -598,14 +602,13 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
if (keyid_cmp (pk_keyid (pk), sig->keyid) == 0) if (keyid_cmp (pk_keyid (pk), sig->keyid) == 0)
issuer = pk; issuer = pk;
else else /* Issuer is a different key. */
/* Issuer is a different key. */
{ {
if (only_selfsigs) if (only_selfsigs)
continue; continue;
issuer = xmalloc (sizeof (*issuer)); issuer = xmalloc (sizeof (*issuer));
err = get_pubkey (issuer, sig->keyid); err = get_pubkey (ctrl, issuer, sig->keyid);
if (err) if (err)
{ {
xfree (issuer); xfree (issuer);
@ -657,7 +660,8 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
continue; continue;
else else
{ {
err = check_signature_over_key_or_uid (issuer, sig, kb, n2->pkt, err = check_signature_over_key_or_uid (ctrl,
issuer, sig, kb, n2->pkt,
NULL, NULL); NULL, NULL);
if (! err) if (! err)
break; break;
@ -804,7 +808,7 @@ check_all_keysigs (KBNODE kb, int only_selected, int only_selfsigs)
} }
if (modified) if (modified)
print_one_sig (rc, kb, n, NULL, NULL, NULL, has_selfsig, print_one_sig (ctrl, rc, kb, n, NULL, NULL, NULL, has_selfsig,
0, only_selfsigs); 0, only_selfsigs);
} }
@ -1517,7 +1521,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
if (!quick) if (!quick)
{ {
p = get_user_id_native (sk_keyid); p = get_user_id_native (ctrl, sk_keyid);
tty_fprintf (fp, tty_fprintf (fp,
_("Are you sure that you want to sign this key with your\n" _("Are you sure that you want to sign this key with your\n"
"key \"%s\" (%s)\n"), p, keystr_from_pk (pk)); "key \"%s\" (%s)\n"), p, keystr_from_pk (pk));
@ -1617,7 +1621,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
* exportable. */ * exportable. */
if (selfsig) if (selfsig)
rc = make_keysig_packet (&sig, primary_pk, rc = make_keysig_packet (ctrl, &sig, primary_pk,
node->pkt->pkt.user_id, node->pkt->pkt.user_id,
NULL, NULL,
pk, pk,
@ -1625,7 +1629,7 @@ sign_uids (ctrl_t ctrl, estream_t fp,
keygen_add_std_prefs, primary_pk, keygen_add_std_prefs, primary_pk,
NULL); NULL);
else else
rc = make_keysig_packet (&sig, primary_pk, rc = make_keysig_packet (ctrl, &sig, primary_pk,
node->pkt->pkt.user_id, node->pkt->pkt.user_id,
NULL, NULL,
pk, pk,
@ -1744,7 +1748,7 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
if (err) if (err)
goto leave; goto leave;
desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_NORMAL, 1); desc = gpg_format_keydesc (ctrl, pk, FORMAT_KEYDESC_NORMAL, 1);
err = agent_passwd (ctrl, hexgrip, desc, 0, err = agent_passwd (ctrl, hexgrip, desc, 0,
&cache_nonce, &passwd_nonce); &cache_nonce, &passwd_nonce);
xfree (desc); xfree (desc);
@ -1774,18 +1778,18 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock)
was changed. Note that a pointer to the keyblock must be given and was changed. Note that a pointer to the keyblock must be given and
the function may change it (i.e. replacing the first node). */ the function may change it (i.e. replacing the first node). */
static int static int
fix_keyblock (kbnode_t *keyblockp) fix_keyblock (ctrl_t ctrl, kbnode_t *keyblockp)
{ {
int changed = 0; int changed = 0;
if (collapse_uids (keyblockp)) if (collapse_uids (keyblockp))
changed++; changed++;
if (check_all_keysigs (*keyblockp, 0, 1)) if (check_all_keysigs (ctrl, *keyblockp, 0, 1))
changed++; changed++;
reorder_keyblock (*keyblockp); reorder_keyblock (*keyblockp);
/* If we modified the keyblock, make sure the flags are right. */ /* If we modified the keyblock, make sure the flags are right. */
if (changed) if (changed)
merge_keys_and_selfsig (*keyblockp); merge_keys_and_selfsig (ctrl, *keyblockp);
return changed; return changed;
} }
@ -2052,7 +2056,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
goto leave; goto leave;
} }
if (fix_keyblock (&keyblock)) if (fix_keyblock (ctrl, &keyblock))
modified++; modified++;
/* See whether we have a matching secret key. */ /* See whether we have a matching secret key. */
@ -2195,7 +2199,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
case cmdFPR: case cmdFPR:
show_key_and_fingerprint show_key_and_fingerprint
(keyblock, (*arg_string == '*' (ctrl,
keyblock, (*arg_string == '*'
&& (!arg_string[1] || spacep (arg_string + 1)))); && (!arg_string[1] || spacep (arg_string + 1))));
break; break;
@ -2226,7 +2231,8 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdCHECK: case cmdCHECK:
if (check_all_keysigs (keyblock, count_selected_uids (keyblock), if (check_all_keysigs (ctrl, keyblock,
count_selected_uids (keyblock),
!strcmp (arg_string, "selfsig"))) !strcmp (arg_string, "selfsig")))
modified = 1; modified = 1;
break; break;
@ -2319,7 +2325,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
update_trust = 1; update_trust = 1;
redisplay = 1; redisplay = 1;
modified = 1; modified = 1;
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
} }
break; break;
@ -2357,7 +2363,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (!opt.expert) if (!opt.expert)
tty_printf (_("(Use the '%s' command.)\n"), "uid"); tty_printf (_("(Use the '%s' command.)\n"), "uid");
} }
else if (menu_delsig (keyblock)) else if (menu_delsig (ctrl, keyblock))
{ {
/* No redisplay here, because it may scroll away some /* No redisplay here, because it may scroll away some
* of the status output of this command. */ * of the status output of this command. */
@ -2371,17 +2377,17 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{ {
redisplay = 1; redisplay = 1;
modified = 1; modified = 1;
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
} }
break; break;
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
case cmdADDCARDKEY: case cmdADDCARDKEY:
if (!card_generate_subkey (keyblock)) if (!card_generate_subkey (ctrl, keyblock))
{ {
redisplay = 1; redisplay = 1;
modified = 1; modified = 1;
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
} }
break; break;
@ -2539,7 +2545,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
{ {
redisplay = 1; redisplay = 1;
modified = 1; modified = 1;
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
} }
} }
break; break;
@ -2578,7 +2584,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
_("Do you really want to revoke" _("Do you really want to revoke"
" the entire key? (y/N) "))) " the entire key? (y/N) ")))
{ {
if (menu_revkey (keyblock)) if (menu_revkey (ctrl, keyblock))
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
@ -2591,21 +2597,21 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
: _("Do you really want to revoke" : _("Do you really want to revoke"
" this subkey? (y/N) "))) " this subkey? (y/N) ")))
{ {
if (menu_revsubkey (keyblock)) if (menu_revsubkey (ctrl, keyblock))
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
} }
if (modified) if (modified)
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
} }
break; break;
case cmdEXPIRE: case cmdEXPIRE:
if (gpg_err_code (menu_expire (keyblock, 0, 0)) == GPG_ERR_TRUE) if (gpg_err_code (menu_expire (ctrl, keyblock, 0, 0)) == GPG_ERR_TRUE)
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
run_subkey_warnings = 1; run_subkey_warnings = 1;
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
@ -2613,16 +2619,16 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdCHANGEUSAGE: case cmdCHANGEUSAGE:
if (menu_changeusage (keyblock)) if (menu_changeusage (ctrl, keyblock))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
} }
break; break;
case cmdBACKSIGN: case cmdBACKSIGN:
if (menu_backsign (keyblock)) if (menu_backsign (ctrl, keyblock))
{ {
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
@ -2630,9 +2636,9 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdPRIMARY: case cmdPRIMARY:
if (menu_set_primary_uid (keyblock)) if (menu_set_primary_uid (ctrl, keyblock))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
} }
@ -2702,9 +2708,9 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
" for the selected user IDs? (y/N) ") " for the selected user IDs? (y/N) ")
: _("Really update the preferences? (y/N) "))) : _("Really update the preferences? (y/N) ")))
{ {
if (menu_set_preferences (keyblock)) if (menu_set_preferences (ctrl, keyblock))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
} }
@ -2713,20 +2719,20 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdPREFKS: case cmdPREFKS:
if (menu_set_keyserver_url (*arg_string ? arg_string : NULL, if (menu_set_keyserver_url (ctrl, *arg_string ? arg_string : NULL,
keyblock)) keyblock))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
} }
break; break;
case cmdNOTATION: case cmdNOTATION:
if (menu_set_notation (*arg_string ? arg_string : NULL, if (menu_set_notation (ctrl, *arg_string ? arg_string : NULL,
keyblock)) keyblock))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
modified = 1; modified = 1;
redisplay = 1; redisplay = 1;
} }
@ -2736,7 +2742,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdREVSIG: case cmdREVSIG:
if (menu_revsig (keyblock)) if (menu_revsig (ctrl, keyblock))
{ {
redisplay = 1; redisplay = 1;
modified = 1; modified = 1;
@ -2746,7 +2752,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
case cmdENABLEKEY: case cmdENABLEKEY:
case cmdDISABLEKEY: case cmdDISABLEKEY:
if (enable_disable_key (keyblock, cmd == cmdDISABLEKEY)) if (enable_disable_key (ctrl, keyblock, cmd == cmdDISABLEKEY))
{ {
redisplay = 1; redisplay = 1;
modified = 1; modified = 1;
@ -2759,12 +2765,12 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
break; break;
case cmdCLEAN: case cmdCLEAN:
if (menu_clean (keyblock, 0)) if (menu_clean (ctrl, keyblock, 0))
redisplay = modified = 1; redisplay = modified = 1;
break; break;
case cmdMINIMIZE: case cmdMINIMIZE:
if (menu_clean (keyblock, 1)) if (menu_clean (ctrl, keyblock, 1))
redisplay = modified = 1; redisplay = modified = 1;
break; break;
@ -2809,7 +2815,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
if (update_trust) if (update_trust)
{ {
revalidation_mark (); revalidation_mark (ctrl);
update_trust = 0; update_trust = 0;
} }
goto leave; goto leave;
@ -2928,8 +2934,8 @@ quick_find_keyblock (ctrl_t ctrl, const char *username,
goto leave; goto leave;
} }
fix_keyblock (&keyblock); fix_keyblock (ctrl, &keyblock);
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
*r_keyblock = keyblock; *r_keyblock = keyblock;
keyblock = NULL; keyblock = NULL;
@ -2981,7 +2987,7 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid)
} }
if (update_trust) if (update_trust)
revalidation_mark (); revalidation_mark (ctrl);
} }
leave: leave:
@ -3054,7 +3060,7 @@ keyedit_quick_revuid (ctrl_t ctrl, const char *username, const char *uidtorev)
goto leave; goto leave;
} }
revalidation_mark (); revalidation_mark (ctrl);
goto leave; goto leave;
} }
} }
@ -3112,16 +3118,16 @@ keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
if (!any) if (!any)
err = gpg_error (GPG_ERR_NO_USER_ID); err = gpg_error (GPG_ERR_NO_USER_ID);
else if (menu_set_primary_uid (keyblock)) else if (menu_set_primary_uid (ctrl, keyblock))
{ {
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
err = keydb_update_keyblock (ctrl, kdbhd, keyblock); err = keydb_update_keyblock (ctrl, kdbhd, keyblock);
if (err) if (err)
{ {
log_error (_("update failed: %s\n"), gpg_strerror (err)); log_error (_("update failed: %s\n"), gpg_strerror (err));
goto leave; goto leave;
} }
revalidation_mark (); revalidation_mark (ctrl);
} }
else else
err = gpg_error (GPG_ERR_GENERAL); err = gpg_error (GPG_ERR_GENERAL);
@ -3235,7 +3241,7 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd)) if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd))
goto leave; goto leave;
if (fix_keyblock (&keyblock)) if (fix_keyblock (ctrl, &keyblock))
modified++; modified++;
/* Give some info in verbose. */ /* Give some info in verbose. */
@ -3350,7 +3356,7 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids,
log_info (_("Key not changed so no update needed.\n")); log_info (_("Key not changed so no update needed.\n"));
if (update_trust) if (update_trust)
revalidation_mark (); revalidation_mark (ctrl);
leave: leave:
@ -3383,7 +3389,7 @@ keyedit_quick_addkey (ctrl_t ctrl, const char *fpr, const char *algostr,
if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd)) if (find_by_primary_fpr (ctrl, fpr, &keyblock, &kdbhd))
goto leave; goto leave;
if (fix_keyblock (&keyblock)) if (fix_keyblock (ctrl, &keyblock))
modified++; modified++;
pk = keyblock->pkt->pkt.public_key; pk = keyblock->pkt->pkt.public_key;
@ -3445,7 +3451,7 @@ keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr)
if (err) if (err)
goto leave; goto leave;
if (fix_keyblock (&keyblock)) if (fix_keyblock (ctrl, &keyblock))
modified++; modified++;
pk = keyblock->pkt->pkt.public_key; pk = keyblock->pkt->pkt.public_key;
@ -3470,7 +3476,7 @@ keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr)
expire += make_timestamp (); expire += make_timestamp ();
/* Set the new expiration date. */ /* Set the new expiration date. */
err = menu_expire (keyblock, 1, expire); err = menu_expire (ctrl, keyblock, 1, expire);
if (gpg_err_code (err) == GPG_ERR_TRUE) if (gpg_err_code (err) == GPG_ERR_TRUE)
modified = 1; modified = 1;
else if (err) else if (err)
@ -3487,7 +3493,7 @@ keyedit_quick_set_expire (ctrl_t ctrl, const char *fpr, const char *expirestr)
goto leave; goto leave;
} }
if (update_trust) if (update_trust)
revalidation_mark (); revalidation_mark (ctrl);
} }
else else
log_info (_("Key not changed so no update needed.\n")); log_info (_("Key not changed so no update needed.\n"));
@ -3756,7 +3762,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
(ulong) pk->timestamp, (ulong) pk->expiredate); (ulong) pk->timestamp, (ulong) pk->expiredate);
if (node->pkt->pkttype == PKT_PUBLIC_KEY if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& !(opt.fast_list_mode || opt.no_expensive_trust_checks)) && !(opt.fast_list_mode || opt.no_expensive_trust_checks))
es_putc (get_ownertrust_info (pk, 0), fp); es_putc (get_ownertrust_info (ctrl, pk, 0), fp);
es_putc (':', fp); es_putc (':', fp);
es_putc (':', fp); es_putc (':', fp);
es_putc (':', fp); es_putc (':', fp);
@ -3771,7 +3777,7 @@ show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock)
es_putc ('a', fp); es_putc ('a', fp);
es_putc ('\n', fp); es_putc ('\n', fp);
print_fingerprint (fp, pk, 0); print_fingerprint (ctrl, fp, pk, 0);
print_revokers (fp, pk); print_revokers (fp, pk);
} }
} }
@ -3973,7 +3979,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
static int did_warn = 0; static int did_warn = 0;
trust = get_validity_string (ctrl, pk, NULL); trust = get_validity_string (ctrl, pk, NULL);
otrust = get_ownertrust_string (pk, 0); otrust = get_ownertrust_string (ctrl, pk, 0);
/* Show a warning once */ /* Show a warning once */
if (!did_warn if (!did_warn
@ -3989,7 +3995,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
if (pk->flags.revoked) if (pk->flags.revoked)
{ {
char *user = get_user_id_string_native (pk->revoked.keyid); char *user = get_user_id_string_native (ctrl, pk->revoked.keyid);
tty_fprintf (fp, tty_fprintf (fp,
_("The following key was revoked on" _("The following key was revoked on"
" %s by %s key %s\n"), " %s by %s key %s\n"),
@ -4010,10 +4016,10 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
const char *algo; const char *algo;
algo = gcry_pk_algo_name (pk->revkey[i].algid); algo = gcry_pk_algo_name (pk->revkey[i].algid);
keyid_from_fingerprint (pk->revkey[i].fpr, keyid_from_fingerprint (ctrl, pk->revkey[i].fpr,
MAX_FINGERPRINT_LEN, r_keyid); MAX_FINGERPRINT_LEN, r_keyid);
user = get_user_id_string_native (r_keyid); user = get_user_id_string_native (ctrl, r_keyid);
tty_fprintf (fp, tty_fprintf (fp,
_("This key may be revoked by %s key %s"), _("This key may be revoked by %s key %s"),
algo ? algo : "?", user); algo ? algo : "?", user);
@ -4147,7 +4153,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
tty_fprintf (fp, "\n"); tty_fprintf (fp, "\n");
} }
if (node->pkt->pkttype == PKT_PUBLIC_KEY if (node->pkt->pkttype == PKT_PUBLIC_KEY
&& (get_ownertrust (pk) & TRUST_FLAG_DISABLED)) && (get_ownertrust (ctrl, pk) & TRUST_FLAG_DISABLED))
{ {
tty_fprintf (fp, "*** "); tty_fprintf (fp, "*** ");
tty_fprintf (fp, _("This key has been disabled")); tty_fprintf (fp, _("This key has been disabled"));
@ -4158,7 +4164,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
if ((node->pkt->pkttype == PKT_PUBLIC_KEY if ((node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_SECRET_KEY) && with_fpr) || node->pkt->pkttype == PKT_SECRET_KEY) && with_fpr)
{ {
print_fingerprint (fp, pk, 2); print_fingerprint (ctrl, fp, pk, 2);
tty_fprintf (fp, "\n"); tty_fprintf (fp, "\n");
} }
} }
@ -4183,7 +4189,7 @@ show_key_with_all_names (ctrl_t ctrl, estream_t fp,
secret keys and thus the printing of "pub" vs. "sec" does only secret keys and thus the printing of "pub" vs. "sec" does only
depend on the packet type and not by checking with gpg-agent. */ depend on the packet type and not by checking with gpg-agent. */
void void
show_basic_key_info (KBNODE keyblock) show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock)
{ {
KBNODE node; KBNODE node;
int i; int i;
@ -4209,7 +4215,7 @@ show_basic_key_info (KBNODE keyblock)
tty_printf (" "); tty_printf (" ");
tty_printf (_("expires: %s"), expirestr_from_pk (pk)); tty_printf (_("expires: %s"), expirestr_from_pk (pk));
tty_printf ("\n"); tty_printf ("\n");
print_fingerprint (NULL, pk, 3); print_fingerprint (ctrl, NULL, pk, 3);
tty_printf ("\n"); tty_printf ("\n");
} }
} }
@ -4235,7 +4241,7 @@ show_basic_key_info (KBNODE keyblock)
static void static void
show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys) show_key_and_fingerprint (ctrl_t ctrl, kbnode_t keyblock, int with_subkeys)
{ {
kbnode_t node; kbnode_t node;
PKT_public_key *pk = NULL; PKT_public_key *pk = NULL;
@ -4260,7 +4266,7 @@ show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys)
} }
tty_printf ("\n"); tty_printf ("\n");
if (pk) if (pk)
print_fingerprint (NULL, pk, 2); print_fingerprint (ctrl, NULL, pk, 2);
if (with_subkeys) if (with_subkeys)
{ {
for (node = keyblock; node; node = node->next) for (node = keyblock; node; node = node->next)
@ -4274,7 +4280,7 @@ show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys)
datestr_from_pk (pk), datestr_from_pk (pk),
usagestr_from_pk (pk, 0)); usagestr_from_pk (pk, 0));
print_fingerprint (NULL, pk, 4); print_fingerprint (ctrl, NULL, pk, 4);
} }
} }
} }
@ -4486,7 +4492,7 @@ menu_adduid (ctrl_t ctrl, kbnode_t pub_keyblock,
return 0; return 0;
} }
err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x13, 0, 0, 0,
keygen_add_std_prefs, pk, NULL); keygen_add_std_prefs, pk, NULL);
if (err) if (err)
{ {
@ -4549,7 +4555,7 @@ menu_deluid (KBNODE pub_keyblock)
static int static int
menu_delsig (KBNODE pub_keyblock) menu_delsig (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
KBNODE node; KBNODE node;
PKT_user_id *uid = NULL; PKT_user_id *uid = NULL;
@ -4571,11 +4577,11 @@ menu_delsig (KBNODE pub_keyblock)
okay = inv_sig = no_key = other_err = 0; okay = inv_sig = no_key = other_err = 0;
if (opt.with_colons) if (opt.with_colons)
valid = print_and_check_one_sig_colon (pub_keyblock, node, valid = print_and_check_one_sig_colon (ctrl, pub_keyblock, node,
&inv_sig, &no_key, &inv_sig, &no_key,
&other_err, &selfsig, 1); &other_err, &selfsig, 1);
else else
valid = print_and_check_one_sig (pub_keyblock, node, valid = print_and_check_one_sig (ctrl, pub_keyblock, node,
&inv_sig, &no_key, &other_err, &inv_sig, &no_key, &other_err,
&selfsig, 1, 0); &selfsig, 1, 0);
@ -4631,7 +4637,7 @@ menu_delsig (KBNODE pub_keyblock)
static int static int
menu_clean (KBNODE keyblock, int self_only) menu_clean (ctrl_t ctrl, kbnode_t keyblock, int self_only)
{ {
KBNODE uidnode; KBNODE uidnode;
int modified = 0, select_all = !count_selected_uids (keyblock); int modified = 0, select_all = !count_selected_uids (keyblock);
@ -4648,7 +4654,7 @@ menu_clean (KBNODE keyblock, int self_only)
uidnode->pkt->pkt.user_id->len, uidnode->pkt->pkt.user_id->len,
0); 0);
clean_one_uid (keyblock, uidnode, opt.verbose, self_only, &uids, clean_one_uid (ctrl, keyblock, uidnode, opt.verbose, self_only, &uids,
&sigs); &sigs);
if (uids) if (uids)
{ {
@ -4849,8 +4855,8 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
continue; continue;
} }
print_pubkey_info (NULL, revoker_pk); print_pubkey_info (ctrl, NULL, revoker_pk);
print_fingerprint (NULL, revoker_pk, 2); print_fingerprint (ctrl, NULL, revoker_pk, 2);
tty_printf ("\n"); tty_printf ("\n");
tty_printf (_("WARNING: appointing a key as a designated revoker " tty_printf (_("WARNING: appointing a key as a designated revoker "
@ -4868,7 +4874,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
break; break;
} }
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0, rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0,
keygen_add_revkey, &revkey, NULL); keygen_add_revkey, &revkey, NULL);
if (rc) if (rc)
{ {
@ -4900,7 +4906,8 @@ fail:
* avoid all interactivity. Retirns 0 if nothing was done, * avoid all interactivity. Retirns 0 if nothing was done,
* GPG_ERR_TRUE if the key was modified, or any other error code. */ * GPG_ERR_TRUE if the key was modified, or any other error code. */
static gpg_error_t static gpg_error_t
menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration) menu_expire (ctrl_t ctrl, kbnode_t pub_keyblock,
int force_mainkey, u32 newexpiration)
{ {
int signumber, rc; int signumber, rc;
u32 expiredate; u32 expiredate;
@ -4989,12 +4996,14 @@ menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration)
} }
if (mainkey) if (mainkey)
rc = update_keysig_packet (&newsig, sig, main_pk, uid, NULL, rc = update_keysig_packet (ctrl,
&newsig, sig, main_pk, uid, NULL,
main_pk, keygen_add_key_expire, main_pk, keygen_add_key_expire,
main_pk); main_pk);
else else
rc = rc =
update_keysig_packet (&newsig, sig, main_pk, NULL, sub_pk, update_keysig_packet (ctrl,
&newsig, sig, main_pk, NULL, sub_pk,
main_pk, keygen_add_key_expire, sub_pk); main_pk, keygen_add_key_expire, sub_pk);
if (rc) if (rc)
{ {
@ -5026,7 +5035,7 @@ menu_expire (kbnode_t pub_keyblock, int force_mainkey, u32 newexpiration)
* be used to rectify badly created keys and as such is not suggested * be used to rectify badly created keys and as such is not suggested
* for general use. */ * for general use. */
static int static int
menu_changeusage (kbnode_t keyblock) menu_changeusage (ctrl_t ctrl, kbnode_t keyblock)
{ {
int n1, rc; int n1, rc;
int mainkey = 0; int mainkey = 0;
@ -5097,12 +5106,14 @@ menu_changeusage (kbnode_t keyblock)
sub_pk->pubkey_usage); sub_pk->pubkey_usage);
if (mainkey) if (mainkey)
rc = update_keysig_packet (&newsig, sig, main_pk, uid, NULL, rc = update_keysig_packet (ctrl,
&newsig, sig, main_pk, uid, NULL,
main_pk, keygen_add_key_flags, main_pk, keygen_add_key_flags,
main_pk); main_pk);
else else
rc = rc =
update_keysig_packet (&newsig, sig, main_pk, NULL, sub_pk, update_keysig_packet (ctrl,
&newsig, sig, main_pk, NULL, sub_pk,
main_pk, keygen_add_key_flags, sub_pk); main_pk, keygen_add_key_flags, sub_pk);
if (rc) if (rc)
{ {
@ -5129,7 +5140,7 @@ menu_changeusage (kbnode_t keyblock)
static int static int
menu_backsign (KBNODE pub_keyblock) menu_backsign (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
int rc, modified = 0; int rc, modified = 0;
PKT_public_key *main_pk; PKT_public_key *main_pk;
@ -5138,7 +5149,7 @@ menu_backsign (KBNODE pub_keyblock)
log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY); log_assert (pub_keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
merge_keys_and_selfsig (pub_keyblock); merge_keys_and_selfsig (ctrl, pub_keyblock);
main_pk = pub_keyblock->pkt->pkt.public_key; main_pk = pub_keyblock->pkt->pkt.public_key;
keyid_from_pk (main_pk, NULL); keyid_from_pk (main_pk, NULL);
@ -5198,14 +5209,16 @@ menu_backsign (KBNODE pub_keyblock)
/* Now we can get to work. */ /* Now we can get to work. */
rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk, rc = make_backsig (ctrl,
sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk,
timestamp, NULL); timestamp, NULL);
if (!rc) if (!rc)
{ {
PKT_signature *newsig; PKT_signature *newsig;
PACKET *newpkt; PACKET *newpkt;
rc = update_keysig_packet (&newsig, sig_pk->pkt->pkt.signature, rc = update_keysig_packet (ctrl,
&newsig, sig_pk->pkt->pkt.signature,
main_pk, NULL, sub_pk, main_pk, main_pk, NULL, sub_pk, main_pk,
NULL, NULL); NULL, NULL);
if (!rc) if (!rc)
@ -5268,7 +5281,7 @@ change_primary_uid_cb (PKT_signature * sig, void *opaque)
* sufficient to updated a signature during import. * sufficient to updated a signature during import.
*/ */
static int static int
menu_set_primary_uid (KBNODE pub_keyblock) menu_set_primary_uid (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
PKT_public_key *main_pk; PKT_public_key *main_pk;
PKT_user_id *uid; PKT_user_id *uid;
@ -5357,7 +5370,7 @@ menu_set_primary_uid (KBNODE pub_keyblock)
if (action) if (action)
{ {
int rc = update_keysig_packet (&newsig, sig, int rc = update_keysig_packet (ctrl, &newsig, sig,
main_pk, uid, NULL, main_pk, uid, NULL,
main_pk, main_pk,
change_primary_uid_cb, change_primary_uid_cb,
@ -5390,7 +5403,7 @@ menu_set_primary_uid (KBNODE pub_keyblock)
* Set preferences to new values for the selected user IDs * Set preferences to new values for the selected user IDs
*/ */
static int static int
menu_set_preferences (KBNODE pub_keyblock) menu_set_preferences (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
PKT_public_key *main_pk; PKT_public_key *main_pk;
PKT_user_id *uid; PKT_user_id *uid;
@ -5448,7 +5461,7 @@ menu_set_preferences (KBNODE pub_keyblock)
PACKET *newpkt; PACKET *newpkt;
int rc; int rc;
rc = update_keysig_packet (&newsig, sig, rc = update_keysig_packet (ctrl, &newsig, sig,
main_pk, uid, NULL, main_pk, main_pk, uid, NULL, main_pk,
keygen_upd_std_prefs, NULL); keygen_upd_std_prefs, NULL);
if (rc) if (rc)
@ -5475,7 +5488,7 @@ menu_set_preferences (KBNODE pub_keyblock)
static int static int
menu_set_keyserver_url (const char *url, KBNODE pub_keyblock) menu_set_keyserver_url (ctrl_t ctrl, const char *url, kbnode_t pub_keyblock)
{ {
PKT_public_key *main_pk; PKT_public_key *main_pk;
PKT_user_id *uid; PKT_user_id *uid;
@ -5582,7 +5595,7 @@ menu_set_keyserver_url (const char *url, KBNODE pub_keyblock)
continue; continue;
} }
rc = update_keysig_packet (&newsig, sig, rc = update_keysig_packet (ctrl, &newsig, sig,
main_pk, uid, NULL, main_pk, uid, NULL,
main_pk, main_pk,
keygen_add_keyserver_url, uri); keygen_add_keyserver_url, uri);
@ -5612,8 +5625,9 @@ menu_set_keyserver_url (const char *url, KBNODE pub_keyblock)
return modified; return modified;
} }
static int static int
menu_set_notation (const char *string, KBNODE pub_keyblock) menu_set_notation (ctrl_t ctrl, const char *string, KBNODE pub_keyblock)
{ {
PKT_public_key *main_pk; PKT_public_key *main_pk;
PKT_user_id *uid; PKT_user_id *uid;
@ -5781,7 +5795,7 @@ menu_set_notation (const char *string, KBNODE pub_keyblock)
_("Proceed? (y/N) ")))) _("Proceed? (y/N) "))))
continue; continue;
rc = update_keysig_packet (&newsig, sig, rc = update_keysig_packet (ctrl, &newsig, sig,
main_pk, uid, NULL, main_pk, uid, NULL,
main_pk, main_pk,
keygen_add_notations, notation); keygen_add_notations, notation);
@ -6140,7 +6154,7 @@ real_uids_left (KBNODE keyblock)
* flag bit MARK_A is set on the signature and the user ID. * flag bit MARK_A is set on the signature and the user ID.
*/ */
static void static void
ask_revoke_sig (KBNODE keyblock, KBNODE node) ask_revoke_sig (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node)
{ {
int doit = 0; int doit = 0;
PKT_user_id *uid; PKT_user_id *uid;
@ -6167,8 +6181,8 @@ ask_revoke_sig (KBNODE keyblock, KBNODE node)
es_printf ("\n"); es_printf ("\n");
print_and_check_one_sig_colon (keyblock, node, NULL, NULL, NULL, NULL, print_and_check_one_sig_colon (ctrl, keyblock, node,
1); NULL, NULL, NULL, NULL, 1);
} }
else else
{ {
@ -6210,7 +6224,7 @@ ask_revoke_sig (KBNODE keyblock, KBNODE node)
* Return: True when the keyblock has changed. * Return: True when the keyblock has changed.
*/ */
static int static int
menu_revsig (KBNODE keyblock) menu_revsig (ctrl_t ctrl, kbnode_t keyblock)
{ {
PKT_signature *sig; PKT_signature *sig;
PKT_public_key *primary_pk; PKT_public_key *primary_pk;
@ -6302,7 +6316,7 @@ menu_revsig (KBNODE keyblock)
{ {
if (!(node->flag & NODFLG_SELSIG)) if (!(node->flag & NODFLG_SELSIG))
continue; continue;
ask_revoke_sig (keyblock, node); ask_revoke_sig (ctrl, keyblock, node);
} }
/* present selected */ /* present selected */
@ -6368,13 +6382,13 @@ reloop: /* (must use this, because we are modifing the list) */
node->flag &= ~NODFLG_MARK_A; node->flag &= ~NODFLG_MARK_A;
signerkey = xmalloc_secure_clear (sizeof *signerkey); signerkey = xmalloc_secure_clear (sizeof *signerkey);
if (get_seckey (signerkey, node->pkt->pkt.signature->keyid)) if (get_seckey (ctrl, signerkey, node->pkt->pkt.signature->keyid))
{ {
log_info (_("no secret key\n")); log_info (_("no secret key\n"));
free_public_key (signerkey); free_public_key (signerkey);
continue; continue;
} }
rc = make_keysig_packet (&sig, primary_pk, rc = make_keysig_packet (ctrl, &sig, primary_pk,
unode->pkt->pkt.user_id, unode->pkt->pkt.user_id,
NULL, signerkey, 0x30, 0, 0, 0, NULL, signerkey, 0x30, 0, 0, 0,
sign_mk_attrib, &attrib, NULL); sign_mk_attrib, &attrib, NULL);
@ -6459,7 +6473,7 @@ core_revuid (ctrl_t ctrl, kbnode_t keyblock, KBNODE node,
mksubpkt argument to make_keysig_packet */ mksubpkt argument to make_keysig_packet */
attrib.reason = (struct revocation_reason_info *)reason; attrib.reason = (struct revocation_reason_info *)reason;
rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0, rc = make_keysig_packet (ctrl, &sig, pk, uid, NULL, pk, 0x30, 0,
timestamp, 0, timestamp, 0,
sign_mk_attrib, &attrib, NULL); sign_mk_attrib, &attrib, NULL);
if (rc) if (rc)
@ -6569,7 +6583,7 @@ leave:
* Revoke the whole key. * Revoke the whole key.
*/ */
static int static int
menu_revkey (KBNODE pub_keyblock) menu_revkey (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key; PKT_public_key *pk = pub_keyblock->pkt->pkt.public_key;
int rc, changed = 0; int rc, changed = 0;
@ -6588,7 +6602,7 @@ menu_revkey (KBNODE pub_keyblock)
if (!reason) if (!reason)
return 0; return 0;
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk,
0x20, 0, 0, 0, 0x20, 0, 0, 0,
revocation_reason_build_cb, reason, NULL); revocation_reason_build_cb, reason, NULL);
if (rc) if (rc)
@ -6615,7 +6629,7 @@ menu_revkey (KBNODE pub_keyblock)
static int static int
menu_revsubkey (KBNODE pub_keyblock) menu_revsubkey (ctrl_t ctrl, kbnode_t pub_keyblock)
{ {
PKT_public_key *mainpk; PKT_public_key *mainpk;
KBNODE node; KBNODE node;
@ -6650,7 +6664,7 @@ menu_revsubkey (KBNODE pub_keyblock)
attrib.reason = reason; attrib.reason = reason;
node->flag &= ~NODFLG_SELKEY; node->flag &= ~NODFLG_SELKEY;
rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk, rc = make_keysig_packet (ctrl, &sig, mainpk, NULL, subpk, mainpk,
0x28, 0, 0, 0, sign_mk_attrib, &attrib, 0x28, 0, 0, 0, sign_mk_attrib, &attrib,
NULL); NULL);
if (rc) if (rc)
@ -6686,19 +6700,19 @@ menu_revsubkey (KBNODE pub_keyblock)
not worth adding extra complexity to change. -ds */ not worth adding extra complexity to change. -ds */
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
static int static int
enable_disable_key (KBNODE keyblock, int disable) enable_disable_key (ctrl_t ctrl, kbnode_t keyblock, int disable)
{ {
PKT_public_key *pk = PKT_public_key *pk =
find_kbnode (keyblock, PKT_PUBLIC_KEY)->pkt->pkt.public_key; find_kbnode (keyblock, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
unsigned int trust, newtrust; unsigned int trust, newtrust;
trust = newtrust = get_ownertrust (pk); trust = newtrust = get_ownertrust (ctrl, pk);
newtrust &= ~TRUST_FLAG_DISABLED; newtrust &= ~TRUST_FLAG_DISABLED;
if (disable) if (disable)
newtrust |= TRUST_FLAG_DISABLED; newtrust |= TRUST_FLAG_DISABLED;
if (trust == newtrust) if (trust == newtrust)
return 0; /* already in that state */ return 0; /* already in that state */
update_ownertrust (pk, newtrust); update_ownertrust (ctrl, pk, newtrust);
return 0; return 0;
} }
#endif /*!NO_TRUST_MODELS*/ #endif /*!NO_TRUST_MODELS*/

46
g10/keygen.c
View File

@ -843,7 +843,7 @@ keygen_add_revkey (PKT_signature *sig, void *opaque)
/* Create a back-signature. If TIMESTAMP is not NULL, use it for the /* Create a back-signature. If TIMESTAMP is not NULL, use it for the
signature creation time. */ signature creation time. */
gpg_error_t gpg_error_t
make_backsig (PKT_signature *sig, PKT_public_key *pk, make_backsig (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pk,
PKT_public_key *sub_pk, PKT_public_key *sub_psk, PKT_public_key *sub_pk, PKT_public_key *sub_psk,
u32 timestamp, const char *cache_nonce) u32 timestamp, const char *cache_nonce)
{ {
@ -852,7 +852,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
cache_public_key (sub_pk); cache_public_key (sub_pk);
err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19, err = make_keysig_packet (ctrl, &backsig, pk, NULL, sub_pk, sub_psk, 0x19,
0, timestamp, 0, NULL, NULL, cache_nonce); 0, timestamp, 0, NULL, NULL, cache_nonce);
if (err) if (err)
log_error ("make_keysig_packet failed for backsig: %s\n", log_error ("make_keysig_packet failed for backsig: %s\n",
@ -936,7 +936,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
PSK. REVKEY is describes the direct key signature and TIMESTAMP is PSK. REVKEY is describes the direct key signature and TIMESTAMP is
the timestamp to set on the signature. */ the timestamp to set on the signature. */
static gpg_error_t static gpg_error_t
write_direct_sig (KBNODE root, PKT_public_key *psk, write_direct_sig (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk,
struct revocation_key *revkey, u32 timestamp, struct revocation_key *revkey, u32 timestamp,
const char *cache_nonce) const char *cache_nonce)
{ {
@ -960,7 +960,7 @@ write_direct_sig (KBNODE root, PKT_public_key *psk,
cache_public_key (pk); cache_public_key (pk);
/* Make the signature. */ /* Make the signature. */
err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F, err = make_keysig_packet (ctrl, &sig, pk, NULL,NULL, psk, 0x1F,
0, timestamp, 0, 0, timestamp, 0,
keygen_add_revkey, revkey, cache_nonce); keygen_add_revkey, revkey, cache_nonce);
if (err) if (err)
@ -982,7 +982,7 @@ write_direct_sig (KBNODE root, PKT_public_key *psk,
PSK. USE and TIMESTAMP give the extra data we need for the PSK. USE and TIMESTAMP give the extra data we need for the
signature. */ signature. */
static gpg_error_t static gpg_error_t
write_selfsigs (KBNODE root, PKT_public_key *psk, write_selfsigs (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk,
unsigned int use, u32 timestamp, const char *cache_nonce) unsigned int use, u32 timestamp, const char *cache_nonce)
{ {
gpg_error_t err; gpg_error_t err;
@ -1015,7 +1015,7 @@ write_selfsigs (KBNODE root, PKT_public_key *psk,
cache_public_key (pk); cache_public_key (pk);
/* Make the signature. */ /* Make the signature. */
err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13, err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, psk, 0x13,
0, timestamp, 0, 0, timestamp, 0,
keygen_add_std_prefs, pk, cache_nonce); keygen_add_std_prefs, pk, cache_nonce);
if (err) if (err)
@ -1038,7 +1038,8 @@ write_selfsigs (KBNODE root, PKT_public_key *psk,
SUB_PSK is a key used to create a back-signature; that one is only SUB_PSK is a key used to create a back-signature; that one is only
used if USE has the PUBKEY_USAGE_SIG capability. */ used if USE has the PUBKEY_USAGE_SIG capability. */
static int static int
write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk, write_keybinding (ctrl_t ctrl, kbnode_t root,
PKT_public_key *pri_psk, PKT_public_key *sub_psk,
unsigned int use, u32 timestamp, const char *cache_nonce) unsigned int use, u32 timestamp, const char *cache_nonce)
{ {
gpg_error_t err; gpg_error_t err;
@ -1074,7 +1075,7 @@ write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
/* Make the signature. */ /* Make the signature. */
oduap.usage = use; oduap.usage = use;
oduap.pk = sub_pk; oduap.pk = sub_pk;
err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18, err = make_keysig_packet (ctrl, &sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
0, timestamp, 0, 0, timestamp, 0,
keygen_add_key_flags_and_expire, &oduap, keygen_add_key_flags_and_expire, &oduap,
cache_nonce); cache_nonce);
@ -1087,7 +1088,8 @@ write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
/* Make a backsig. */ /* Make a backsig. */
if (use & PUBKEY_USAGE_SIG) if (use & PUBKEY_USAGE_SIG)
{ {
err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce); err = make_backsig (ctrl,
sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce);
if (err) if (err)
return err; return err;
} }
@ -4667,12 +4669,13 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
} }
if (!err && (revkey = get_parameter_revkey (para, pREVOKER))) if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce); err = write_direct_sig (ctrl, pub_root, pri_psk,
revkey, timestamp, cache_nonce);
if (!err && (s = get_parameter_value (para, pUSERID))) if (!err && (s = get_parameter_value (para, pUSERID)))
{ {
write_uid (pub_root, s ); write_uid (pub_root, s );
err = write_selfsigs (pub_root, pri_psk, err = write_selfsigs (ctrl, pub_root, pri_psk,
get_parameter_uint (para, pKEYUSAGE), timestamp, get_parameter_uint (para, pKEYUSAGE), timestamp,
cache_nonce); cache_nonce);
} }
@ -4690,7 +4693,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
0, pub_root, &timestamp, 0, pub_root, &timestamp,
get_parameter_u32 (para, pKEYEXPIRE)); get_parameter_u32 (para, pKEYEXPIRE));
if (!err) if (!err)
err = write_keybinding (pub_root, pri_psk, NULL, err = write_keybinding (ctrl, pub_root, pri_psk, NULL,
PUBKEY_USAGE_AUTH, timestamp, cache_nonce); PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
} }
@ -4732,7 +4735,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
} }
if (!err) if (!err)
err = write_keybinding (pub_root, pri_psk, sub_psk, err = write_keybinding (ctrl, pub_root, pri_psk, sub_psk,
get_parameter_uint (para, pSUBKEYUSAGE), get_parameter_uint (para, pSUBKEYUSAGE),
timestamp, cache_nonce); timestamp, cache_nonce);
did_sub = 1; did_sub = 1;
@ -4791,10 +4794,11 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
keyid_from_pk (pk, pk->main_keyid); keyid_from_pk (pk, pk->main_keyid);
register_trusted_keyid (pk->main_keyid); register_trusted_keyid (pk->main_keyid);
update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) update_ownertrust (ctrl, pk,
| TRUST_ULTIMATE )); ((get_ownertrust (ctrl, pk) & ~TRUST_MASK)
| TRUST_ULTIMATE ));
gen_standard_revoke (pk, cache_nonce); gen_standard_revoke (ctrl, pk, cache_nonce);
/* Get rid of the first empty packet. */ /* Get rid of the first empty packet. */
commit_kbnode (&pub_root); commit_kbnode (&pub_root);
@ -4803,7 +4807,7 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
{ {
tty_printf (_("public and secret key created and signed.\n") ); tty_printf (_("public and secret key created and signed.\n") );
tty_printf ("\n"); tty_printf ("\n");
merge_keys_and_selfsig (pub_root); merge_keys_and_selfsig (ctrl, pub_root);
list_keyblock_direct (ctrl, pub_root, 0, 1, 1, 1); list_keyblock_direct (ctrl, pub_root, 0, 1, 1, 1);
} }
@ -5033,7 +5037,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
* nonce, which we can use to set the passphrase for the subkey to * nonce, which we can use to set the passphrase for the subkey to
* that of the primary key. */ * that of the primary key. */
{ {
char *desc = gpg_format_keydesc (pri_psk, FORMAT_KEYDESC_NORMAL, 1); char *desc = gpg_format_keydesc (ctrl, pri_psk, FORMAT_KEYDESC_NORMAL, 1);
err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/, err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/,
&cache_nonce, &passwd_nonce); &cache_nonce, &passwd_nonce);
xfree (desc); xfree (desc);
@ -5071,7 +5075,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
sub_psk = node->pkt->pkt.public_key; sub_psk = node->pkt->pkt.public_key;
/* Write the binding signature. */ /* Write the binding signature. */
err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, err = write_keybinding (ctrl, keyblock, pri_psk, sub_psk, use, cur_time,
cache_nonce); cache_nonce);
if (err) if (err)
goto leave; goto leave;
@ -5095,7 +5099,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
/* Generate a subkey on a card. */ /* Generate a subkey on a card. */
gpg_error_t gpg_error_t
generate_card_subkeypair (kbnode_t pub_keyblock, generate_card_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock,
int keyno, const char *serialno) int keyno, const char *serialno)
{ {
gpg_error_t err = 0; gpg_error_t err = 0;
@ -5186,7 +5190,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
sub_pk = node->pkt->pkt.public_key; sub_pk = node->pkt->pkt.public_key;
log_assert (sub_pk); log_assert (sub_pk);
err = write_keybinding (pub_keyblock, pri_pk, sub_pk, err = write_keybinding (ctrl, pub_keyblock, pri_pk, sub_pk,
use, cur_time, NULL); use, cur_time, NULL);
} }

5
g10/keyid.c
View File

@ -538,7 +538,8 @@ keyid_from_pk (PKT_public_key *pk, u32 *keyid)
* keys, but has to do a keylookup for old stayle keys. * keys, but has to do a keylookup for old stayle keys.
*/ */
u32 u32
keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid ) keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint,
size_t fprint_len, u32 *keyid)
{ {
u32 dummy_keyid[2]; u32 dummy_keyid[2];
@ -552,7 +553,7 @@ keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid )
int rc; int rc;
memset (&pk, 0, sizeof pk); memset (&pk, 0, sizeof pk);
rc = get_pubkey_byfprint (&pk, NULL, fprint, fprint_len); rc = get_pubkey_byfprint (ctrl, &pk, NULL, fprint, fprint_len);
if( rc ) if( rc )
{ {
log_error("Oops: keyid_from_fingerprint: no pubkey\n"); log_error("Oops: keyid_from_fingerprint: no pubkey\n");

61
g10/keylist.c
View File

@ -92,7 +92,7 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
byte trust_model, marginals, completes, cert_depth, min_cert_level; byte trust_model, marginals, completes, cert_depth, min_cert_level;
ulong created, nextcheck; ulong created, nextcheck;
read_trust_options (&trust_model, &created, &nextcheck, read_trust_options (ctrl, &trust_model, &created, &nextcheck,
&marginals, &completes, &cert_depth, &min_cert_level); &marginals, &completes, &cert_depth, &min_cert_level);
es_fprintf (es_stdout, "tru:"); es_fprintf (es_stdout, "tru:");
@ -164,7 +164,7 @@ secret_key_list (ctrl_t ctrl, strlist_t list)
} }
char * char *
format_seckey_info (PKT_public_key *pk) format_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
{ {
u32 keyid[2]; u32 keyid[2];
char *p; char *p;
@ -172,7 +172,7 @@ format_seckey_info (PKT_public_key *pk)
char *info; char *info;
keyid_from_pk (pk, keyid); keyid_from_pk (pk, keyid);
p = get_user_id_native (keyid); p = get_user_id_native (ctrl, keyid);
info = xtryasprintf ("sec %s/%s %s %s", info = xtryasprintf ("sec %s/%s %s %s",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
@ -184,9 +184,9 @@ format_seckey_info (PKT_public_key *pk)
} }
void void
print_seckey_info (PKT_public_key *pk) print_seckey_info (ctrl_t ctrl, PKT_public_key *pk)
{ {
char *p = format_seckey_info (pk); char *p = format_seckey_info (ctrl, pk);
tty_printf ("\n%s\n", p); tty_printf ("\n%s\n", p);
xfree (p); xfree (p);
} }
@ -195,7 +195,7 @@ print_seckey_info (PKT_public_key *pk)
the tty output interface is used, otherwise output is directted to the tty output interface is used, otherwise output is directted to
the given stream. */ the given stream. */
void void
print_pubkey_info (estream_t fp, PKT_public_key *pk) print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk)
{ {
u32 keyid[2]; u32 keyid[2];
char *p; char *p;
@ -208,7 +208,7 @@ print_pubkey_info (estream_t fp, PKT_public_key *pk)
if (pk->user_id) if (pk->user_id)
p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0); p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
else else
p = get_user_id_native (keyid); p = get_user_id_native (ctrl, keyid);
if (fp) if (fp)
tty_printf ("\n"); tty_printf ("\n");
@ -553,7 +553,7 @@ list_all (ctrl_t ctrl, int secret, int mark_secret)
lastresname = resname; lastresname = resname;
} }
} }
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint, list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint,
&listctx); &listctx);
} }
@ -604,7 +604,7 @@ list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
* functions) or to have the search function return indicators for * functions) or to have the search function return indicators for
* found names. Yet another way is to use the keydb search * found names. Yet another way is to use the keydb search
* facilities directly. */ * facilities directly. */
rc = getkey_bynames (&ctx, NULL, names, secret, &keyblock); rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock);
if (rc) if (rc)
{ {
log_error ("error reading key: %s\n", gpg_strerror (rc)); log_error ("error reading key: %s\n", gpg_strerror (rc));
@ -626,7 +626,7 @@ list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret)
keyblock, secret, mark_secret, opt.fingerprint, &listctx); keyblock, secret, mark_secret, opt.fingerprint, &listctx);
release_kbnode (keyblock); release_kbnode (keyblock);
} }
while (!getkey_next (ctx, NULL, &keyblock)); while (!getkey_next (ctrl, ctx, NULL, &keyblock));
getkey_end (ctx); getkey_end (ctx);
if (opt.check_sigs && !opt.with_colons) if (opt.check_sigs && !opt.with_colons)
@ -667,7 +667,7 @@ locate_one (ctrl_t ctrl, strlist_t names)
list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx); list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx);
release_kbnode (keyblock); release_kbnode (keyblock);
} }
while (ctx && !getkey_next (ctx, NULL, &keyblock)); while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock));
getkey_end (ctx); getkey_end (ctx);
ctx = NULL; ctx = NULL;
} }
@ -696,7 +696,7 @@ print_key_data (PKT_public_key * pk)
} }
static void static void
print_capabilities (PKT_public_key *pk, KBNODE keyblock) print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock)
{ {
unsigned int use = pk->pubkey_usage; unsigned int use = pk->pubkey_usage;
int c_printed = 0; int c_printed = 0;
@ -907,10 +907,10 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
check_trustdb_stale (ctrl); check_trustdb_stale (ctrl);
/* Print the "pub" line and in KF_NONE mode the fingerprint. */ /* Print the "pub" line and in KF_NONE mode the fingerprint. */
print_key_line (es_stdout, pk, secret); print_key_line (ctrl, es_stdout, pk, secret);
if (fpr) if (fpr)
print_fingerprint (NULL, pk, 0); print_fingerprint (ctrl, NULL, pk, 0);
if (opt.with_keygrip && hexgrip) if (opt.with_keygrip && hexgrip)
es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip);
@ -1020,10 +1020,10 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
} }
/* Print the "sub" line. */ /* Print the "sub" line. */
print_key_line (es_stdout, pk2, secret); print_key_line (ctrl, es_stdout, pk2, secret);
if (fpr > 1 || opt.with_subkey_fingerprint) if (fpr > 1 || opt.with_subkey_fingerprint)
{ {
print_fingerprint (NULL, pk2, 0); print_fingerprint (ctrl, NULL, pk2, 0);
if (serialno) if (serialno)
print_card_serialno (serialno); print_card_serialno (serialno);
} }
@ -1041,7 +1041,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
if (listctx->check_sigs) if (listctx->check_sigs)
{ {
rc = check_key_signature (keyblock, node, NULL); rc = check_key_signature (ctrl, keyblock, node, NULL);
switch (gpg_err_code (rc)) switch (gpg_err_code (rc))
{ {
case 0: case 0:
@ -1113,7 +1113,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
else if (!opt.fast_list_mode) else if (!opt.fast_list_mode)
{ {
size_t n; size_t n;
char *p = get_user_id (sig->keyid, &n); char *p = get_user_id (ctrl, sig->keyid, &n);
print_utf8_buffer (es_stdout, p, n); print_utf8_buffer (es_stdout, p, n);
xfree (p); xfree (p);
} }
@ -1261,7 +1261,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
} }
if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
ownertrust_print = get_ownertrust_info (pk, 0); ownertrust_print = get_ownertrust_info (ctrl, pk, 0);
else else
ownertrust_print = 0; ownertrust_print = 0;
@ -1282,7 +1282,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
es_putc (':', es_stdout); es_putc (':', es_stdout);
es_putc (':', es_stdout); es_putc (':', es_stdout);
print_capabilities (pk, keyblock); print_capabilities (ctrl, pk, keyblock);
es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 13. */
es_putc (':', es_stdout); /* End of field 14. */ es_putc (':', es_stdout); /* End of field 14. */
if (secret || has_secret) if (secret || has_secret)
@ -1314,7 +1314,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
es_putc ('\n', es_stdout); es_putc ('\n', es_stdout);
print_revokers (es_stdout, pk); print_revokers (es_stdout, pk);
print_fingerprint (NULL, pk, 0); print_fingerprint (ctrl, NULL, pk, 0);
if (hexgrip) if (hexgrip)
es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
if (opt.with_key_data) if (opt.with_key_data)
@ -1419,7 +1419,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
(ulong) keyid2[0], (ulong) keyid2[1], (ulong) keyid2[0], (ulong) keyid2[1],
colon_datestr_from_pk (pk2), colon_datestr_from_pk (pk2),
colon_strtime (pk2->expiredate)); colon_strtime (pk2->expiredate));
print_capabilities (pk2, NULL); print_capabilities (ctrl, pk2, NULL);
es_putc (':', es_stdout); /* End of field 13. */ es_putc (':', es_stdout); /* End of field 13. */
es_putc (':', es_stdout); /* End of field 14. */ es_putc (':', es_stdout); /* End of field 14. */
if (secret || has_secret) if (secret || has_secret)
@ -1448,7 +1448,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
print_compliance_flags (pk2, keylength, curvename); print_compliance_flags (pk2, keylength, curvename);
es_putc (':', es_stdout); /* End of field 18. */ es_putc (':', es_stdout); /* End of field 18. */
es_putc ('\n', es_stdout); es_putc ('\n', es_stdout);
print_fingerprint (NULL, pk2, 0); print_fingerprint (ctrl, NULL, pk2, 0);
if (hexgrip) if (hexgrip)
es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip);
if (opt.with_key_data) if (opt.with_key_data)
@ -1488,7 +1488,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
if (opt.no_sig_cache) if (opt.no_sig_cache)
signer_pk = xmalloc_clear (sizeof (PKT_public_key)); signer_pk = xmalloc_clear (sizeof (PKT_public_key));
rc = check_key_signature2 (keyblock, node, NULL, signer_pk, rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk,
NULL, NULL, NULL); NULL, NULL, NULL);
switch (gpg_err_code (rc)) switch (gpg_err_code (rc))
{ {
@ -1524,7 +1524,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
} }
if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode) if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
siguid = get_user_id (sig->keyid, &siguidlen); siguid = get_user_id (ctrl, sig->keyid, &siguidlen);
else else
{ {
siguid = NULL; siguid = NULL;
@ -1697,7 +1697,8 @@ print_icao_hexdigit (estream_t fp, int c)
* of es_stdout or instead of the TTY in modes 2 and 3. * of es_stdout or instead of the TTY in modes 2 and 3.
*/ */
void void
print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) print_fingerprint (ctrl_t ctrl, estream_t override_fp,
PKT_public_key *pk, int mode)
{ {
char hexfpr[2*MAX_FINGERPRINT_LEN+1]; char hexfpr[2*MAX_FINGERPRINT_LEN+1];
char *p; char *p;
@ -1742,8 +1743,8 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode)
if (!primary && (mode == 1 || mode == 2)) if (!primary && (mode == 1 || mode == 2))
{ {
PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk)); PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
get_pubkey (primary_pk, pk->main_keyid); get_pubkey (ctrl, primary_pk, pk->main_keyid);
print_fingerprint (override_fp, primary_pk, (mode | 0x80)); print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80));
free_public_key (primary_pk); free_public_key (primary_pk);
} }
@ -1864,7 +1865,7 @@ print_card_serialno (const char *serialno)
* 3 := '>' Secret key is on a token. * 3 := '>' Secret key is on a token.
*/ */
void void
print_key_line (estream_t fp, PKT_public_key *pk, int secret) print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret)
{ {
char pkstrbuf[PUBKEY_STRING_SIZE]; char pkstrbuf[PUBKEY_STRING_SIZE];
@ -1919,7 +1920,7 @@ print_key_line (estream_t fp, PKT_public_key *pk, int secret)
fingerprints, show compact fpr of primary key: */ fingerprints, show compact fpr of primary key: */
if (pk->flags.primary && if (pk->flags.primary &&
!opt.fingerprint && !opt.with_fingerprint) !opt.fingerprint && !opt.with_fingerprint)
print_fingerprint (fp, pk, 20); print_fingerprint (ctrl, fp, pk, 20);
} }

4
g10/keyring.c
View File

@ -1404,7 +1404,7 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
* This is only done for the public keyrings. * This is only done for the public keyrings.
*/ */
int int
keyring_rebuild_cache (void *token,int noisy) keyring_rebuild_cache (ctrl_t ctrl, void *token, int noisy)
{ {
KEYRING_HANDLE hd; KEYRING_HANDLE hd;
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
@ -1521,7 +1521,7 @@ keyring_rebuild_cache (void *token,int noisy)
|| openpgp_pk_test_algo(sig->pubkey_algo))) || openpgp_pk_test_algo(sig->pubkey_algo)))
sig->flags.checked=sig->flags.valid=0; sig->flags.checked=sig->flags.valid=0;
else else
check_key_signature (keyblock, node, NULL); check_key_signature (ctrl, keyblock, node, NULL);
sigcount++; sigcount++;
} }

2
g10/keyring.h
View File

@ -40,6 +40,6 @@ int keyring_delete_keyblock (KEYRING_HANDLE hd);
int keyring_search_reset (KEYRING_HANDLE hd); int keyring_search_reset (KEYRING_HANDLE hd);
int keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, int keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
size_t ndesc, size_t *descindex, int skip_legacy); size_t ndesc, size_t *descindex, int skip_legacy);
int keyring_rebuild_cache (void *token,int noisy); int keyring_rebuild_cache (ctrl_t ctrl, void *token,int noisy);
#endif /*GPG_KEYRING_H*/ #endif /*GPG_KEYRING_H*/

14
g10/keyserver.c
View File

@ -468,7 +468,7 @@ parse_preferred_keyserver(PKT_signature *sig)
} }
static void static void
print_keyrec(int number,struct keyrec *keyrec) print_keyrec (ctrl_t ctrl, int number,struct keyrec *keyrec)
{ {
int i; int i;
@ -522,7 +522,7 @@ print_keyrec(int number,struct keyrec *keyrec)
case KEYDB_SEARCH_MODE_FPR20: case KEYDB_SEARCH_MODE_FPR20:
{ {
u32 kid[2]; u32 kid[2];
keyid_from_fingerprint(keyrec->desc.u.fpr,20,kid); keyid_from_fingerprint (ctrl, keyrec->desc.u.fpr,20,kid);
es_printf("key %s",keystr(kid)); es_printf("key %s",keystr(kid));
} }
break; break;
@ -960,7 +960,7 @@ search_line_handler (void *opaque, int special, char *line)
parm->numlines = 0; parm->numlines = 0;
} }
print_keyrec (parm->nkeys+1, keyrec); print_keyrec (parm->ctrl, parm->nkeys+1, keyrec);
} }
parm->numlines += keyrec->lines; parm->numlines += keyrec->lines;
@ -1196,9 +1196,11 @@ keyserver_import_keyid (ctrl_t ctrl,
return keyserver_get (ctrl, &desc, 1, keyserver, quick, NULL, NULL); return keyserver_get (ctrl, &desc, 1, keyserver, quick, NULL, NULL);
} }
/* code mostly stolen from do_export_stream */ /* code mostly stolen from do_export_stream */
static int static int
keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
int *count, int fakev3)
{ {
int rc = 0; int rc = 0;
int num = 100; int num = 100;
@ -1318,7 +1320,7 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
PKT_user_id *uid=NULL; PKT_user_id *uid=NULL;
PKT_signature *sig=NULL; PKT_signature *sig=NULL;
merge_keys_and_selfsig(keyblock); merge_keys_and_selfsig (ctrl, keyblock);
for(node=node->next;node;node=node->next) for(node=node->next;node;node=node->next)
{ {
@ -1401,7 +1403,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users)
ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0)) ascii_strcasecmp(opt.keyserver->scheme,"mailto")==0))
fakev3=1; fakev3=1;
err = keyidlist (users, &desc, &numdesc, fakev3); err = keyidlist (ctrl, users, &desc, &numdesc, fakev3);
if (err) if (err)
return err; return err;

59
g10/main.h
View File

@ -54,6 +54,7 @@
typedef struct typedef struct
{ {
ctrl_t ctrl;
int header_okay; int header_okay;
PK_LIST pk_list; PK_LIST pk_list;
DEK *symkey_dek; DEK *symkey_dek;
@ -237,12 +238,12 @@ void encrypt_crypt_files (ctrl_t ctrl,
int encrypt_filter (void *opaque, int control, int encrypt_filter (void *opaque, int control,
iobuf_t a, byte *buf, size_t *ret_len); iobuf_t a, byte *buf, size_t *ret_len);
int write_pubkey_enc (PKT_public_key *pk, int throw_keyid, int write_pubkey_enc (ctrl_t ctrl, PKT_public_key *pk, int throw_keyid,
DEK *dek, iobuf_t out); DEK *dek, iobuf_t out);
/*-- sign.c --*/ /*-- sign.c --*/
int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md, int complete_sig (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pksk,
const char *cache_nonce); gcry_md_hd_t md, const char *cache_nonce);
int sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, int sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
int do_encrypt, strlist_t remusr, const char *outfile ); int do_encrypt, strlist_t remusr, const char *outfile );
int clearsign_file (ctrl_t ctrl, int clearsign_file (ctrl_t ctrl,
@ -254,7 +255,7 @@ int sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr);
/* SIG is a revocation signature. Check if any of PK's designated /* SIG is a revocation signature. Check if any of PK's designated
revokers generated it. If so, return 0. Note: this function revokers generated it. If so, return 0. Note: this function
(correctly) doesn't care if the designated revoker is revoked. */ (correctly) doesn't care if the designated revoker is revoked. */
int check_revocation_keys (PKT_public_key *pk, PKT_signature *sig); int check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig);
/* Check that the backsig BACKSIG from the subkey SUB_PK to its /* Check that the backsig BACKSIG from the subkey SUB_PK to its
primary key MAIN_PK is valid. */ primary key MAIN_PK is valid. */
int check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk, int check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
@ -262,13 +263,14 @@ int check_backsig(PKT_public_key *main_pk,PKT_public_key *sub_pk,
/* Check that the signature SIG over a key (e.g., a key binding or a /* Check that the signature SIG over a key (e.g., a key binding or a
key revocation) is valid. (To check signatures over data, use key revocation) is valid. (To check signatures over data, use
check_signature.) */ check_signature.) */
int check_key_signature( KBNODE root, KBNODE sig, int *is_selfsig ); int check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t sig,
int *is_selfsig );
/* Like check_key_signature, but with the ability to specify some /* Like check_key_signature, but with the ability to specify some
additional parameters and get back additional information. See the additional parameters and get back additional information. See the
documentation for the implementation for details. */ documentation for the implementation for details. */
int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk, int check_key_signature2 (ctrl_t ctrl, kbnode_t root, kbnode_t node,
PKT_public_key *ret_pk, int *is_selfsig, PKT_public_key *check_pk, PKT_public_key *ret_pk,
u32 *r_expiredate, int *r_expired ); int *is_selfsig, u32 *r_expiredate, int *r_expired);
/* Returns whether SIGNER generated the signature SIG over the packet /* Returns whether SIGNER generated the signature SIG over the packet
PACKET, which is a key, subkey or uid, and comes from the key block PACKET, which is a key, subkey or uid, and comes from the key block
@ -276,7 +278,8 @@ int check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
SIG. If not NULL, sets *IS_SELFSIG to indicate whether the SIG. If not NULL, sets *IS_SELFSIG to indicate whether the
signature is a self-signature and *RET_PK to a copy of the signer's signature is a self-signature and *RET_PK to a copy of the signer's
key. */ key. */
gpg_error_t check_signature_over_key_or_uid (PKT_public_key *signer, gpg_error_t check_signature_over_key_or_uid (ctrl_t ctrl,
PKT_public_key *signer,
PKT_signature *sig, PKT_signature *sig,
KBNODE kb, PACKET *packet, KBNODE kb, PACKET *packet,
int *is_selfsig, int *is_selfsig,
@ -284,7 +287,8 @@ gpg_error_t check_signature_over_key_or_uid (PKT_public_key *signer,
/*-- delkey.c --*/ /*-- delkey.c --*/
gpg_error_t delete_keys (strlist_t names, int secret, int allow_both); gpg_error_t delete_keys (ctrl_t ctrl,
strlist_t names, int secret, int allow_both);
/*-- keyedit.c --*/ /*-- keyedit.c --*/
void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
@ -302,7 +306,7 @@ void keyedit_quick_set_expire (ctrl_t ctrl,
const char *fpr, const char *expirestr); const char *fpr, const char *expirestr);
void keyedit_quick_set_primary (ctrl_t ctrl, const char *username, void keyedit_quick_set_primary (ctrl_t ctrl, const char *username,
const char *primaryuid); const char *primaryuid);
void show_basic_key_info (KBNODE keyblock); void show_basic_key_info (ctrl_t ctrl, kbnode_t keyblock);
/*-- keygen.c --*/ /*-- keygen.c --*/
const char *get_default_pubkey_algo (void); const char *get_default_pubkey_algo (void);
@ -323,7 +327,8 @@ int keygen_upd_std_prefs( PKT_signature *sig, void *opaque );
int keygen_add_keyserver_url(PKT_signature *sig, void *opaque); int keygen_add_keyserver_url(PKT_signature *sig, void *opaque);
int keygen_add_notations(PKT_signature *sig,void *opaque); int keygen_add_notations(PKT_signature *sig,void *opaque);
int keygen_add_revkey(PKT_signature *sig, void *opaque); int keygen_add_revkey(PKT_signature *sig, void *opaque);
gpg_error_t make_backsig (PKT_signature *sig, PKT_public_key *pk, gpg_error_t make_backsig (ctrl_t ctrl,
PKT_signature *sig, PKT_public_key *pk,
PKT_public_key *sub_pk, PKT_public_key *sub_psk, PKT_public_key *sub_pk, PKT_public_key *sub_psk,
u32 timestamp, const char *cache_nonce); u32 timestamp, const char *cache_nonce);
gpg_error_t generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, gpg_error_t generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock,
@ -331,7 +336,7 @@ gpg_error_t generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock,
const char *usagestr, const char *usagestr,
const char *expirestr); const char *expirestr);
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
gpg_error_t generate_card_subkeypair (kbnode_t pub_keyblock, gpg_error_t generate_card_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock,
int keyno, const char *serialno); int keyno, const char *serialno);
#endif #endif
@ -382,6 +387,13 @@ gpg_error_t import_old_secring (ctrl_t ctrl, const char *fname);
import_stats_t import_new_stats_handle (void); import_stats_t import_new_stats_handle (void);
void import_release_stats_handle (import_stats_t hd); void import_release_stats_handle (import_stats_t hd);
void import_print_stats (import_stats_t hd); void import_print_stats (import_stats_t hd);
/* Communication for impex_filter_getval */
struct impex_filter_parm_s
{
ctrl_t ctrl;
kbnode_t node;
};
const char *impex_filter_getval (void *cookie, const char *propname); const char *impex_filter_getval (void *cookie, const char *propname);
gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats, gpg_error_t transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
kbnode_t sec_keyblock, int batch, int force); kbnode_t sec_keyblock, int batch, int force);
@ -430,8 +442,10 @@ int enarmor_file( const char *fname );
/*-- revoke.c --*/ /*-- revoke.c --*/
struct revocation_reason_info; struct revocation_reason_info;
int gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce);
int gen_revoke( const char *uname ); int gen_standard_revoke (ctrl_t ctrl,
PKT_public_key *psk, const char *cache_nonce);
int gen_revoke (ctrl_t ctrl, const char *uname);
int gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr); int gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr);
int revocation_reason_build_cb( PKT_signature *sig, void *opaque ); int revocation_reason_build_cb( PKT_signature *sig, void *opaque );
struct revocation_reason_info * struct revocation_reason_info *
@ -446,18 +460,19 @@ void print_subpackets_colon(PKT_signature *sig);
void reorder_keyblock (KBNODE keyblock); void reorder_keyblock (KBNODE keyblock);
void list_keyblock_direct (ctrl_t ctrl, kbnode_t keyblock, int secret, void list_keyblock_direct (ctrl_t ctrl, kbnode_t keyblock, int secret,
int has_secret, int fpr, int no_validity); int has_secret, int fpr, int no_validity);
void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode); void print_fingerprint (ctrl_t ctrl, estream_t fp,
PKT_public_key *pk, int mode);
void print_revokers (estream_t fp, PKT_public_key *pk); void print_revokers (estream_t fp, PKT_public_key *pk);
void show_policy_url(PKT_signature *sig,int indent,int mode); void show_policy_url(PKT_signature *sig,int indent,int mode);
void show_keyserver_url(PKT_signature *sig,int indent,int mode); void show_keyserver_url(PKT_signature *sig,int indent,int mode);
void show_notation(PKT_signature *sig,int indent,int mode,int which); void show_notation(PKT_signature *sig,int indent,int mode,int which);
void dump_attribs (const PKT_user_id *uid, PKT_public_key *pk); void dump_attribs (const PKT_user_id *uid, PKT_public_key *pk);
void set_attrib_fd(int fd); void set_attrib_fd(int fd);
char *format_seckey_info (PKT_public_key *pk); char *format_seckey_info (ctrl_t ctrl, PKT_public_key *pk);
void print_seckey_info (PKT_public_key *pk); void print_seckey_info (ctrl_t ctrl, PKT_public_key *pk);
void print_pubkey_info (estream_t fp, PKT_public_key *pk); void print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk);
void print_card_key_info (estream_t fp, KBNODE keyblock); void print_card_key_info (estream_t fp, KBNODE keyblock);
void print_key_line (estream_t fp, PKT_public_key *pk, int secret); void print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret);
/*-- verify.c --*/ /*-- verify.c --*/
void print_file_status( int status, const char *name, int what ); void print_file_status( int status, const char *name, int what );
@ -485,9 +500,9 @@ gpg_error_t gpg_proxy_pinentry_notify (ctrl_t ctrl,
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
/*-- card-util.c --*/ /*-- card-util.c --*/
void change_pin (int no, int allow_admin); void change_pin (int no, int allow_admin);
void card_status (estream_t fp, const char *serialno); void card_status (ctrl_t ctrl, estream_t fp, const char *serialno);
void card_edit (ctrl_t ctrl, strlist_t commands); void card_edit (ctrl_t ctrl, strlist_t commands);
gpg_error_t card_generate_subkey (KBNODE pub_keyblock); gpg_error_t card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock);
int card_store_subkey (KBNODE node, int use); int card_store_subkey (KBNODE node, int use);
#endif #endif

30
g10/mainproc.c
View File

@ -465,7 +465,7 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt)
* not decrypt. * not decrypt.
*/ */
static void static void
print_pkenc_list (struct kidlist_item *list, int failed) print_pkenc_list (ctrl_t ctrl, struct kidlist_item *list, int failed)
{ {
for (; list; list = list->next) for (; list; list = list->next)
{ {
@ -483,13 +483,13 @@ print_pkenc_list (struct kidlist_item *list, int failed)
if (!algstr) if (!algstr)
algstr = "[?]"; algstr = "[?]";
pk->pubkey_algo = list->pubkey_algo; pk->pubkey_algo = list->pubkey_algo;
if (!get_pubkey (pk, list->kid)) if (!get_pubkey (ctrl, pk, list->kid))
{ {
char *p; char *p;
log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"), log_info (_("encrypted with %u-bit %s key, ID %s, created %s\n"),
nbits_from_pk (pk), algstr, keystr_from_pk(pk), nbits_from_pk (pk), algstr, keystr_from_pk(pk),
strtimestamp (pk->timestamp)); strtimestamp (pk->timestamp));
p = get_user_id_native (list->kid); p = get_user_id_native (ctrl, list->kid);
log_printf (_(" \"%s\"\n"), p); log_printf (_(" \"%s\"\n"), p);
xfree (p); xfree (p);
} }
@ -530,8 +530,8 @@ proc_encrypted (CTX c, PACKET *pkt)
log_info (_("encrypted with %lu passphrases\n"), c->symkeys); log_info (_("encrypted with %lu passphrases\n"), c->symkeys);
else if (c->symkeys == 1) else if (c->symkeys == 1)
log_info (_("encrypted with 1 passphrase\n")); log_info (_("encrypted with 1 passphrase\n"));
print_pkenc_list ( c->pkenc_list, 1 ); print_pkenc_list (c->ctrl, c->pkenc_list, 1 );
print_pkenc_list ( c->pkenc_list, 0 ); print_pkenc_list (c->ctrl, c->pkenc_list, 0 );
} }
/* FIXME: Figure out the session key by looking at all pkenc packets. */ /* FIXME: Figure out the session key by looking at all pkenc packets. */
@ -916,7 +916,7 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
if (c->list->pkt->pkttype == PKT_PUBLIC_KEY if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
|| c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY) || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{ {
return check_key_signature( c->list, node, is_selfsig ); return check_key_signature (c->ctrl, c->list, node, is_selfsig);
} }
else if (sig->sig_class == 0x20) else if (sig->sig_class == 0x20)
{ {
@ -935,14 +935,14 @@ do_check_sig (CTX c, kbnode_t node, int *is_selfsig,
/* We only get here if we are checking the signature of a binary /* We only get here if we are checking the signature of a binary
(0x00) or text document (0x01). */ (0x00) or text document (0x01). */
rc = check_signature2 (sig, md, NULL, is_expkey, is_revkey, r_pk); rc = check_signature2 (c->ctrl, sig, md, NULL, is_expkey, is_revkey, r_pk);
if (! rc) if (! rc)
md_good = md; md_good = md;
else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2) else if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE && md2)
{ {
PKT_public_key *pk2; PKT_public_key *pk2;
rc = check_signature2 (sig, md2, NULL, is_expkey, is_revkey, rc = check_signature2 (c->ctrl, sig, md2, NULL, is_expkey, is_revkey,
r_pk? &pk2 : NULL); r_pk? &pk2 : NULL);
if (!rc) if (!rc)
{ {
@ -1032,19 +1032,19 @@ list_node (CTX c, kbnode_t node)
colon_datestr_from_pk( pk ), colon_datestr_from_pk( pk ),
colon_strtime (pk->expiredate) ); colon_strtime (pk->expiredate) );
if (pk->flags.primary && !opt.fast_list_mode) if (pk->flags.primary && !opt.fast_list_mode)
es_putc (get_ownertrust_info (pk, 1), es_stdout); es_putc (get_ownertrust_info (c->ctrl, pk, 1), es_stdout);
es_putc (':', es_stdout); es_putc (':', es_stdout);
es_putc ('\n', es_stdout); es_putc ('\n', es_stdout);
} }
else else
{ {
print_key_line (es_stdout, pk, 0); print_key_line (c->ctrl, es_stdout, pk, 0);
} }
if (opt.keyid_format == KF_NONE && !opt.with_colons) if (opt.keyid_format == KF_NONE && !opt.with_colons)
; /* Already printed. */ ; /* Already printed. */
else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1) else if ((pk->flags.primary && opt.fingerprint) || opt.fingerprint > 1)
print_fingerprint (NULL, pk, 0); print_fingerprint (c->ctrl, NULL, pk, 0);
if (pk->flags.primary) if (pk->flags.primary)
{ {
@ -1165,7 +1165,7 @@ list_node (CTX c, kbnode_t node)
} }
else if (!opt.fast_list_mode) else if (!opt.fast_list_mode)
{ {
p = get_user_id (sig->keyid, &n); p = get_user_id (c->ctrl, sig->keyid, &n);
es_write_sanitized (es_stdout, p, n, es_write_sanitized (es_stdout, p, n,
opt.with_colons?":":NULL, NULL ); opt.with_colons?":":NULL, NULL );
xfree (p); xfree (p);
@ -1928,7 +1928,7 @@ check_sig_and_print (CTX c, kbnode_t node)
* keyboock has already been fetched. Thus we could use the * keyboock has already been fetched. Thus we could use the
* fingerprint or PK itself to lookup the entire keyblock. That * fingerprint or PK itself to lookup the entire keyblock. That
* would best be done with a cache. */ * would best be done with a cache. */
keyblock = get_pubkeyblock (sig->keyid); keyblock = get_pubkeyblock (c->ctrl, sig->keyid);
snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ", snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX [uncertain] ",
(ulong)sig->keyid[0], (ulong)sig->keyid[1]); (ulong)sig->keyid[0], (ulong)sig->keyid[1]);
@ -2254,12 +2254,12 @@ proc_tree (CTX c, kbnode_t node)
if (node->pkt->pkttype == PKT_PUBLIC_KEY if (node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY) || node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{ {
merge_keys_and_selfsig (node); merge_keys_and_selfsig (c->ctrl, node);
list_node (c, node); list_node (c, node);
} }
else if (node->pkt->pkttype == PKT_SECRET_KEY) else if (node->pkt->pkttype == PKT_SECRET_KEY)
{ {
merge_keys_and_selfsig (node); merge_keys_and_selfsig (c->ctrl, node);
list_node (c, node); list_node (c, node);
} }
else if (node->pkt->pkttype == PKT_ONEPASS_SIG) else if (node->pkt->pkttype == PKT_ONEPASS_SIG)

13
g10/packet.h
View File

@ -428,7 +428,7 @@ typedef struct
there is no disable value cached, fill one in. */ there is no disable value cached, fill one in. */
#define pk_is_disabled(a) \ #define pk_is_disabled(a) \
(((a)->flags.disabled_valid)? \ (((a)->flags.disabled_valid)? \
((a)->flags.disabled):(cache_disabled_value((a)))) ((a)->flags.disabled):(cache_disabled_value(ctrl,(a))))
typedef struct { typedef struct {
@ -853,14 +853,15 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/ /*-- sig-check.c --*/
/* Check a signature. This is shorthand for check_signature2 with /* Check a signature. This is shorthand for check_signature2 with
the unnamed arguments passed as NULL. */ the unnamed arguments passed as NULL. */
int check_signature (PKT_signature *sig, gcry_md_hd_t digest); int check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest);
/* Check a signature. Looks up the public key from the key db. (If /* Check a signature. Looks up the public key from the key db. (If
* R_PK is not NULL, it is stored at RET_PK.) DIGEST contains a * R_PK is not NULL, it is stored at RET_PK.) DIGEST contains a
* valid hash context that already includes the signed data. This * valid hash context that already includes the signed data. This
* function adds the relevant meta-data to the hash before finalizing * function adds the relevant meta-data to the hash before finalizing
* it and verifying the signature. */ * it and verifying the signature. */
gpg_error_t check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, gpg_error_t check_signature2 (ctrl_t ctrl,
PKT_signature *sig, gcry_md_hd_t digest,
u32 *r_expiredate, int *r_expired, int *r_revoked, u32 *r_expiredate, int *r_expired, int *r_revoked,
PKT_public_key **r_pk); PKT_public_key **r_pk);
@ -885,14 +886,16 @@ int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2,
const char *inname, int textmode ); const char *inname, int textmode );
/*-- sign.c --*/ /*-- sign.c --*/
int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, int make_keysig_packet (ctrl_t ctrl,
PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk, PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk, int sigclass, int digest_algo, PKT_public_key *pksk, int sigclass, int digest_algo,
u32 timestamp, u32 duration, u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *), int (*mksubpkt)(PKT_signature *, void *),
void *opaque, void *opaque,
const char *cache_nonce); const char *cache_nonce);
gpg_error_t update_keysig_packet (PKT_signature **ret_sig, gpg_error_t update_keysig_packet (ctrl_t ctrl,
PKT_signature **ret_sig,
PKT_signature *orig_sig, PKT_signature *orig_sig,
PKT_public_key *pk, PKT_public_key *pk,
PKT_user_id *uid, PKT_user_id *uid,

9
g10/passphrase.c
View File

@ -441,12 +441,13 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
/* Emit the USERID_HINT and the NEED_PASSPHRASE status messages. /* Emit the USERID_HINT and the NEED_PASSPHRASE status messages.
MAINKEYID may be NULL. */ MAINKEYID may be NULL. */
void void
emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo) emit_status_need_passphrase (ctrl_t ctrl,
u32 *keyid, u32 *mainkeyid, int pubkey_algo)
{ {
char buf[50]; char buf[50];
char *us; char *us;
us = get_long_user_id_string (keyid); us = get_long_user_id_string (ctrl, keyid);
write_status_text (STATUS_USERID_HINT, us); write_status_text (STATUS_USERID_HINT, us);
xfree (us); xfree (us);
@ -466,7 +467,7 @@ emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo)
MODE describes the use of the key description; use one of the MODE describes the use of the key description; use one of the
FORMAT_KEYDESC_ macros. */ FORMAT_KEYDESC_ macros. */
char * char *
gpg_format_keydesc (PKT_public_key *pk, int mode, int escaped) gpg_format_keydesc (ctrl_t ctrl, PKT_public_key *pk, int mode, int escaped)
{ {
char *uid; char *uid;
size_t uidlen; size_t uidlen;
@ -484,7 +485,7 @@ gpg_format_keydesc (PKT_public_key *pk, int mode, int escaped)
&& pk->keyid[1] != pk->main_keyid[1]); && pk->keyid[1] != pk->main_keyid[1]);
algo_name = openpgp_pk_algo_name (pk->pubkey_algo); algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
timestr = strtimestamp (pk->timestamp); timestr = strtimestamp (pk->timestamp);
uid = get_user_id (is_subkey? pk->main_keyid:pk->keyid, &uidlen); uid = get_user_id (ctrl, is_subkey? pk->main_keyid:pk->keyid, &uidlen);
orig_codeset = i18n_switchto_utf8 (); orig_codeset = i18n_switchto_utf8 ();

58
g10/pkclist.c
View File

@ -110,7 +110,7 @@ do_show_revocation_reason( PKT_signature *sig )
subkeys, etc.) Mode 1: use only the revocation on the main pk */ subkeys, etc.) Mode 1: use only the revocation on the main pk */
void void
show_revocation_reason( PKT_public_key *pk, int mode ) show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode)
{ {
/* Hmmm, this is not so easy because we have to duplicate the code /* Hmmm, this is not so easy because we have to duplicate the code
* used in the trustbd to calculate the keyflags. We need to find * used in the trustbd to calculate the keyflags. We need to find
@ -127,7 +127,7 @@ show_revocation_reason( PKT_public_key *pk, int mode )
/* get the keyblock */ /* get the keyblock */
fingerprint_from_pk( pk, fingerprint, &fingerlen ); fingerprint_from_pk( pk, fingerprint, &fingerlen );
rc = get_pubkey_byfprint(NULL, &keyblock, fingerprint, fingerlen); rc = get_pubkey_byfprint (ctrl, NULL, &keyblock, fingerprint, fingerlen);
if( rc ) { /* that should never happen */ if( rc ) { /* that should never happen */
log_debug( "failed to get the keyblock\n"); log_debug( "failed to get the keyblock\n");
return; return;
@ -160,7 +160,7 @@ show_revocation_reason( PKT_public_key *pk, int mode )
/* We didn't find it, so check if the whole key is revoked */ /* We didn't find it, so check if the whole key is revoked */
if(!node && !mode) if(!node && !mode)
show_revocation_reason(pk,1); show_revocation_reason (ctrl, pk, 1);
release_kbnode( keyblock ); release_kbnode( keyblock );
} }
@ -188,7 +188,7 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
int show=0; int show=0;
int min_num; int min_num;
int did_help=defer_help; int did_help=defer_help;
unsigned int minimum = tdb_get_min_ownertrust (pk, 0); unsigned int minimum = tdb_get_min_ownertrust (ctrl, pk, 0);
switch(minimum) switch(minimum)
{ {
@ -222,13 +222,13 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
KBNODE keyblock, un; KBNODE keyblock, un;
tty_printf (_("No trust value assigned to:\n")); tty_printf (_("No trust value assigned to:\n"));
print_key_line (NULL, pk, 0); print_key_line (ctrl, NULL, pk, 0);
p = get_user_id_native(keyid); p = get_user_id_native (ctrl, keyid);
tty_printf (_(" \"%s\"\n"),p); tty_printf (_(" \"%s\"\n"),p);
xfree (p); xfree (p);
keyblock = get_pubkeyblock (keyid); keyblock = get_pubkeyblock (ctrl, keyid);
if (!keyblock) if (!keyblock)
BUG (); BUG ();
for (un=keyblock; un; un = un->next) for (un=keyblock; un; un = un->next)
@ -257,7 +257,7 @@ do_edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode,
tty_printf(_(" aka \"%s\"\n"),p); tty_printf(_(" aka \"%s\"\n"),p);
} }
print_fingerprint (NULL, pk, 2); print_fingerprint (ctrl, NULL, pk, 2);
tty_printf("\n"); tty_printf("\n");
release_kbnode (keyblock); release_kbnode (keyblock);
} }
@ -391,8 +391,8 @@ edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode )
break; break;
case 1: /* trust value set */ case 1: /* trust value set */
trust &= ~TRUST_FLAG_DISABLED; trust &= ~TRUST_FLAG_DISABLED;
trust |= get_ownertrust (pk) & TRUST_FLAG_DISABLED; trust |= get_ownertrust (ctrl, pk) & TRUST_FLAG_DISABLED;
update_ownertrust (pk, trust ); update_ownertrust (ctrl, pk, trust );
return 1; return 1;
default: default:
return 0; return 0;
@ -467,7 +467,7 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
* key anyway. * key anyway.
*/ */
static int static int
do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel ) do_we_trust_pre (ctrl_t ctrl, PKT_public_key *pk, unsigned int trustlevel )
{ {
int rc; int rc;
@ -475,8 +475,8 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
if( !opt.batch && !rc ) if( !opt.batch && !rc )
{ {
print_pubkey_info(NULL,pk); print_pubkey_info (ctrl, NULL,pk);
print_fingerprint (NULL, pk, 2); print_fingerprint (ctrl, NULL, pk, 2);
tty_printf("\n"); tty_printf("\n");
if ((trustlevel & TRUST_MASK) == TRUST_NEVER) if ((trustlevel & TRUST_MASK) == TRUST_NEVER)
@ -499,7 +499,7 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
char *hint_str; char *hint_str;
keyid_from_pk (pk, kid); keyid_from_pk (pk, kid);
hint_str = get_long_user_id_string ( kid ); hint_str = get_long_user_id_string (ctrl, kid);
write_status_text ( STATUS_USERID_HINT, hint_str ); write_status_text ( STATUS_USERID_HINT, hint_str );
xfree (hint_str); xfree (hint_str);
} }
@ -548,7 +548,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
unsigned int trustlevel = TRUST_UNKNOWN; unsigned int trustlevel = TRUST_UNKNOWN;
int rc=0; int rc=0;
rc = get_pubkey( pk, sig->keyid ); rc = get_pubkey (ctrl, pk, sig->keyid );
if (rc) if (rc)
{ /* this should not happen */ { /* this should not happen */
log_error("Ooops; the key vanished - can't check the trust\n"); log_error("Ooops; the key vanished - can't check the trust\n");
@ -561,7 +561,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
if( !opt.quiet ) if( !opt.quiet )
log_info(_("WARNING: Using untrusted key!\n")); log_info(_("WARNING: Using untrusted key!\n"));
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1); print_fingerprint (ctrl, NULL, pk, 1);
goto leave; goto leave;
} }
@ -580,13 +580,13 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
else else
log_info(_("WARNING: This key has been revoked by its owner!\n")); log_info(_("WARNING: This key has been revoked by its owner!\n"));
log_info(_(" This could mean that the signature is forged.\n")); log_info(_(" This could mean that the signature is forged.\n"));
show_revocation_reason( pk, 0 ); show_revocation_reason (ctrl, pk, 0);
} }
else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) ) else if ((trustlevel & TRUST_FLAG_SUB_REVOKED) )
{ {
write_status( STATUS_KEYREVOKED ); write_status( STATUS_KEYREVOKED );
log_info(_("WARNING: This subkey has been revoked by its owner!\n")); log_info(_("WARNING: This subkey has been revoked by its owner!\n"));
show_revocation_reason( pk, 0 ); show_revocation_reason (ctrl, pk, 0);
} }
if ((trustlevel & TRUST_FLAG_DISABLED)) if ((trustlevel & TRUST_FLAG_DISABLED))
@ -602,7 +602,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
primary_pk = xmalloc_clear (sizeof *primary_pk); primary_pk = xmalloc_clear (sizeof *primary_pk);
get_pubkey (primary_pk, pk->main_keyid); get_pubkey (ctrl, primary_pk, pk->main_keyid);
fingerprint_from_pk (primary_pk, fpr, &fprlen); fingerprint_from_pk (primary_pk, fpr, &fprlen);
free_public_key (primary_pk); free_public_key (primary_pk);
@ -649,7 +649,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
{ {
case TRUST_EXPIRED: case TRUST_EXPIRED:
log_info(_("Note: This key has expired!\n")); log_info(_("Note: This key has expired!\n"));
print_fingerprint (NULL, pk, 1); print_fingerprint (ctrl, NULL, pk, 1);
break; break;
default: default:
@ -663,7 +663,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
" a trusted signature!\n")); " a trusted signature!\n"));
log_info(_(" There is no indication that the " log_info(_(" There is no indication that the "
"signature belongs to the owner.\n" )); "signature belongs to the owner.\n" ));
print_fingerprint (NULL, pk, 1); print_fingerprint (ctrl, NULL, pk, 1);
break; break;
case TRUST_NEVER: case TRUST_NEVER:
@ -673,7 +673,7 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
log_info(_("WARNING: We do NOT trust this key!\n")); log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n")); log_info(_(" The signature is probably a FORGERY.\n"));
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1); print_fingerprint (ctrl, NULL, pk, 1);
rc = gpg_error (GPG_ERR_BAD_SIGNATURE); rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
break; break;
@ -683,19 +683,19 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
" sufficiently trusted signatures!\n")); " sufficiently trusted signatures!\n"));
log_info(_(" It is not certain that the" log_info(_(" It is not certain that the"
" signature belongs to the owner.\n" )); " signature belongs to the owner.\n" ));
print_fingerprint (NULL, pk, 1); print_fingerprint (ctrl, NULL, pk, 1);
break; break;
case TRUST_FULLY: case TRUST_FULLY:
write_trust_status (STATUS_TRUST_FULLY, trustlevel); write_trust_status (STATUS_TRUST_FULLY, trustlevel);
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1); print_fingerprint (ctrl, NULL, pk, 1);
break; break;
case TRUST_ULTIMATE: case TRUST_ULTIMATE:
write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel); write_trust_status (STATUS_TRUST_ULTIMATE, trustlevel);
if (opt.with_fingerprint) if (opt.with_fingerprint)
print_fingerprint (NULL, pk, 1); print_fingerprint (ctrl, NULL, pk, 1);
break; break;
} }
@ -882,7 +882,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
return GPG_ERR_UNUSABLE_PUBKEY; return GPG_ERR_UNUSABLE_PUBKEY;
} }
if ( !do_we_trust_pre (pk, trustlevel) ) if ( !do_we_trust_pre (ctrl, pk, trustlevel) )
{ {
/* We don't trust this key. */ /* We don't trust this key. */
send_status_inv_recp (10, name); send_status_inv_recp (10, name);
@ -1151,8 +1151,8 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
else else
{ {
size_t n; size_t n;
char *p = get_user_id( keyid, &n ); char *p = get_user_id (ctrl, keyid, &n );
tty_print_utf8_string( p, n ); tty_print_utf8_string ( p, n );
xfree(p); xfree(p);
} }
tty_printf("\"\n"); tty_printf("\"\n");
@ -1218,7 +1218,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
{ {
tty_printf (_("Public key is disabled.\n") ); tty_printf (_("Public key is disabled.\n") );
} }
else if ( do_we_trust_pre (pk, trustlevel) ) else if ( do_we_trust_pre (ctrl, pk, trustlevel) )
{ {
/* Skip the actual key if the key is already /* Skip the actual key if the key is already
* present in the list */ * present in the list */

19
g10/pubkey-enc.c
View File

@ -37,7 +37,7 @@
#include "../common/host2net.h" #include "../common/host2net.h"
static gpg_error_t get_it (PKT_pubkey_enc *k, static gpg_error_t get_it (ctrl_t ctrl, PKT_pubkey_enc *k,
DEK *dek, PKT_public_key *sk, u32 *keyid); DEK *dek, PKT_public_key *sk, u32 *keyid);
@ -87,8 +87,8 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
{ {
sk = xmalloc_clear (sizeof *sk); sk = xmalloc_clear (sizeof *sk);
sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */ sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */
if (!(rc = get_seckey (sk, k->keyid))) if (!(rc = get_seckey (ctrl, sk, k->keyid)))
rc = get_it (k, dek, sk, k->keyid); rc = get_it (ctrl, k, dek, sk, k->keyid);
} }
else if (opt.skip_hidden_recipients) else if (opt.skip_hidden_recipients)
rc = gpg_error (GPG_ERR_NO_SECKEY); rc = gpg_error (GPG_ERR_NO_SECKEY);
@ -116,7 +116,7 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
log_info (_("anonymous recipient; trying secret key %s ...\n"), log_info (_("anonymous recipient; trying secret key %s ...\n"),
keystr (keyid)); keystr (keyid));
rc = get_it (k, dek, sk, keyid); rc = get_it (ctrl, k, dek, sk, keyid);
if (!rc) if (!rc)
{ {
if (!opt.quiet) if (!opt.quiet)
@ -138,7 +138,8 @@ leave:
static gpg_error_t static gpg_error_t
get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) get_it (ctrl_t ctrl,
PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
{ {
gpg_error_t err; gpg_error_t err;
byte *frame = NULL; byte *frame = NULL;
@ -200,7 +201,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
} }
/* Decrypt. */ /* Decrypt. */
desc = gpg_format_keydesc (sk, FORMAT_KEYDESC_NORMAL, 1); desc = gpg_format_keydesc (ctrl, sk, FORMAT_KEYDESC_NORMAL, 1);
err = agent_pkdecrypt (NULL, keygrip, err = agent_pkdecrypt (NULL, keygrip,
desc, sk->keyid, sk->main_keyid, sk->pubkey_algo, desc, sk->keyid, sk->main_keyid, sk->pubkey_algo,
s_data, &frame, &nframe, &padding); s_data, &frame, &nframe, &padding);
@ -340,7 +341,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
{ {
PKT_public_key *pk = NULL; PKT_public_key *pk = NULL;
PKT_public_key *mainpk = NULL; PKT_public_key *mainpk = NULL;
KBNODE pkb = get_pubkeyblock (keyid); KBNODE pkb = get_pubkeyblock (ctrl, keyid);
if (!pkb) if (!pkb)
{ {
@ -393,7 +394,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
{ {
log_info (_("Note: key has been revoked")); log_info (_("Note: key has been revoked"));
log_printf ("\n"); log_printf ("\n");
show_revocation_reason (pk, 1); show_revocation_reason (ctrl, pk, 1);
} }
if (is_status_enabled () && pk && mainpk) if (is_status_enabled () && pk && mainpk)
@ -410,7 +411,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
* value is irrelevant. */ * value is irrelevant. */
write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c", write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
pkhex, mainpkhex, pkhex, mainpkhex,
get_ownertrust_info (mainpk, 1)); get_ownertrust_info (ctrl, mainpk, 1));
} }

36
g10/revoke.c
View File

@ -238,7 +238,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
} }
/* To parse the revkeys */ /* To parse the revkeys */
merge_keys_and_selfsig(keyblock); merge_keys_and_selfsig (ctrl, keyblock);
/* get the key from the keyblock */ /* get the key from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
@ -294,7 +294,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
else else
{ {
pk2 = xmalloc_clear (sizeof *pk2); pk2 = xmalloc_clear (sizeof *pk2);
rc = get_pubkey_byfprint (pk2, NULL, rc = get_pubkey_byfprint (ctrl, pk2, NULL,
pk->revkey[i].fpr, MAX_FINGERPRINT_LEN); pk->revkey[i].fpr, MAX_FINGERPRINT_LEN);
} }
@ -305,11 +305,11 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
any = 1; any = 1;
print_pubkey_info (NULL, pk); print_pubkey_info (ctrl, NULL, pk);
tty_printf ("\n"); tty_printf ("\n");
tty_printf (_("To be revoked by:\n")); tty_printf (_("To be revoked by:\n"));
print_seckey_info (pk2); print_seckey_info (ctrl, pk2);
if(pk->revkey[i].class&0x40) if(pk->revkey[i].class&0x40)
tty_printf(_("(This is a sensitive revocation key)\n")); tty_printf(_("(This is a sensitive revocation key)\n"));
@ -343,7 +343,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
push_armor_filter (afx, out); push_armor_filter (afx, out);
/* create it */ /* create it */
rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0, rc = make_keysig_packet (ctrl, &sig, pk, NULL, NULL, pk2, 0x20, 0,
0, 0, 0, 0,
revocation_reason_build_cb, reason, revocation_reason_build_cb, reason,
NULL); NULL);
@ -445,7 +445,8 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr)
just the naked revocation signature; it may be NULL. If LEADINTEXT just the naked revocation signature; it may be NULL. If LEADINTEXT
is not NULL, it is written right before the (armored) output.*/ is not NULL, it is written right before the (armored) output.*/
static int static int
create_revocation (const char *filename, create_revocation (ctrl_t ctrl,
const char *filename,
struct revocation_reason_info *reason, struct revocation_reason_info *reason,
PKT_public_key *psk, PKT_public_key *psk,
kbnode_t keyblock, kbnode_t keyblock,
@ -470,7 +471,7 @@ create_revocation (const char *filename,
afx->hdrlines = "Comment: This is a revocation certificate\n"; afx->hdrlines = "Comment: This is a revocation certificate\n";
push_armor_filter (afx, out); push_armor_filter (afx, out);
rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0, rc = make_keysig_packet (ctrl, &sig, psk, NULL, NULL, psk, 0x20, 0,
0, 0, 0, 0,
revocation_reason_build_cb, reason, cache_nonce); revocation_reason_build_cb, reason, cache_nonce);
if (rc) if (rc)
@ -520,7 +521,7 @@ create_revocation (const char *filename,
key must be available. CACHE_NONCE is optional but can be used to key must be available. CACHE_NONCE is optional but can be used to
help gpg-agent to avoid an extra passphrase prompt. */ help gpg-agent to avoid an extra passphrase prompt. */
int int
gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) gen_standard_revoke (ctrl_t ctrl, PKT_public_key *psk, const char *cache_nonce)
{ {
int rc; int rc;
estream_t memfp; estream_t memfp;
@ -549,14 +550,14 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce)
es_fprintf (memfp, "%s\n\n", es_fprintf (memfp, "%s\n\n",
_("This is a revocation certificate for the OpenPGP key:")); _("This is a revocation certificate for the OpenPGP key:"));
print_key_line (memfp, psk, 0); print_key_line (ctrl, memfp, psk, 0);
if (opt.keyid_format != KF_NONE) if (opt.keyid_format != KF_NONE)
print_fingerprint (memfp, psk, 3); print_fingerprint (ctrl, memfp, psk, 3);
kl = opt.keyid_format == KF_NONE? 0 : keystrlen (); kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
tmpstr = get_user_id (keyid, &len); tmpstr = get_user_id (ctrl, keyid, &len);
es_fprintf (memfp, "uid%*s%.*s\n\n", es_fprintf (memfp, "uid%*s%.*s\n\n",
kl + 10, "", kl + 10, "",
(int)len, tmpstr); (int)len, tmpstr);
@ -585,7 +586,8 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce)
reason.code = 0x00; /* No particular reason. */ reason.code = 0x00; /* No particular reason. */
reason.desc = NULL; reason.desc = NULL;
rc = create_revocation (fname, &reason, psk, NULL, leadin, 3, cache_nonce); rc = create_revocation (ctrl,
fname, &reason, psk, NULL, leadin, 3, cache_nonce);
if (!rc && !opt.quiet) if (!rc && !opt.quiet)
log_info (_("revocation certificate stored as '%s.rev'\n"), fname); log_info (_("revocation certificate stored as '%s.rev'\n"), fname);
@ -601,7 +603,7 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce)
* Generate a revocation certificate for UNAME * Generate a revocation certificate for UNAME
*/ */
int int
gen_revoke (const char *uname) gen_revoke (ctrl_t ctrl, const char *uname)
{ {
int rc = 0; int rc = 0;
PKT_public_key *psk; PKT_public_key *psk;
@ -660,7 +662,7 @@ gen_revoke (const char *uname)
lines with secret key infos are printed after this message. */ lines with secret key infos are printed after this message. */
log_error (_("'%s' matches multiple secret keys:\n"), uname); log_error (_("'%s' matches multiple secret keys:\n"), uname);
info = format_seckey_info (keyblock->pkt->pkt.public_key); info = format_seckey_info (ctrl, keyblock->pkt->pkt.public_key);
log_error (" %s\n", info); log_error (" %s\n", info);
xfree (info); xfree (info);
release_kbnode (keyblock); release_kbnode (keyblock);
@ -668,7 +670,7 @@ gen_revoke (const char *uname)
rc = keydb_get_keyblock (kdbhd, &keyblock); rc = keydb_get_keyblock (kdbhd, &keyblock);
while (! rc) while (! rc)
{ {
info = format_seckey_info (keyblock->pkt->pkt.public_key); info = format_seckey_info (ctrl, keyblock->pkt->pkt.public_key);
log_info (" %s\n", info); log_info (" %s\n", info);
xfree (info); xfree (info);
release_kbnode (keyblock); release_kbnode (keyblock);
@ -704,7 +706,7 @@ gen_revoke (const char *uname)
} }
keyid_from_pk (psk, keyid ); keyid_from_pk (psk, keyid );
print_seckey_info (psk); print_seckey_info (ctrl, psk);
tty_printf("\n"); tty_printf("\n");
if (!cpr_get_answer_is_yes ("gen_revoke.okay", if (!cpr_get_answer_is_yes ("gen_revoke.okay",
@ -726,7 +728,7 @@ gen_revoke (const char *uname)
if (!opt.armor) if (!opt.armor)
tty_printf (_("ASCII armored output forced.\n")); tty_printf (_("ASCII armored output forced.\n"));
rc = create_revocation (NULL, reason, psk, keyblock, NULL, 0, NULL); rc = create_revocation (ctrl, NULL, reason, psk, keyblock, NULL, 0, NULL);
if (rc) if (rc)
goto leave; goto leave;

42
g10/sig-check.c
View File

@ -45,9 +45,9 @@ static int check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
/* Check a signature. This is shorthand for check_signature2 with /* Check a signature. This is shorthand for check_signature2 with
the unnamed arguments passed as NULL. */ the unnamed arguments passed as NULL. */
int int
check_signature (PKT_signature *sig, gcry_md_hd_t digest) check_signature (ctrl_t ctrl, PKT_signature *sig, gcry_md_hd_t digest)
{ {
return check_signature2 (sig, digest, NULL, NULL, NULL, NULL); return check_signature2 (ctrl, sig, digest, NULL, NULL, NULL, NULL);
} }
@ -89,7 +89,8 @@ check_signature (PKT_signature *sig, gcry_md_hd_t digest)
* *
* Returns 0 on success. An error code otherwise. */ * Returns 0 on success. An error code otherwise. */
gpg_error_t gpg_error_t
check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, check_signature2 (ctrl_t ctrl,
PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
int *r_expired, int *r_revoked, PKT_public_key **r_pk) int *r_expired, int *r_revoked, PKT_public_key **r_pk)
{ {
int rc=0; int rc=0;
@ -122,7 +123,7 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
log_info(_("WARNING: signature digest conflict in message\n")); log_info(_("WARNING: signature digest conflict in message\n"));
rc = gpg_error (GPG_ERR_GENERAL); rc = gpg_error (GPG_ERR_GENERAL);
} }
else if( get_pubkey( pk, sig->keyid ) ) else if( get_pubkey (ctrl, pk, sig->keyid ) )
rc = gpg_error (GPG_ERR_NO_PUBKEY); rc = gpg_error (GPG_ERR_NO_PUBKEY);
else if(!pk->flags.valid) else if(!pk->flags.valid)
{ {
@ -560,7 +561,7 @@ cache_sig_result ( PKT_signature *sig, int result )
* revoked, B is still revoked. I'm not completely convinced this is * revoked, B is still revoked. I'm not completely convinced this is
* the proper behavior, but it matches how PGP does it. -dms */ * the proper behavior, but it matches how PGP does it. -dms */
int int
check_revocation_keys (PKT_public_key *pk, PKT_signature *sig) check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
{ {
static int busy=0; static int busy=0;
int i; int i;
@ -616,7 +617,8 @@ check_revocation_keys (PKT_public_key *pk, PKT_signature *sig)
/* The revoker's keyid. */ /* The revoker's keyid. */
u32 keyid[2]; u32 keyid[2];
keyid_from_fingerprint(pk->revkey[i].fpr,MAX_FINGERPRINT_LEN,keyid); keyid_from_fingerprint (ctrl, pk->revkey[i].fpr,
MAX_FINGERPRINT_LEN, keyid);
if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1]) if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
/* The signature was generated by a designated revoker. /* The signature was generated by a designated revoker.
@ -629,7 +631,7 @@ check_revocation_keys (PKT_public_key *pk, PKT_signature *sig)
hash_public_key(md,pk); hash_public_key(md,pk);
/* Note: check_signature only checks that the signature /* Note: check_signature only checks that the signature
is good. It does not fail if the key is revoked. */ is good. It does not fail if the key is revoked. */
rc=check_signature(sig,md); rc = check_signature (ctrl, sig, md);
cache_sig_result(sig,rc); cache_sig_result(sig,rc);
gcry_md_close (md); gcry_md_close (md);
break; break;
@ -685,9 +687,11 @@ check_backsig (PKT_public_key *main_pk,PKT_public_key *sub_pk,
* passed as NULL. See the documentation for that function for more * passed as NULL. See the documentation for that function for more
* details. */ * details. */
int int
check_key_signature (KBNODE root, KBNODE node, int *is_selfsig) check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t node,
int *is_selfsig)
{ {
return check_key_signature2 (root, node, NULL, NULL, is_selfsig, NULL, NULL); return check_key_signature2 (ctrl, root, node, NULL, NULL,
is_selfsig, NULL, NULL);
} }
@ -725,7 +729,7 @@ check_key_signature (KBNODE root, KBNODE node, int *is_selfsig)
generated the signature (i.e., the signer) on success. This must generated the signature (i.e., the signer) on success. This must
be released by the caller using release_public_key_parts (). */ be released by the caller using release_public_key_parts (). */
gpg_error_t gpg_error_t
check_signature_over_key_or_uid (PKT_public_key *signer, check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
PKT_signature *sig, KBNODE kb, PACKET *packet, PKT_signature *sig, KBNODE kb, PACKET *packet,
int *is_selfsig, PKT_public_key *ret_pk) int *is_selfsig, PKT_public_key *ret_pk)
{ {
@ -841,7 +845,7 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
signer_alloced = 2; signer_alloced = 2;
} }
rc = get_pubkey (signer, sig->keyid); rc = get_pubkey (ctrl, signer, sig->keyid);
if (rc) if (rc)
{ {
xfree (signer); xfree (signer);
@ -957,7 +961,8 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
* TODO: add r_revoked here as well. It has the same problems as * TODO: add r_revoked here as well. It has the same problems as
* r_expiredate and r_expired and the cache. */ * r_expiredate and r_expired and the cache. */
int int
check_key_signature2 (kbnode_t root, kbnode_t node, PKT_public_key *check_pk, check_key_signature2 (ctrl_t ctrl,
kbnode_t root, kbnode_t node, PKT_public_key *check_pk,
PKT_public_key *ret_pk, int *is_selfsig, PKT_public_key *ret_pk, int *is_selfsig,
u32 *r_expiredate, int *r_expired ) u32 *r_expiredate, int *r_expired )
{ {
@ -1018,13 +1023,14 @@ check_key_signature2 (kbnode_t root, kbnode_t node, PKT_public_key *check_pk,
/* Is it a designated revoker? */ /* Is it a designated revoker? */
if (keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1]) if (keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1])
rc = check_revocation_keys (pk, sig); rc = check_revocation_keys (ctrl, pk, sig);
else else
{ {
rc = check_signature_metadata_validity (pk, sig, rc = check_signature_metadata_validity (pk, sig,
r_expired, NULL); r_expired, NULL);
if (! rc) if (! rc)
rc = check_signature_over_key_or_uid (pk, sig, root, root->pkt, rc = check_signature_over_key_or_uid (ctrl, pk, sig,
root, root->pkt,
is_selfsig, ret_pk); is_selfsig, ret_pk);
} }
} }
@ -1039,7 +1045,8 @@ check_key_signature2 (kbnode_t root, kbnode_t node, PKT_public_key *check_pk,
r_expired, NULL); r_expired, NULL);
if (! rc) if (! rc)
/* 0x28 must be a self-sig, but 0x18 needn't be. */ /* 0x28 must be a self-sig, but 0x18 needn't be. */
rc = check_signature_over_key_or_uid (sig->sig_class == 0x18 rc = check_signature_over_key_or_uid (ctrl,
sig->sig_class == 0x18
? NULL : pk, ? NULL : pk,
sig, root, snode->pkt, sig, root, snode->pkt,
is_selfsig, ret_pk); is_selfsig, ret_pk);
@ -1063,7 +1070,7 @@ check_key_signature2 (kbnode_t root, kbnode_t node, PKT_public_key *check_pk,
rc = check_signature_metadata_validity (pk, sig, rc = check_signature_metadata_validity (pk, sig,
r_expired, NULL); r_expired, NULL);
if (! rc) if (! rc)
rc = check_signature_over_key_or_uid (pk, sig, root, root->pkt, rc = check_signature_over_key_or_uid (ctrl, pk, sig, root, root->pkt,
is_selfsig, ret_pk); is_selfsig, ret_pk);
} }
else if (/* Certification. */ else if (/* Certification. */
@ -1082,7 +1089,8 @@ check_key_signature2 (kbnode_t root, kbnode_t node, PKT_public_key *check_pk,
if (! rc) if (! rc)
/* If this is a self-sig, ignore check_pk. */ /* If this is a self-sig, ignore check_pk. */
rc = check_signature_over_key_or_uid rc = check_signature_over_key_or_uid
(keyid_cmp (pk_keyid (pk), sig->keyid) == 0 ? pk : check_pk, (ctrl,
keyid_cmp (pk_keyid (pk), sig->keyid) == 0 ? pk : check_pk,
sig, root, unode->pkt, NULL, ret_pk); sig, root, unode->pkt, NULL, ret_pk);
} }
else else

35
g10/sign.c
View File

@ -253,7 +253,7 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
/* Perform the sign operation. If CACHE_NONCE is given the agent is /* Perform the sign operation. If CACHE_NONCE is given the agent is
advised to use that cached passphrase fro the key. */ advised to use that cached passphrase fro the key. */
static int static int
do_sign (PKT_public_key *pksk, PKT_signature *sig, do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
gcry_md_hd_t md, int mdalgo, const char *cache_nonce) gcry_md_hd_t md, int mdalgo, const char *cache_nonce)
{ {
gpg_error_t err; gpg_error_t err;
@ -294,7 +294,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
char *desc; char *desc;
gcry_sexp_t s_sigval; gcry_sexp_t s_sigval;
desc = gpg_format_keydesc (pksk, FORMAT_KEYDESC_NORMAL, 1); desc = gpg_format_keydesc (ctrl, pksk, FORMAT_KEYDESC_NORMAL, 1);
err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc, err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc,
pksk->keyid, pksk->main_keyid, pksk->pubkey_algo, pksk->keyid, pksk->main_keyid, pksk->pubkey_algo,
dp, gcry_md_get_algo_dlen (mdalgo), mdalgo, dp, gcry_md_get_algo_dlen (mdalgo), mdalgo,
@ -327,7 +327,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
{ {
if (opt.verbose) if (opt.verbose)
{ {
char *ustr = get_user_id_string_native (sig->keyid); char *ustr = get_user_id_string_native (ctrl, sig->keyid);
log_info (_("%s/%s signature from: \"%s\"\n"), log_info (_("%s/%s signature from: \"%s\"\n"),
openpgp_pk_algo_name (pksk->pubkey_algo), openpgp_pk_algo_name (pksk->pubkey_algo),
openpgp_md_algo_name (sig->digest_algo), openpgp_md_algo_name (sig->digest_algo),
@ -340,13 +340,14 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
int int
complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md, complete_sig (ctrl_t ctrl,
PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md,
const char *cache_nonce) const char *cache_nonce)
{ {
int rc; int rc;
/* if (!(rc = check_secret_key (pksk, 0))) */ /* if (!(rc = check_secret_key (pksk, 0))) */
rc = do_sign (pksk, sig, md, 0, cache_nonce); rc = do_sign (ctrl, pksk, sig, md, 0, cache_nonce);
return rc; return rc;
} }
@ -669,7 +670,8 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
* hash which will not be changes here. * hash which will not be changes here.
*/ */
static int static int
write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, write_signature_packets (ctrl_t ctrl,
SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
int sigclass, u32 timestamp, u32 duration, int sigclass, u32 timestamp, u32 duration,
int status_letter, const char *cache_nonce) int status_letter, const char *cache_nonce)
{ {
@ -719,7 +721,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
gcry_md_final (md); gcry_md_final (md);
rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce);
gcry_md_close (md); gcry_md_close (md);
if (!rc) if (!rc)
{ {
@ -785,6 +787,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
memset( &zfx, 0, sizeof zfx); memset( &zfx, 0, sizeof zfx);
memset( &mfx, 0, sizeof mfx); memset( &mfx, 0, sizeof mfx);
memset( &efx, 0, sizeof efx); memset( &efx, 0, sizeof efx);
efx.ctrl = ctrl;
init_packet( &pkt ); init_packet( &pkt );
if( filenames ) { if( filenames ) {
@ -1066,7 +1069,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
goto leave; goto leave;
/* write the signatures */ /* write the signatures */
rc = write_signature_packets (sk_list, out, mfx.md, rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
opt.textmode && !outfile? 0x01 : 0x00, opt.textmode && !outfile? 0x01 : 0x00,
0, duration, detached ? 'D':'S', NULL); 0, duration, detached ? 'D':'S', NULL);
if( rc ) if( rc )
@ -1209,8 +1212,8 @@ clearsign_file (ctrl_t ctrl,
push_armor_filter (afx, out); push_armor_filter (afx, out);
/* Write the signatures. */ /* Write the signatures. */
rc = write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C', rc = write_signature_packets (ctrl, sk_list, out, textmd, 0x01, 0,
NULL); duration, 'C', NULL);
if( rc ) if( rc )
goto leave; goto leave;
@ -1369,7 +1372,7 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
/* Write the signatures */ /* Write the signatures */
/*(current filters: zip - encrypt - armor)*/ /*(current filters: zip - encrypt - armor)*/
rc = write_signature_packets (sk_list, out, mfx.md, rc = write_signature_packets (ctrl, sk_list, out, mfx.md,
opt.textmode? 0x01 : 0x00, opt.textmode? 0x01 : 0x00,
0, duration, 'S', NULL); 0, duration, 'S', NULL);
if( rc ) if( rc )
@ -1420,7 +1423,8 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
* MKSUBPKT. * MKSUBPKT.
*/ */
int int
make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk, make_keysig_packet (ctrl_t ctrl,
PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk, PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk, PKT_public_key *pksk,
int sigclass, int digest_algo, int sigclass, int digest_algo,
@ -1513,7 +1517,7 @@ make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk,
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
gcry_md_final (md); gcry_md_final (md);
rc = complete_sig (sig, pksk, md, cache_nonce); rc = complete_sig (ctrl, sig, pksk, md, cache_nonce);
} }
gcry_md_close (md); gcry_md_close (md);
@ -1535,7 +1539,8 @@ make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk,
* TODO: Merge this with make_keysig_packet. * TODO: Merge this with make_keysig_packet.
*/ */
gpg_error_t gpg_error_t
update_keysig_packet( PKT_signature **ret_sig, update_keysig_packet (ctrl_t ctrl,
PKT_signature **ret_sig,
PKT_signature *orig_sig, PKT_signature *orig_sig,
PKT_public_key *pk, PKT_public_key *pk,
PKT_user_id *uid, PKT_user_id *uid,
@ -1612,7 +1617,7 @@ update_keysig_packet( PKT_signature **ret_sig,
hash_sigversion_to_magic (md, sig); hash_sigversion_to_magic (md, sig);
gcry_md_final (md); gcry_md_final (md);
rc = complete_sig (sig, pksk, md, NULL); rc = complete_sig (ctrl, sig, pksk, md, NULL);
} }
leave: leave:

8
g10/skclist.c
View File

@ -59,14 +59,14 @@ release_sk_list (SK_LIST sk_list)
* the string "(insecure!)" or "not secure" or "do not use" * the string "(insecure!)" or "not secure" or "do not use"
* in one of the user ids. */ * in one of the user ids. */
static int static int
is_insecure (PKT_public_key *pk) is_insecure (ctrl_t ctrl, PKT_public_key *pk)
{ {
u32 keyid[2]; u32 keyid[2];
KBNODE node = NULL, u; KBNODE node = NULL, u;
int insecure = 0; int insecure = 0;
keyid_from_pk (pk, keyid); keyid_from_pk (pk, keyid);
node = get_pubkeyblock (keyid); node = get_pubkeyblock (ctrl, keyid);
for (u = node; u; u = u->next) for (u = node; u; u = u->next)
{ {
if (u->pkt->pkttype == PKT_USER_ID) if (u->pkt->pkttype == PKT_USER_ID)
@ -150,7 +150,7 @@ build_sk_list (ctrl_t ctrl,
{ {
SK_LIST r; SK_LIST r;
if (random_is_faked () && !is_insecure (pk)) if (random_is_faked () && !is_insecure (ctrl, pk))
{ {
log_info (_("key is not flagged as insecure - " log_info (_("key is not flagged as insecure - "
"can't use it with the faked RNG!\n")); "can't use it with the faked RNG!\n"));
@ -231,7 +231,7 @@ build_sk_list (ctrl_t ctrl,
get_inv_recpsgnr_code (GPG_ERR_WRONG_KEY_USAGE), get_inv_recpsgnr_code (GPG_ERR_WRONG_KEY_USAGE),
locusr->d, strlen (locusr->d), -1); locusr->d, strlen (locusr->d), -1);
} }
else if (random_is_faked () && !is_insecure (pk)) else if (random_is_faked () && !is_insecure (ctrl, pk))
{ {
log_info (_("key is not flagged as insecure - " log_info (_("key is not flagged as insecure - "
"can't use it with the faked RNG!\n")); "can't use it with the faked RNG!\n"));

24
g10/tdbdump.c
View File

@ -49,9 +49,9 @@
* Write a record; die on error. * Write a record; die on error.
*/ */
static void static void
write_record( TRUSTREC *rec ) write_record (ctrl_t ctrl, TRUSTREC *rec)
{ {
int rc = tdbio_write_record( rec ); int rc = tdbio_write_record (ctrl, rec);
if( !rc ) if( !rc )
return; return;
log_error(_("trust record %lu, type %d: write failed: %s\n"), log_error(_("trust record %lu, type %d: write failed: %s\n"),
@ -64,13 +64,13 @@ write_record( TRUSTREC *rec )
* Dump the entire trustdb to FP or only the entries of one key. * Dump the entire trustdb to FP or only the entries of one key.
*/ */
void void
list_trustdb (estream_t fp, const char *username) list_trustdb (ctrl_t ctrl, estream_t fp, const char *username)
{ {
TRUSTREC rec; TRUSTREC rec;
(void)username; (void)username;
init_trustdb (0); init_trustdb (ctrl, 0);
/* For now we ignore the user ID. */ /* For now we ignore the user ID. */
if (1) if (1)
{ {
@ -94,14 +94,14 @@ list_trustdb (estream_t fp, const char *username)
* Print a list of all defined owner trust value. * Print a list of all defined owner trust value.
*/ */
void void
export_ownertrust() export_ownertrust (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
ulong recnum; ulong recnum;
int i; int i;
byte *p; byte *p;
init_trustdb (0); init_trustdb (ctrl, 0);
es_printf (_("# List of assigned trustvalues, created %s\n" es_printf (_("# List of assigned trustvalues, created %s\n"
"# (Use \"gpg --import-ownertrust\" to restore them)\n"), "# (Use \"gpg --import-ownertrust\" to restore them)\n"),
asctimestamp( make_timestamp() ) ); asctimestamp( make_timestamp() ) );
@ -121,7 +121,7 @@ export_ownertrust()
void void
import_ownertrust( const char *fname ) import_ownertrust (ctrl_t ctrl, const char *fname )
{ {
estream_t fp; estream_t fp;
int is_stdin=0; int is_stdin=0;
@ -133,7 +133,7 @@ import_ownertrust( const char *fname )
int any = 0; int any = 0;
int rc; int rc;
init_trustdb (0); init_trustdb (ctrl, 0);
if( iobuf_is_pipe_filename (fname) ) { if( iobuf_is_pipe_filename (fname) ) {
fp = es_stdin; fp = es_stdin;
fname = "[stdin]"; fname = "[stdin]";
@ -202,7 +202,7 @@ import_ownertrust( const char *fname )
log_info("setting ownertrust to %u\n", otrust ); log_info("setting ownertrust to %u\n", otrust );
} }
rec.r.trust.ownertrust = otrust; rec.r.trust.ownertrust = otrust;
write_record (&rec ); write_record (ctrl, &rec);
any = 1; any = 1;
} }
} }
@ -210,11 +210,11 @@ import_ownertrust( const char *fname )
if (!opt.quiet) if (!opt.quiet)
log_info("inserting ownertrust of %u\n", otrust ); log_info("inserting ownertrust of %u\n", otrust );
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum (); rec.recnum = tdbio_new_recnum (ctrl);
rec.rectype = RECTYPE_TRUST; rec.rectype = RECTYPE_TRUST;
memcpy (rec.r.trust.fingerprint, fpr, 20); memcpy (rec.r.trust.fingerprint, fpr, 20);
rec.r.trust.ownertrust = otrust; rec.r.trust.ownertrust = otrust;
write_record (&rec ); write_record (ctrl, &rec);
any = 1; any = 1;
} }
else /* error */ else /* error */
@ -228,7 +228,7 @@ import_ownertrust( const char *fname )
if (any) if (any)
{ {
revalidation_mark (); revalidation_mark (ctrl);
rc = tdbio_sync (); rc = tdbio_sync ();
if (rc) if (rc)
log_error (_("trustdb: sync failed: %s\n"), gpg_strerror (rc) ); log_error (_("trustdb: sync failed: %s\n"), gpg_strerror (rc) );

76
g10/tdbio.c
View File

@ -119,7 +119,7 @@ static int in_transaction;
static void open_db (void); static void open_db (void);
static void create_hashtable (TRUSTREC *vr, int type); static void create_hashtable (ctrl_t ctrl, TRUSTREC *vr, int type);
@ -535,7 +535,7 @@ cleanup (void)
* Returns: 0 on success or an error code. * Returns: 0 on success or an error code.
*/ */
int int
tdbio_update_version_record (void) tdbio_update_version_record (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
@ -551,7 +551,7 @@ tdbio_update_version_record (void)
rec.r.ver.cert_depth = opt.max_cert_depth; rec.r.ver.cert_depth = opt.max_cert_depth;
rec.r.ver.trust_model = opt.trust_model; rec.r.ver.trust_model = opt.trust_model;
rec.r.ver.min_cert_level = opt.min_cert_level; rec.r.ver.min_cert_level = opt.min_cert_level;
rc=tdbio_write_record(&rec); rc = tdbio_write_record (ctrl, &rec);
} }
return rc; return rc;
@ -564,7 +564,7 @@ tdbio_update_version_record (void)
* Returns: 0 on success or an error code. * Returns: 0 on success or an error code.
*/ */
static int static int
create_version_record (void) create_version_record (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
int rc; int rc;
@ -582,13 +582,13 @@ create_version_record (void)
rec.r.ver.min_cert_level = opt.min_cert_level; rec.r.ver.min_cert_level = opt.min_cert_level;
rec.rectype = RECTYPE_VER; rec.rectype = RECTYPE_VER;
rec.recnum = 0; rec.recnum = 0;
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (!rc) if (!rc)
tdbio_sync (); tdbio_sync ();
if (!rc) if (!rc)
create_hashtable (&rec, 0); create_hashtable (ctrl, &rec, 0);
return rc; return rc;
} }
@ -606,7 +606,8 @@ create_version_record (void)
* *
*/ */
int int
tdbio_set_dbname (const char *new_dbname, int create, int *r_nofile) tdbio_set_dbname (ctrl_t ctrl, const char *new_dbname,
int create, int *r_nofile)
{ {
char *fname, *p; char *fname, *p;
struct stat statbuf; struct stat statbuf;
@ -719,7 +720,7 @@ tdbio_set_dbname (const char *new_dbname, int create, int *r_nofile)
if (db_fd == -1) if (db_fd == -1)
log_fatal (_("can't open '%s': %s\n"), db_name, strerror (errno)); log_fatal (_("can't open '%s': %s\n"), db_name, strerror (errno));
rc = create_version_record (); rc = create_version_record (ctrl);
if (rc) if (rc)
log_fatal (_("%s: failed to create version record: %s"), log_fatal (_("%s: failed to create version record: %s"),
fname, gpg_strerror (rc)); fname, gpg_strerror (rc));
@ -806,7 +807,7 @@ open_db ()
* the function terminates the process. * the function terminates the process.
*/ */
static void static void
create_hashtable( TRUSTREC *vr, int type ) create_hashtable (ctrl_t ctrl, TRUSTREC *vr, int type)
{ {
TRUSTREC rec; TRUSTREC rec;
off_t offset; off_t offset;
@ -829,13 +830,13 @@ create_hashtable( TRUSTREC *vr, int type )
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
rec.rectype = RECTYPE_HTBL; rec.rectype = RECTYPE_HTBL;
rec.recnum = recnum; rec.recnum = recnum;
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
log_fatal (_("%s: failed to create hashtable: %s\n"), log_fatal (_("%s: failed to create hashtable: %s\n"),
db_name, gpg_strerror (rc)); db_name, gpg_strerror (rc));
} }
/* Update the version record and flush. */ /* Update the version record and flush. */
rc = tdbio_write_record (vr); rc = tdbio_write_record (ctrl, vr);
if (!rc) if (!rc)
rc = tdbio_sync (); rc = tdbio_sync ();
if (rc) if (rc)
@ -919,7 +920,7 @@ tdbio_read_nextcheck ()
* Return: True if the stamp actually changed. * Return: True if the stamp actually changed.
*/ */
int int
tdbio_write_nextcheck (ulong stamp) tdbio_write_nextcheck (ctrl_t ctrl, ulong stamp)
{ {
TRUSTREC vr; TRUSTREC vr;
int rc; int rc;
@ -933,7 +934,7 @@ tdbio_write_nextcheck (ulong stamp)
return 0; return 0;
vr.r.ver.nextcheck = stamp; vr.r.ver.nextcheck = stamp;
rc = tdbio_write_record( &vr ); rc = tdbio_write_record (ctrl, &vr);
if (rc) if (rc)
log_fatal (_("%s: error writing version record: %s\n"), log_fatal (_("%s: error writing version record: %s\n"),
db_name, gpg_strerror (rc)); db_name, gpg_strerror (rc));
@ -980,7 +981,7 @@ get_trusthashrec(void)
* Return: 0 on success or an error code. * Return: 0 on success or an error code.
*/ */
static int static int
upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum) upd_hashtable (ctrl_t ctrl, ulong table, byte *key, int keylen, ulong newrecnum)
{ {
TRUSTREC lastrec, rec; TRUSTREC lastrec, rec;
ulong hashrec, item; ulong hashrec, item;
@ -1003,7 +1004,7 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
if (!item) /* Insert a new item into the hash table. */ if (!item) /* Insert a new item into the hash table. */
{ {
rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum; rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = newrecnum;
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
{ {
log_error ("upd_hashtable: write htbl failed: %s\n", log_error ("upd_hashtable: write htbl failed: %s\n",
@ -1068,7 +1069,7 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
{ {
/* Empty slot found. */ /* Empty slot found. */
rec.r.hlst.rnum[i] = newrecnum; rec.r.hlst.rnum[i] = newrecnum;
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
log_error ("upd_hashtable: write hlst failed: %s\n", log_error ("upd_hashtable: write hlst failed: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
@ -1090,8 +1091,8 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
else else
{ {
/* Append a new record to the list. */ /* Append a new record to the list. */
rec.r.hlst.next = item = tdbio_new_recnum (); rec.r.hlst.next = item = tdbio_new_recnum (ctrl);
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
{ {
log_error ("upd_hashtable: write hlst failed: %s\n", log_error ("upd_hashtable: write hlst failed: %s\n",
@ -1102,7 +1103,7 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
rec.rectype = RECTYPE_HLST; rec.rectype = RECTYPE_HLST;
rec.recnum = item; rec.recnum = item;
rec.r.hlst.rnum[0] = newrecnum; rec.r.hlst.rnum[0] = newrecnum;
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
log_error ("upd_hashtable: write ext hlst failed: %s\n", log_error ("upd_hashtable: write ext hlst failed: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
@ -1120,10 +1121,10 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
item = rec.recnum; /* Save number of key record. */ item = rec.recnum; /* Save number of key record. */
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
rec.rectype = RECTYPE_HLST; rec.rectype = RECTYPE_HLST;
rec.recnum = tdbio_new_recnum (); rec.recnum = tdbio_new_recnum (ctrl);
rec.r.hlst.rnum[0] = item; /* Old key record */ rec.r.hlst.rnum[0] = item; /* Old key record */
rec.r.hlst.rnum[1] = newrecnum; /* and new key record */ rec.r.hlst.rnum[1] = newrecnum; /* and new key record */
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
{ {
log_error( "upd_hashtable: write new hlst failed: %s\n", log_error( "upd_hashtable: write new hlst failed: %s\n",
@ -1132,7 +1133,7 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
} }
/* Update the hashtable record. */ /* Update the hashtable record. */
lastrec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = rec.recnum; lastrec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = rec.recnum;
rc = tdbio_write_record (&lastrec); rc = tdbio_write_record (ctrl, &lastrec);
if (rc) if (rc)
log_error ("upd_hashtable: update htbl failed: %s\n", log_error ("upd_hashtable: update htbl failed: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
@ -1143,7 +1144,7 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
log_error ("hashtbl %lu: %lu/%d points to an invalid record %lu\n", log_error ("hashtbl %lu: %lu/%d points to an invalid record %lu\n",
table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item); table, hashrec, (msb % ITEMS_PER_HTBL_RECORD), item);
if (opt.verbose > 1) if (opt.verbose > 1)
list_trustdb (es_stderr, NULL); list_trustdb (ctrl, es_stderr, NULL);
return GPG_ERR_TRUSTDB; return GPG_ERR_TRUSTDB;
} }
} }
@ -1159,7 +1160,8 @@ upd_hashtable (ulong table, byte *key, int keylen, ulong newrecnum)
* Return: 0 on success or an error code. * Return: 0 on success or an error code.
*/ */
static int static int
drop_from_hashtable (ulong table, byte *key, int keylen, ulong recnum) drop_from_hashtable (ctrl_t ctrl, ulong table,
byte *key, int keylen, ulong recnum)
{ {
TRUSTREC rec; TRUSTREC rec;
ulong hashrec, item; ulong hashrec, item;
@ -1185,7 +1187,7 @@ drop_from_hashtable (ulong table, byte *key, int keylen, ulong recnum)
if (item == recnum) /* Table points direct to the record. */ if (item == recnum) /* Table points direct to the record. */
{ {
rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0; rec.r.htbl.item[msb % ITEMS_PER_HTBL_RECORD] = 0;
rc = tdbio_write_record( &rec ); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
log_error ("drop_from_hashtable: write htbl failed: %s\n", log_error ("drop_from_hashtable: write htbl failed: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
@ -1221,7 +1223,7 @@ drop_from_hashtable (ulong table, byte *key, int keylen, ulong recnum)
if (rec.r.hlst.rnum[i] == recnum) if (rec.r.hlst.rnum[i] == recnum)
{ {
rec.r.hlst.rnum[i] = 0; /* Mark as free. */ rec.r.hlst.rnum[i] = 0; /* Mark as free. */
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
log_error("drop_from_hashtable: write htbl failed: %s\n", log_error("drop_from_hashtable: write htbl failed: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
@ -1354,9 +1356,9 @@ lookup_hashtable (ulong table, const byte *key, size_t keylen,
* Return: 0 on success or an error code. * Return: 0 on success or an error code.
*/ */
static int static int
update_trusthashtbl( TRUSTREC *tr ) update_trusthashtbl (ctrl_t ctrl, TRUSTREC *tr)
{ {
return upd_hashtable (get_trusthashrec(), return upd_hashtable (ctrl, get_trusthashrec (),
tr->r.trust.fingerprint, 20, tr->recnum); tr->r.trust.fingerprint, 20, tr->recnum);
} }
@ -1591,7 +1593,7 @@ tdbio_read_record (ulong recnum, TRUSTREC *rec, int expected)
* Return: 0 on success or an error code. * Return: 0 on success or an error code.
*/ */
int int
tdbio_write_record( TRUSTREC *rec ) tdbio_write_record (ctrl_t ctrl, TRUSTREC *rec)
{ {
byte buf[TRUST_RECORD_LEN]; byte buf[TRUST_RECORD_LEN];
byte *p; byte *p;
@ -1675,7 +1677,7 @@ tdbio_write_record( TRUSTREC *rec )
if (rc) if (rc)
; ;
else if (rec->rectype == RECTYPE_TRUST) else if (rec->rectype == RECTYPE_TRUST)
rc = update_trusthashtbl (rec); rc = update_trusthashtbl (ctrl, rec);
return rc; return rc;
} }
@ -1687,7 +1689,7 @@ tdbio_write_record( TRUSTREC *rec )
* Return: 0 on success or an error code. * Return: 0 on success or an error code.
*/ */
int int
tdbio_delete_record (ulong recnum) tdbio_delete_record (ctrl_t ctrl, ulong recnum)
{ {
TRUSTREC vr, rec; TRUSTREC vr, rec;
int rc; int rc;
@ -1698,7 +1700,7 @@ tdbio_delete_record (ulong recnum)
; ;
else if (rec.rectype == RECTYPE_TRUST) else if (rec.rectype == RECTYPE_TRUST)
{ {
rc = drop_from_hashtable (get_trusthashrec(), rc = drop_from_hashtable (ctrl, get_trusthashrec(),
rec.r.trust.fingerprint, 20, rec.recnum); rec.r.trust.fingerprint, 20, rec.recnum);
} }
@ -1715,9 +1717,9 @@ tdbio_delete_record (ulong recnum)
rec.rectype = RECTYPE_FREE; rec.rectype = RECTYPE_FREE;
rec.r.free.next = vr.r.ver.firstfree; rec.r.free.next = vr.r.ver.firstfree;
vr.r.ver.firstfree = recnum; vr.r.ver.firstfree = recnum;
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (!rc) if (!rc)
rc = tdbio_write_record (&vr); rc = tdbio_write_record (ctrl, &vr);
return rc; return rc;
} }
@ -1727,7 +1729,7 @@ tdbio_delete_record (ulong recnum)
* Create a new record and return its record number. * Create a new record and return its record number.
*/ */
ulong ulong
tdbio_new_recnum () tdbio_new_recnum (ctrl_t ctrl)
{ {
off_t offset; off_t offset;
ulong recnum; ulong recnum;
@ -1751,7 +1753,7 @@ tdbio_new_recnum ()
} }
/* Update dir record. */ /* Update dir record. */
vr.r.ver.firstfree = rec.r.free.next; vr.r.ver.firstfree = rec.r.free.next;
rc = tdbio_write_record (&vr); rc = tdbio_write_record (ctrl, &vr);
if (rc) if (rc)
{ {
log_error (_("%s: error writing dir record: %s\n"), log_error (_("%s: error writing dir record: %s\n"),
@ -1763,7 +1765,7 @@ tdbio_new_recnum ()
rec.rectype = 0; /* Mark as unused record (actually already done rec.rectype = 0; /* Mark as unused record (actually already done
my the memset). */ my the memset). */
rec.recnum = recnum; rec.recnum = recnum;
rc = tdbio_write_record (&rec); rc = tdbio_write_record (ctrl, &rec);
if (rc) if (rc)
log_fatal (_("%s: failed to zero a record: %s\n"), log_fatal (_("%s: failed to zero a record: %s\n"),
db_name, gpg_strerror (rc)); db_name, gpg_strerror (rc));

13
g10/tdbio.h
View File

@ -92,23 +92,24 @@ struct trust_record {
typedef struct trust_record TRUSTREC; typedef struct trust_record TRUSTREC;
/*-- tdbio.c --*/ /*-- tdbio.c --*/
int tdbio_update_version_record(void); int tdbio_update_version_record (ctrl_t ctrl);
int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile); int tdbio_set_dbname (ctrl_t ctrl, const char *new_dbname,
int create, int *r_nofile);
const char *tdbio_get_dbname(void); const char *tdbio_get_dbname(void);
void tdbio_dump_record( TRUSTREC *rec, estream_t fp ); void tdbio_dump_record( TRUSTREC *rec, estream_t fp );
int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ); int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected );
int tdbio_write_record( TRUSTREC *rec ); int tdbio_write_record (ctrl_t ctrl, TRUSTREC *rec);
int tdbio_db_matches_options(void); int tdbio_db_matches_options(void);
byte tdbio_read_model(void); byte tdbio_read_model(void);
ulong tdbio_read_nextcheck (void); ulong tdbio_read_nextcheck (void);
int tdbio_write_nextcheck (ulong stamp); int tdbio_write_nextcheck (ctrl_t ctrl, ulong stamp);
int tdbio_is_dirty(void); int tdbio_is_dirty(void);
int tdbio_sync(void); int tdbio_sync(void);
int tdbio_begin_transaction(void); int tdbio_begin_transaction(void);
int tdbio_end_transaction(void); int tdbio_end_transaction(void);
int tdbio_cancel_transaction(void); int tdbio_cancel_transaction(void);
int tdbio_delete_record( ulong recnum ); int tdbio_delete_record (ctrl_t ctrl, ulong recnum);
ulong tdbio_new_recnum(void); ulong tdbio_new_recnum (ctrl_t ctrl);
gpg_error_t tdbio_search_trust_byfpr (const byte *fingerprint, TRUSTREC *rec); gpg_error_t tdbio_search_trust_byfpr (const byte *fingerprint, TRUSTREC *rec);
gpg_error_t tdbio_search_trust_bypk (PKT_public_key *pk, TRUSTREC *rec); gpg_error_t tdbio_search_trust_bypk (PKT_public_key *pk, TRUSTREC *rec);

17
g10/test-stubs.c
View File

@ -66,10 +66,12 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
} }
void void
read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck, read_trust_options (ctrl_t ctrl,
byte *marginals, byte *completes, byte *cert_depth, byte *trust_model, ulong *created, ulong *nextcheck,
byte *min_cert_level) byte *marginals, byte *completes, byte *cert_depth,
byte *min_cert_level)
{ {
(void)ctrl;
(void)trust_model; (void)trust_model;
(void)created; (void)created;
(void)nextcheck; (void)nextcheck;
@ -85,8 +87,9 @@ read_trust_options(byte *trust_model, ulong *created, ulong *nextcheck,
*/ */
int int
cache_disabled_value(PKT_public_key *pk) cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
{ {
(void)ctrl;
(void)pk; (void)pk;
return 0; return 0;
} }
@ -138,16 +141,18 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
} }
int int
get_ownertrust_info (PKT_public_key *pk, int no_create) get_ownertrust_info (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{ {
(void)ctrl;
(void)pk; (void)pk;
(void)no_create; (void)no_create;
return '?'; return '?';
} }
unsigned int unsigned int
get_ownertrust (PKT_public_key *pk) get_ownertrust (ctrl_t ctrl, PKT_public_key *pk)
{ {
(void)ctrl;
(void)pk; (void)pk;
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
} }

21
g10/tofu.c
View File

@ -2031,7 +2031,7 @@ ask_about_binding (ctrl_t ctrl,
email> (including the binding itself, which will be first in the email> (including the binding itself, which will be first in the
list). For each returned key also sets BINDING_NEW, etc. */ list). For each returned key also sets BINDING_NEW, etc. */
static strlist_t static strlist_t
build_conflict_set (tofu_dbs_t dbs, build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs,
PKT_public_key *pk, const char *fingerprint, PKT_public_key *pk, const char *fingerprint,
const char *email) const char *email)
{ {
@ -2174,7 +2174,7 @@ build_conflict_set (tofu_dbs_t dbs,
continue; continue;
} }
merge_keys_and_selfsig (kb); merge_keys_and_selfsig (ctrl, kb);
log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY); log_assert (kb->pkt->pkttype == PKT_PUBLIC_KEY);
@ -2317,7 +2317,7 @@ build_conflict_set (tofu_dbs_t dbs,
* not yet been registered. * not yet been registered.
*/ */
static enum tofu_policy static enum tofu_policy
get_policy (tofu_dbs_t dbs, PKT_public_key *pk, get_policy (ctrl_t ctrl, tofu_dbs_t dbs, PKT_public_key *pk,
const char *fingerprint, const char *user_id, const char *email, const char *fingerprint, const char *user_id, const char *email,
strlist_t *conflict_setp, time_t now) strlist_t *conflict_setp, time_t now)
{ {
@ -2483,7 +2483,7 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
int lookup_err; int lookup_err;
kbnode_t kb; kbnode_t kb;
lookup_err = get_pubkey_byfprint (NULL, &kb, lookup_err = get_pubkey_byfprint (ctrl, NULL, &kb,
fingerprint_raw, fingerprint_raw,
fingerprint_raw_len); fingerprint_raw_len);
if (lookup_err) if (lookup_err)
@ -2509,7 +2509,7 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
* disappeared. The latter can happen if the conflicting bindings * disappeared. The latter can happen if the conflicting bindings
* are now cross signed, for instance. */ * are now cross signed, for instance. */
conflict_set = build_conflict_set (dbs, pk, fingerprint, email); conflict_set = build_conflict_set (ctrl, dbs, pk, fingerprint, email);
conflict_set_count = strlist_length (conflict_set); conflict_set_count = strlist_length (conflict_set);
if (conflict_set_count == 0) if (conflict_set_count == 0)
{ {
@ -2615,7 +2615,7 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk,
if (effective_policy == TOFU_POLICY_ASK && conflict_setp) if (effective_policy == TOFU_POLICY_ASK && conflict_setp)
{ {
if (! conflict_set) if (! conflict_set)
conflict_set = build_conflict_set (dbs, pk, fingerprint, email); conflict_set = build_conflict_set (ctrl, dbs, pk, fingerprint, email);
*conflict_setp = conflict_set; *conflict_setp = conflict_set;
} }
else else
@ -2691,7 +2691,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
/* We need to call get_policy even if the key is ultimately trusted /* We need to call get_policy even if the key is ultimately trusted
* to make sure the binding has been registered. */ * to make sure the binding has been registered. */
policy = get_policy (dbs, pk, fingerprint, user_id, email, policy = get_policy (ctrl, dbs, pk, fingerprint, user_id, email,
&conflict_set, now); &conflict_set, now);
if (policy == TOFU_POLICY_ASK) if (policy == TOFU_POLICY_ASK)
@ -3493,7 +3493,7 @@ tofu_register_encryption (ctrl_t ctrl,
! pk_is_primary (pk) ! pk_is_primary (pk)
/* We need the key block to find all user ids. */ /* We need the key block to find all user ids. */
|| ! user_id_list) || ! user_id_list)
kb = get_pubkeyblock (pk->keyid); kb = get_pubkeyblock (ctrl, pk->keyid);
/* Make sure PK is a primary key. */ /* Make sure PK is a primary key. */
if (! pk_is_primary (pk)) if (! pk_is_primary (pk))
@ -3692,7 +3692,7 @@ tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
fingerprint = hexfingerprint (pk, NULL, 0); fingerprint = hexfingerprint (pk, NULL, 0);
email = email_from_user_id (user_id); email = email_from_user_id (user_id);
policy = get_policy (dbs, pk, fingerprint, user_id, email, NULL, now); policy = get_policy (ctrl, dbs, pk, fingerprint, user_id, email, NULL, now);
show_statistics (dbs, fingerprint, email, policy, fp, 0, now); show_statistics (dbs, fingerprint, email, policy, fp, 0, now);
@ -3953,7 +3953,8 @@ tofu_get_policy (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *user_id,
email = email_from_user_id (user_id->name); email = email_from_user_id (user_id->name);
*policy = get_policy (dbs, pk, fingerprint, user_id->name, email, NULL, now); *policy = get_policy (ctrl, dbs, pk, fingerprint,
user_id->name, email, NULL, now);
xfree (email); xfree (email);
xfree (fingerprint); xfree (fingerprint);

59
g10/trust.c
View File

@ -38,13 +38,13 @@
/* Return true if key is disabled. Note that this is usually used via /* Return true if key is disabled. Note that this is usually used via
the pk_is_disabled macro. */ the pk_is_disabled macro. */
int int
cache_disabled_value (PKT_public_key *pk) cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
{ {
#ifdef NO_TRUST_MODELS #ifdef NO_TRUST_MODELS
(void)pk; (void)pk;
return 0; return 0;
#else #else
return tdb_cache_disabled_value (pk); return tdb_cache_disabled_value (ctrl, pk);
#endif #endif
} }
@ -173,13 +173,13 @@ uid_trust_string_fixed (ctrl_t ctrl, PKT_public_key *key, PKT_user_id *uid)
* The key should be the primary key. * The key should be the primary key.
*/ */
unsigned int unsigned int
get_ownertrust (PKT_public_key *pk) get_ownertrust (ctrl_t ctrl, PKT_public_key *pk)
{ {
#ifdef NO_TRUST_MODELS #ifdef NO_TRUST_MODELS
(void)pk; (void)pk;
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
#else #else
return tdb_get_ownertrust (pk, 0); return tdb_get_ownertrust (ctrl, pk, 0);
#endif #endif
} }
@ -190,7 +190,7 @@ get_ownertrust (PKT_public_key *pk)
* inhibits creation of a trustdb it that does not yet exists. * inhibits creation of a trustdb it that does not yet exists.
*/ */
static int static int
get_ownertrust_with_min (PKT_public_key *pk, int no_create) get_ownertrust_with_min (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{ {
#ifdef NO_TRUST_MODELS #ifdef NO_TRUST_MODELS
(void)pk; (void)pk;
@ -202,11 +202,11 @@ get_ownertrust_with_min (PKT_public_key *pk, int no_create)
* functions: If the caller asked not to create a trustdb we call * functions: If the caller asked not to create a trustdb we call
* init_trustdb directly and allow it to fail with an error code for * init_trustdb directly and allow it to fail with an error code for
* a non-existing trustdb. */ * a non-existing trustdb. */
if (no_create && init_trustdb (1)) if (no_create && init_trustdb (ctrl, 1))
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
otrust = (tdb_get_ownertrust (pk, no_create) & TRUST_MASK); otrust = (tdb_get_ownertrust (ctrl, pk, no_create) & TRUST_MASK);
otrust_min = tdb_get_min_ownertrust (pk, no_create); otrust_min = tdb_get_min_ownertrust (ctrl, pk, no_create);
if (otrust < otrust_min) if (otrust < otrust_min)
{ {
/* If the trust that the user has set is less than the trust /* If the trust that the user has set is less than the trust
@ -229,9 +229,9 @@ get_ownertrust_with_min (PKT_public_key *pk, int no_create)
* NO_CREATE is set, no efforts for creating a trustdb will be taken. * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/ */
int int
get_ownertrust_info (PKT_public_key *pk, int no_create) get_ownertrust_info (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{ {
return trust_letter (get_ownertrust_with_min (pk, no_create)); return trust_letter (get_ownertrust_with_min (ctrl, pk, no_create));
} }
@ -241,9 +241,9 @@ get_ownertrust_info (PKT_public_key *pk, int no_create)
* NO_CREATE is set, no efforts for creating a trustdb will be taken. * NO_CREATE is set, no efforts for creating a trustdb will be taken.
*/ */
const char * const char *
get_ownertrust_string (PKT_public_key *pk, int no_create) get_ownertrust_string (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{ {
return trust_value_to_string (get_ownertrust_with_min (pk, no_create)); return trust_value_to_string (get_ownertrust_with_min (ctrl, pk, no_create));
} }
@ -252,34 +252,34 @@ get_ownertrust_string (PKT_public_key *pk, int no_create)
* The key should be a primary one. * The key should be a primary one.
*/ */
void void
update_ownertrust (PKT_public_key *pk, unsigned int new_trust) update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust)
{ {
#ifdef NO_TRUST_MODELS #ifdef NO_TRUST_MODELS
(void)pk; (void)pk;
(void)new_trust; (void)new_trust;
#else #else
tdb_update_ownertrust (pk, new_trust); tdb_update_ownertrust (ctrl, pk, new_trust);
#endif #endif
} }
int int
clear_ownertrusts (PKT_public_key *pk) clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk)
{ {
#ifdef NO_TRUST_MODELS #ifdef NO_TRUST_MODELS
(void)pk; (void)pk;
return 0; return 0;
#else #else
return tdb_clear_ownertrusts (pk); return tdb_clear_ownertrusts (ctrl, pk);
#endif #endif
} }
void void
revalidation_mark (void) revalidation_mark (ctrl_t ctrl)
{ {
#ifndef NO_TRUST_MODELS #ifndef NO_TRUST_MODELS
tdb_revalidation_mark (); tdb_revalidation_mark (ctrl);
#endif #endif
} }
@ -343,7 +343,7 @@ get_validity (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk, PKT_user_id *uid,
else else
{ {
main_pk = xmalloc_clear (sizeof *main_pk); main_pk = xmalloc_clear (sizeof *main_pk);
rc = get_pubkey (main_pk, pk->main_keyid); rc = get_pubkey (ctrl, main_pk, pk->main_keyid);
if (rc) if (rc)
{ {
char *tempkeystr = xstrdup (keystr (pk->main_keyid)); char *tempkeystr = xstrdup (keystr (pk->main_keyid));
@ -430,7 +430,7 @@ get_validity_string (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
* 9 and 10 are used for internal purposes. * 9 and 10 are used for internal purposes.
*/ */
void void
mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode, mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
u32 *main_kid, struct key_item *klist, u32 *main_kid, struct key_item *klist,
u32 curtime, u32 *next_expire) u32 curtime, u32 *next_expire)
{ {
@ -461,7 +461,7 @@ mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
invalid signature */ invalid signature */
if (klist && !is_in_klist (klist, sig)) if (klist && !is_in_klist (klist, sig))
continue; /* no need to check it then */ continue; /* no need to check it then */
if ((rc=check_key_signature (keyblock, node, NULL))) if ((rc=check_key_signature (ctrl, keyblock, node, NULL)))
{ {
/* we ignore anything that won't verify, but tag the /* we ignore anything that won't verify, but tag the
no_pubkey case */ no_pubkey case */
@ -594,7 +594,7 @@ mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode,
static int static int
clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode, clean_sigs_from_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
int noisy, int self_only) int noisy, int self_only)
{ {
int deleted = 0; int deleted = 0;
@ -609,7 +609,7 @@ clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode,
/* Passing in a 0 for current time here means that we'll never weed /* Passing in a 0 for current time here means that we'll never weed
out an expired sig. This is correct behavior since we want to out an expired sig. This is correct behavior since we want to
keep the most recent expired sig in a series. */ keep the most recent expired sig in a series. */
mark_usable_uid_certs (keyblock, uidnode, NULL, NULL, 0, NULL); mark_usable_uid_certs (ctrl, keyblock, uidnode, NULL, NULL, 0, NULL);
/* What we want to do here is remove signatures that are not /* What we want to do here is remove signatures that are not
considered as part of the trust calculations. Thus, all invalid considered as part of the trust calculations. Thus, all invalid
@ -743,8 +743,8 @@ clean_uid_from_key (kbnode_t keyblock, kbnode_t uidnode, int noisy)
/* Needs to be called after a merge_keys_and_selfsig() */ /* Needs to be called after a merge_keys_and_selfsig() */
void void
clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only, clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
int *uids_cleaned, int *sigs_cleaned) int noisy, int self_only, int *uids_cleaned, int *sigs_cleaned)
{ {
int dummy = 0; int dummy = 0;
@ -762,19 +762,20 @@ clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only,
to bother with the other. */ to bother with the other. */
*uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy); *uids_cleaned += clean_uid_from_key (keyblock, uidnode, noisy);
if (!uidnode->pkt->pkt.user_id->flags.compacted) if (!uidnode->pkt->pkt.user_id->flags.compacted)
*sigs_cleaned += clean_sigs_from_uid (keyblock, uidnode, noisy, self_only); *sigs_cleaned += clean_sigs_from_uid (ctrl, keyblock, uidnode,
noisy, self_only);
} }
/* NB: This function marks the deleted nodes only and the caller is /* NB: This function marks the deleted nodes only and the caller is
* responsible to skip or remove them. */ * responsible to skip or remove them. */
void void
clean_key (kbnode_t keyblock, int noisy, int self_only, clean_key (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only,
int *uids_cleaned, int *sigs_cleaned) int *uids_cleaned, int *sigs_cleaned)
{ {
kbnode_t node; kbnode_t node;
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
for (node = keyblock->next; for (node = keyblock->next;
node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
@ -782,7 +783,7 @@ clean_key (kbnode_t keyblock, int noisy, int self_only,
node = node->next) node = node->next)
{ {
if (node->pkt->pkttype == PKT_USER_ID) if (node->pkt->pkttype == PKT_USER_ID)
clean_one_uid (keyblock, node, noisy, self_only, clean_one_uid (ctrl, keyblock, node, noisy, self_only,
uids_cleaned, sigs_cleaned); uids_cleaned, sigs_cleaned);
} }

189
g10/trustdb.c
View File

@ -248,7 +248,7 @@ add_utk (u32 *kid)
* Verify that all our secret keys are usable and put them into the utk_list. * Verify that all our secret keys are usable and put them into the utk_list.
*/ */
static void static void
verify_own_keys(void) verify_own_keys (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
ulong recnum; ulong recnum;
@ -275,7 +275,7 @@ verify_own_keys(void)
* the whole validation code to only work with * the whole validation code to only work with
* fingerprints */ * fingerprints */
fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20; fprlen = (!fpr[16] && !fpr[17] && !fpr[18] && !fpr[19])? 16:20;
keyid_from_fingerprint (fpr, fprlen, kid); keyid_from_fingerprint (ctrl, fpr, fprlen, kid);
if (!add_utk (kid)) if (!add_utk (kid))
log_info(_("key %s occurs more than once in the trustdb\n"), log_info(_("key %s occurs more than once in the trustdb\n"),
keystr(kid)); keystr(kid));
@ -290,15 +290,15 @@ verify_own_keys(void)
PKT_public_key pk; PKT_public_key pk;
memset (&pk, 0, sizeof pk); memset (&pk, 0, sizeof pk);
rc = get_pubkey (&pk, k->kid); rc = get_pubkey (ctrl, &pk, k->kid);
if (rc) if (rc)
log_info(_("key %s: no public key for trusted key - skipped\n"), log_info(_("key %s: no public key for trusted key - skipped\n"),
keystr(k->kid)); keystr(k->kid));
else else
{ {
tdb_update_ownertrust tdb_update_ownertrust
(&pk, ((tdb_get_ownertrust (&pk, 0) & ~TRUST_MASK) (ctrl, &pk, ((tdb_get_ownertrust (ctrl, &pk, 0) & ~TRUST_MASK)
| TRUST_ULTIMATE )); | TRUST_ULTIMATE ));
release_public_key_parts (&pk); release_public_key_parts (&pk);
} }
@ -361,9 +361,9 @@ read_record (ulong recno, TRUSTREC *rec, int rectype )
* Write a record and die on error * Write a record and die on error
*/ */
static void static void
write_record (TRUSTREC *rec) write_record (ctrl_t ctrl, TRUSTREC *rec)
{ {
int rc = tdbio_write_record (rec); int rc = tdbio_write_record (ctrl, rec);
if (rc) if (rc)
{ {
log_error(_("trust record %lu, type %d: write failed: %s\n"), log_error(_("trust record %lu, type %d: write failed: %s\n"),
@ -444,7 +444,7 @@ how_to_fix_the_trustdb ()
* in that case 0 is returned if there is a trustdb or an error code * in that case 0 is returned if there is a trustdb or an error code
* if no trustdb is available. */ * if no trustdb is available. */
gpg_error_t gpg_error_t
init_trustdb (int no_create) init_trustdb (ctrl_t ctrl, int no_create)
{ {
int level = trustdb_args.level; int level = trustdb_args.level;
const char* dbname = trustdb_args.dbname; const char* dbname = trustdb_args.dbname;
@ -456,7 +456,7 @@ init_trustdb (int no_create)
if(level==0 || level==1) if(level==0 || level==1)
{ {
int rc = tdbio_set_dbname (dbname, (!no_create && level), int rc = tdbio_set_dbname (ctrl, dbname, (!no_create && level),
&trustdb_args.no_trustdb); &trustdb_args.no_trustdb);
if (no_create && trustdb_args.no_trustdb) if (no_create && trustdb_args.no_trustdb)
{ {
@ -501,7 +501,7 @@ init_trustdb (int no_create)
/* Verify the list of ultimately trusted keys and move the /* Verify the list of ultimately trusted keys and move the
--trusted-keys list there as well. */ --trusted-keys list there as well. */
if(level==1) if(level==1)
verify_own_keys(); verify_own_keys (ctrl);
if(!tdbio_db_matches_options()) if(!tdbio_db_matches_options())
pending_check_trustdb=1; pending_check_trustdb=1;
@ -515,9 +515,9 @@ init_trustdb (int no_create)
necessary if the trust model is not 'always trust'. Returns true necessary if the trust model is not 'always trust'. Returns true
if we do have a usable trust database. */ if we do have a usable trust database. */
int int
have_trustdb (void) have_trustdb (ctrl_t ctrl)
{ {
return init_trustdb (opt.trust_model == TM_ALWAYS) == 0; return !init_trustdb (ctrl, opt.trust_model == TM_ALWAYS);
} }
@ -529,7 +529,7 @@ have_trustdb (void)
void void
check_trustdb (ctrl_t ctrl) check_trustdb (ctrl_t ctrl)
{ {
init_trustdb (0); init_trustdb (ctrl, 0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU) || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
{ {
@ -566,7 +566,7 @@ check_trustdb (ctrl_t ctrl)
void void
update_trustdb (ctrl_t ctrl) update_trustdb (ctrl_t ctrl)
{ {
init_trustdb (0); init_trustdb (ctrl, 0);
if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU) || opt.trust_model == TM_TOFU_PGP || opt.trust_model == TM_TOFU)
validate_keys (ctrl, 1); validate_keys (ctrl, 1);
@ -576,15 +576,15 @@ update_trustdb (ctrl_t ctrl)
} }
void void
tdb_revalidation_mark (void) tdb_revalidation_mark (ctrl_t ctrl)
{ {
init_trustdb (0); init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return; return;
/* We simply set the time for the next check to 1 (far back in 1970) /* We simply set the time for the next check to 1 (far back in 1970)
so that a --update-trustdb will be scheduled. */ so that a --update-trustdb will be scheduled. */
if (tdbio_write_nextcheck (1)) if (tdbio_write_nextcheck (ctrl, 1))
do_sync (); do_sync ();
pending_check_trustdb = 1; pending_check_trustdb = 1;
} }
@ -610,13 +610,14 @@ tdb_check_or_update (ctrl_t ctrl)
} }
void void
read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, read_trust_options (ctrl_t ctrl,
byte *marginals,byte *completes,byte *cert_depth, byte *trust_model, ulong *created, ulong *nextcheck,
byte *min_cert_level) byte *marginals, byte *completes, byte *cert_depth,
byte *min_cert_level)
{ {
TRUSTREC opts; TRUSTREC opts;
init_trustdb (0); init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
memset (&opts, 0, sizeof opts); memset (&opts, 0, sizeof opts);
else else
@ -643,11 +644,11 @@ read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
***********************************************/ ***********************************************/
static int static int
read_trust_record (PKT_public_key *pk, TRUSTREC *rec) read_trust_record (ctrl_t ctrl, PKT_public_key *pk, TRUSTREC *rec)
{ {
int rc; int rc;
init_trustdb (0); init_trustdb (ctrl, 0);
rc = tdbio_search_trust_bypk (pk, rec); rc = tdbio_search_trust_bypk (pk, rec);
if (rc) if (rc)
{ {
@ -676,7 +677,7 @@ read_trust_record (PKT_public_key *pk, TRUSTREC *rec)
* values but we usually use --always-trust. * values but we usually use --always-trust.
*/ */
unsigned int unsigned int
tdb_get_ownertrust (PKT_public_key *pk, int no_create) tdb_get_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{ {
TRUSTREC rec; TRUSTREC rec;
gpg_error_t err; gpg_error_t err;
@ -687,10 +688,10 @@ tdb_get_ownertrust (PKT_public_key *pk, int no_create)
/* If the caller asked not to create a trustdb we call init_trustdb /* If the caller asked not to create a trustdb we call init_trustdb
* directly and allow it to fail with an error code for a * directly and allow it to fail with an error code for a
* non-existing trustdb. */ * non-existing trustdb. */
if (no_create && init_trustdb (1)) if (no_create && init_trustdb (ctrl, 1))
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
err = read_trust_record (pk, &rec); err = read_trust_record (ctrl, pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */ return TRUST_UNKNOWN; /* no record yet */
if (err) if (err)
@ -704,7 +705,7 @@ tdb_get_ownertrust (PKT_public_key *pk, int no_create)
unsigned int unsigned int
tdb_get_min_ownertrust (PKT_public_key *pk, int no_create) tdb_get_min_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int no_create)
{ {
TRUSTREC rec; TRUSTREC rec;
gpg_error_t err; gpg_error_t err;
@ -715,10 +716,10 @@ tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
/* If the caller asked not to create a trustdb we call init_trustdb /* If the caller asked not to create a trustdb we call init_trustdb
* directly and allow it to fail with an error code for a * directly and allow it to fail with an error code for a
* non-existing trustdb. */ * non-existing trustdb. */
if (no_create && init_trustdb (1)) if (no_create && init_trustdb (ctrl, 1))
return TRUST_UNKNOWN; return TRUST_UNKNOWN;
err = read_trust_record (pk, &rec); err = read_trust_record (ctrl, pk, &rec);
if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
return TRUST_UNKNOWN; /* no record yet */ return TRUST_UNKNOWN; /* no record yet */
if (err) if (err)
@ -736,7 +737,7 @@ tdb_get_min_ownertrust (PKT_public_key *pk, int no_create)
* The key should be a primary one. * The key should be a primary one.
*/ */
void void
tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust ) tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk, unsigned int new_trust )
{ {
TRUSTREC rec; TRUSTREC rec;
gpg_error_t err; gpg_error_t err;
@ -744,7 +745,7 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return; return;
err = read_trust_record (pk, &rec); err = read_trust_record (ctrl, pk, &rec);
if (!err) if (!err)
{ {
if (DBG_TRUST) if (DBG_TRUST)
@ -753,8 +754,8 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
if (rec.r.trust.ownertrust != new_trust) if (rec.r.trust.ownertrust != new_trust)
{ {
rec.r.trust.ownertrust = new_trust; rec.r.trust.ownertrust = new_trust;
write_record( &rec ); write_record (ctrl, &rec);
tdb_revalidation_mark (); tdb_revalidation_mark (ctrl);
do_sync (); do_sync ();
} }
} }
@ -766,12 +767,12 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
log_debug ("insert ownertrust %u\n", new_trust ); log_debug ("insert ownertrust %u\n", new_trust );
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum (); rec.recnum = tdbio_new_recnum (ctrl);
rec.rectype = RECTYPE_TRUST; rec.rectype = RECTYPE_TRUST;
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy); fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.ownertrust = new_trust; rec.r.trust.ownertrust = new_trust;
write_record (&rec); write_record (ctrl, &rec);
tdb_revalidation_mark (); tdb_revalidation_mark (ctrl);
do_sync (); do_sync ();
} }
else else
@ -781,7 +782,7 @@ tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust )
} }
static void static void
update_min_ownertrust (u32 *kid, unsigned int new_trust ) update_min_ownertrust (ctrl_t ctrl, u32 *kid, unsigned int new_trust)
{ {
PKT_public_key *pk; PKT_public_key *pk;
TRUSTREC rec; TRUSTREC rec;
@ -791,7 +792,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
return; return;
pk = xmalloc_clear (sizeof *pk); pk = xmalloc_clear (sizeof *pk);
err = get_pubkey (pk, kid); err = get_pubkey (ctrl, pk, kid);
if (err) if (err)
{ {
log_error (_("public key %s not found: %s\n"), log_error (_("public key %s not found: %s\n"),
@ -799,7 +800,7 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
return; return;
} }
err = read_trust_record (pk, &rec); err = read_trust_record (ctrl, pk, &rec);
if (!err) if (!err)
{ {
if (DBG_TRUST) if (DBG_TRUST)
@ -810,8 +811,8 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
if (rec.r.trust.min_ownertrust != new_trust) if (rec.r.trust.min_ownertrust != new_trust)
{ {
rec.r.trust.min_ownertrust = new_trust; rec.r.trust.min_ownertrust = new_trust;
write_record( &rec ); write_record (ctrl, &rec);
tdb_revalidation_mark (); tdb_revalidation_mark (ctrl);
do_sync (); do_sync ();
} }
} }
@ -823,12 +824,12 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
log_debug ("insert min_ownertrust %u\n", new_trust ); log_debug ("insert min_ownertrust %u\n", new_trust );
memset (&rec, 0, sizeof rec); memset (&rec, 0, sizeof rec);
rec.recnum = tdbio_new_recnum (); rec.recnum = tdbio_new_recnum (ctrl);
rec.rectype = RECTYPE_TRUST; rec.rectype = RECTYPE_TRUST;
fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy); fingerprint_from_pk (pk, rec.r.trust.fingerprint, &dummy);
rec.r.trust.min_ownertrust = new_trust; rec.r.trust.min_ownertrust = new_trust;
write_record (&rec); write_record (ctrl, &rec);
tdb_revalidation_mark (); tdb_revalidation_mark (ctrl);
do_sync (); do_sync ();
} }
else else
@ -844,17 +845,17 @@ update_min_ownertrust (u32 *kid, unsigned int new_trust )
* Return: True if a change actually happened. * Return: True if a change actually happened.
*/ */
int int
tdb_clear_ownertrusts (PKT_public_key *pk) tdb_clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk)
{ {
TRUSTREC rec; TRUSTREC rec;
gpg_error_t err; gpg_error_t err;
init_trustdb (0); init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS) if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
return 0; return 0;
err = read_trust_record (pk, &rec); err = read_trust_record (ctrl, pk, &rec);
if (!err) if (!err)
{ {
if (DBG_TRUST) if (DBG_TRUST)
@ -868,8 +869,8 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
{ {
rec.r.trust.ownertrust = 0; rec.r.trust.ownertrust = 0;
rec.r.trust.min_ownertrust = 0; rec.r.trust.min_ownertrust = 0;
write_record( &rec ); write_record (ctrl, &rec);
tdb_revalidation_mark (); tdb_revalidation_mark (ctrl);
do_sync (); do_sync ();
return 1; return 1;
} }
@ -885,7 +886,7 @@ tdb_clear_ownertrusts (PKT_public_key *pk)
* Note: Caller has to do a sync * Note: Caller has to do a sync
*/ */
static void static void
update_validity (PKT_public_key *pk, PKT_user_id *uid, update_validity (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid,
int depth, int validity) int depth, int validity)
{ {
TRUSTREC trec, vrec; TRUSTREC trec, vrec;
@ -894,7 +895,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
namehash_from_uid(uid); namehash_from_uid(uid);
err = read_trust_record (pk, &trec); err = read_trust_record (ctrl, pk, &trec);
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND) if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
{ {
tdbio_invalid (); tdbio_invalid ();
@ -906,7 +907,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
size_t dummy; size_t dummy;
memset (&trec, 0, sizeof trec); memset (&trec, 0, sizeof trec);
trec.recnum = tdbio_new_recnum (); trec.recnum = tdbio_new_recnum (ctrl);
trec.rectype = RECTYPE_TRUST; trec.rectype = RECTYPE_TRUST;
fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy); fingerprint_from_pk (pk, trec.r.trust.fingerprint, &dummy);
trec.r.trust.ownertrust = 0; trec.r.trust.ownertrust = 0;
@ -925,7 +926,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
if (!recno) /* insert a new validity record */ if (!recno) /* insert a new validity record */
{ {
memset (&vrec, 0, sizeof vrec); memset (&vrec, 0, sizeof vrec);
vrec.recnum = tdbio_new_recnum (); vrec.recnum = tdbio_new_recnum (ctrl);
vrec.rectype = RECTYPE_VALID; vrec.rectype = RECTYPE_VALID;
memcpy (vrec.r.valid.namehash, uid->namehash, 20); memcpy (vrec.r.valid.namehash, uid->namehash, 20);
vrec.r.valid.next = trec.r.trust.validlist; vrec.r.valid.next = trec.r.trust.validlist;
@ -934,9 +935,9 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
vrec.r.valid.validity = validity; vrec.r.valid.validity = validity;
vrec.r.valid.full_count = uid->help_full_count; vrec.r.valid.full_count = uid->help_full_count;
vrec.r.valid.marginal_count = uid->help_marginal_count; vrec.r.valid.marginal_count = uid->help_marginal_count;
write_record (&vrec); write_record (ctrl, &vrec);
trec.r.trust.depth = depth; trec.r.trust.depth = depth;
write_record (&trec); write_record (ctrl, &trec);
} }
@ -947,7 +948,7 @@ update_validity (PKT_public_key *pk, PKT_user_id *uid,
/* Return true if key is disabled. Note that this is usually used via /* Return true if key is disabled. Note that this is usually used via
the pk_is_disabled macro. */ the pk_is_disabled macro. */
int int
tdb_cache_disabled_value (PKT_public_key *pk) tdb_cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk)
{ {
gpg_error_t err; gpg_error_t err;
TRUSTREC trec; TRUSTREC trec;
@ -956,12 +957,12 @@ tdb_cache_disabled_value (PKT_public_key *pk)
if (pk->flags.disabled_valid) if (pk->flags.disabled_valid)
return pk->flags.disabled; return pk->flags.disabled;
init_trustdb (0); init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb) if (trustdb_args.no_trustdb)
return 0; /* No trustdb => not disabled. */ return 0; /* No trustdb => not disabled. */
err = read_trust_record (pk, &trec); err = read_trust_record (ctrl, pk, &trec);
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND) if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
{ {
tdbio_invalid (); tdbio_invalid ();
@ -991,7 +992,7 @@ tdb_check_trustdb_stale (ctrl_t ctrl)
{ {
static int did_nextcheck=0; static int did_nextcheck=0;
init_trustdb (0); init_trustdb (ctrl, 0);
if (trustdb_args.no_trustdb) if (trustdb_args.no_trustdb)
return; /* No trustdb => can't be stale. */ return; /* No trustdb => can't be stale. */
@ -1062,7 +1063,7 @@ tdb_get_validity_core (ctrl_t ctrl,
(void)may_ask; (void)may_ask;
#endif #endif
init_trustdb (0); init_trustdb (ctrl, 0);
/* If we have no trustdb (which also means it has not been created) /* If we have no trustdb (which also means it has not been created)
and the trust-model is always, we don't know the validity - and the trust-model is always, we don't know the validity -
@ -1077,7 +1078,7 @@ tdb_get_validity_core (ctrl_t ctrl,
{ {
/* Note that this happens BEFORE any user ID stuff is checked. /* Note that this happens BEFORE any user ID stuff is checked.
The direct trust model applies to keys as a whole. */ The direct trust model applies to keys as a whole. */
validity = tdb_get_ownertrust (main_pk, 0); validity = tdb_get_ownertrust (ctrl, main_pk, 0);
goto leave; goto leave;
} }
@ -1093,7 +1094,7 @@ tdb_get_validity_core (ctrl_t ctrl,
{ {
if (! kb) if (! kb)
{ {
kb = get_pubkeyblock (main_pk->keyid); kb = get_pubkeyblock (ctrl, main_pk->keyid);
free_kb = 1; free_kb = 1;
} }
n = kb; n = kb;
@ -1201,7 +1202,7 @@ tdb_get_validity_core (ctrl_t ctrl,
|| opt.trust_model == TM_CLASSIC || opt.trust_model == TM_CLASSIC
|| opt.trust_model == TM_PGP) || opt.trust_model == TM_PGP)
{ {
err = read_trust_record (main_pk, &trec); err = read_trust_record (ctrl, main_pk, &trec);
if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND) if (err && gpg_err_code (err) != GPG_ERR_NOT_FOUND)
{ {
tdbio_invalid (); tdbio_invalid ();
@ -1277,7 +1278,7 @@ tdb_get_validity_core (ctrl_t ctrl,
static void static void
get_validity_counts (PKT_public_key *pk, PKT_user_id *uid) get_validity_counts (ctrl_t ctrl, PKT_public_key *pk, PKT_user_id *uid)
{ {
TRUSTREC trec, vrec; TRUSTREC trec, vrec;
ulong recno; ulong recno;
@ -1289,9 +1290,9 @@ get_validity_counts (PKT_public_key *pk, PKT_user_id *uid)
uid->help_marginal_count=uid->help_full_count=0; uid->help_marginal_count=uid->help_full_count=0;
init_trustdb (0); init_trustdb (ctrl, 0);
if(read_trust_record (pk, &trec)) if(read_trust_record (ctrl, pk, &trec))
return; return;
/* loop over all user IDs */ /* loop over all user IDs */
@ -1375,7 +1376,7 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
int ot; int ot;
pk = xmalloc_clear (sizeof *pk); pk = xmalloc_clear (sizeof *pk);
rc = get_pubkey (pk, kid); rc = get_pubkey (ctrl, pk, kid);
if (rc) if (rc)
{ {
log_error (_("public key %s not found: %s\n"), log_error (_("public key %s not found: %s\n"),
@ -1387,14 +1388,14 @@ ask_ownertrust (ctrl_t ctrl, u32 *kid, int minimum)
{ {
log_info("force trust for key %s to %s\n", log_info("force trust for key %s to %s\n",
keystr(kid),trust_value_to_string(opt.force_ownertrust)); keystr(kid),trust_value_to_string(opt.force_ownertrust));
tdb_update_ownertrust (pk, opt.force_ownertrust); tdb_update_ownertrust (ctrl, pk, opt.force_ownertrust);
ot=opt.force_ownertrust; ot=opt.force_ownertrust;
} }
else else
{ {
ot=edit_ownertrust (ctrl, pk, 0); ot=edit_ownertrust (ctrl, pk, 0);
if(ot>0) if(ot>0)
ot = tdb_get_ownertrust (pk, 0); ot = tdb_get_ownertrust (ctrl, pk, 0);
else if(ot==0) else if(ot==0)
ot = minimum?minimum:TRUST_UNDEFINED; ot = minimum?minimum:TRUST_UNDEFINED;
else else
@ -1460,7 +1461,8 @@ dump_key_array (int depth, struct key_array *keys)
static void static void
store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored) store_validation_status (ctrl_t ctrl, int depth,
kbnode_t keyblock, KeyHashTable stored)
{ {
KBNODE node; KBNODE node;
int status; int status;
@ -1482,7 +1484,7 @@ store_validation_status (int depth, KBNODE keyblock, KeyHashTable stored)
if (status) if (status)
{ {
update_validity (keyblock->pkt->pkt.public_key, update_validity (ctrl, keyblock->pkt->pkt.public_key,
uid, depth, status); uid, depth, status);
mark_keyblock_seen(stored,keyblock); mark_keyblock_seen(stored,keyblock);
@ -1619,7 +1621,7 @@ check_regexp(const char *expr,const char *string)
* This function assumes that all kbnode flags are cleared on entry. * This function assumes that all kbnode flags are cleared on entry.
*/ */
static int static int
validate_one_keyblock (KBNODE kb, struct key_item *klist, validate_one_keyblock (ctrl_t ctrl, kbnode_t kb, struct key_item *klist,
u32 curtime, u32 *next_expire) u32 curtime, u32 *next_expire)
{ {
struct key_item *kr; struct key_item *kr;
@ -1666,8 +1668,8 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
*next_expire = uid->expiredate; *next_expire = uid->expiredate;
issigned = 0; issigned = 0;
get_validity_counts(pk,uid); get_validity_counts (ctrl, pk, uid);
mark_usable_uid_certs (kb, uidnode, main_kid, klist, mark_usable_uid_certs (ctrl, kb, uidnode, main_kid, klist,
curtime, next_expire); curtime, next_expire);
} }
else if (node->pkt->pkttype == PKT_SIGNATURE else if (node->pkt->pkttype == PKT_SIGNATURE
@ -1799,7 +1801,7 @@ search_skipfnc (void *opaque, u32 *kid, int dummy_uid_no)
* Caller hast to release the returned array. * Caller hast to release the returned array.
*/ */
static struct key_array * static struct key_array *
validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, validate_key_list (ctrl_t ctrl, KEYDB_HANDLE hd, KeyHashTable full_trust,
struct key_item *klist, u32 curtime, u32 *next_expire) struct key_item *klist, u32 curtime, u32 *next_expire)
{ {
KBNODE keyblock = NULL; KBNODE keyblock = NULL;
@ -1858,7 +1860,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
} }
/* prepare the keyblock for further processing */ /* prepare the keyblock for further processing */
merge_keys_and_selfsig (keyblock); merge_keys_and_selfsig (ctrl, keyblock);
clear_kbnode_flags (keyblock); clear_kbnode_flags (keyblock);
pk = keyblock->pkt->pkt.public_key; pk = keyblock->pkt->pkt.public_key;
if (pk->has_expired || pk->flags.revoked) if (pk->has_expired || pk->flags.revoked)
@ -1866,7 +1868,8 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
/* it does not make sense to look further at those keys */ /* it does not make sense to look further at those keys */
mark_keyblock_seen (full_trust, keyblock); mark_keyblock_seen (full_trust, keyblock);
} }
else if (validate_one_keyblock (keyblock, klist, curtime, next_expire)) else if (validate_one_keyblock (ctrl, keyblock, klist,
curtime, next_expire))
{ {
KBNODE node; KBNODE node;
@ -1915,7 +1918,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust,
/* Caller must sync */ /* Caller must sync */
static void static void
reset_trust_records(void) reset_trust_records (ctrl_t ctrl)
{ {
TRUSTREC rec; TRUSTREC rec;
ulong recnum; ulong recnum;
@ -1929,7 +1932,7 @@ reset_trust_records(void)
if(rec.r.trust.min_ownertrust) if(rec.r.trust.min_ownertrust)
{ {
rec.r.trust.min_ownertrust=0; rec.r.trust.min_ownertrust=0;
write_record(&rec); write_record (ctrl, &rec);
} }
} }
@ -1941,7 +1944,7 @@ reset_trust_records(void)
rec.r.valid.validity &= ~TRUST_MASK; rec.r.valid.validity &= ~TRUST_MASK;
rec.r.valid.marginal_count=rec.r.valid.full_count=0; rec.r.valid.marginal_count=rec.r.valid.full_count=0;
nreset++; nreset++;
write_record(&rec); write_record (ctrl, &rec);
} }
} }
@ -2002,7 +2005,7 @@ validate_keys (ctrl_t ctrl, int interactive)
Perhaps combine this with reset_trust_records(), or only check Perhaps combine this with reset_trust_records(), or only check
the caches on keys that are actually involved in the web of the caches on keys that are actually involved in the web of
trust. */ trust. */
keydb_rebuild_caches(0); keydb_rebuild_caches (ctrl, 0);
kdb = keydb_new (); kdb = keydb_new ();
if (!kdb) if (!kdb)
@ -2014,7 +2017,7 @@ validate_keys (ctrl_t ctrl, int interactive)
used = new_key_hash_table (); used = new_key_hash_table ();
full_trust = new_key_hash_table (); full_trust = new_key_hash_table ();
reset_trust_records(); reset_trust_records (ctrl);
/* Fixme: Instead of always building a UTK list, we could just build it /* Fixme: Instead of always building a UTK list, we could just build it
* here when needed */ * here when needed */
@ -2032,7 +2035,7 @@ validate_keys (ctrl_t ctrl, int interactive)
KBNODE keyblock; KBNODE keyblock;
PKT_public_key *pk; PKT_public_key *pk;
keyblock = get_pubkeyblock (k->kid); keyblock = get_pubkeyblock (ctrl, k->kid);
if (!keyblock) if (!keyblock)
{ {
log_error (_("public key of ultimately" log_error (_("public key of ultimately"
@ -2046,7 +2049,8 @@ validate_keys (ctrl_t ctrl, int interactive)
for (node=keyblock; node; node = node->next) for (node=keyblock; node; node = node->next)
{ {
if (node->pkt->pkttype == PKT_USER_ID) if (node->pkt->pkttype == PKT_USER_ID)
update_validity (pk, node->pkt->pkt.user_id, 0, TRUST_ULTIMATE); update_validity (ctrl, pk, node->pkt->pkt.user_id,
0, TRUST_ULTIMATE);
} }
if ( pk->expiredate && pk->expiredate >= start_time if ( pk->expiredate && pk->expiredate >= start_time
&& pk->expiredate < next_expire) && pk->expiredate < next_expire)
@ -2086,7 +2090,7 @@ validate_keys (ctrl_t ctrl, int interactive)
min=TRUST_MARGINAL; min=TRUST_MARGINAL;
if(min!=k->min_ownertrust) if(min!=k->min_ownertrust)
update_min_ownertrust(k->kid,min); update_min_ownertrust (ctrl, k->kid,min);
if (interactive && k->ownertrust == TRUST_UNKNOWN) if (interactive && k->ownertrust == TRUST_UNKNOWN)
{ {
@ -2132,7 +2136,7 @@ validate_keys (ctrl_t ctrl, int interactive)
} }
/* Find all keys which are signed by a key in kdlist */ /* Find all keys which are signed by a key in kdlist */
keys = validate_key_list (kdb, full_trust, klist, keys = validate_key_list (ctrl, kdb, full_trust, klist,
start_time, &next_expire); start_time, &next_expire);
if (!keys) if (!keys)
{ {
@ -2149,7 +2153,7 @@ validate_keys (ctrl_t ctrl, int interactive)
dump_key_array (depth, keys); dump_key_array (depth, keys);
for (kar=keys; kar->keyblock; kar++) for (kar=keys; kar->keyblock; kar++)
store_validation_status (depth, kar->keyblock, stored); store_validation_status (ctrl, depth, kar->keyblock, stored);
if (!opt.quiet) if (!opt.quiet)
log_info (_("depth: %d valid: %3d signed: %3d" log_info (_("depth: %d valid: %3d signed: %3d"
@ -2183,9 +2187,10 @@ validate_keys (ctrl_t ctrl, int interactive)
k->kid[1]=kid[1]; k->kid[1]=kid[1];
k->ownertrust = k->ownertrust =
(tdb_get_ownertrust (tdb_get_ownertrust
(kar->keyblock->pkt->pkt.public_key, 0) & TRUST_MASK); (ctrl, kar->keyblock->pkt->pkt.public_key, 0)
& TRUST_MASK);
k->min_ownertrust = tdb_get_min_ownertrust k->min_ownertrust = tdb_get_min_ownertrust
(kar->keyblock->pkt->pkt.public_key, 0); (ctrl, kar->keyblock->pkt->pkt.public_key, 0);
k->trust_depth= k->trust_depth=
kar->keyblock->pkt->pkt.public_key->trust_depth; kar->keyblock->pkt->pkt.public_key->trust_depth;
k->trust_value= k->trust_value=
@ -2220,16 +2225,16 @@ validate_keys (ctrl_t ctrl, int interactive)
int rc2; int rc2;
if (next_expire == 0xffffffff || next_expire < start_time ) if (next_expire == 0xffffffff || next_expire < start_time )
tdbio_write_nextcheck (0); tdbio_write_nextcheck (ctrl, 0);
else else
{ {
tdbio_write_nextcheck (next_expire); tdbio_write_nextcheck (ctrl, next_expire);
if (!opt.quiet) if (!opt.quiet)
log_info (_("next trustdb check due at %s\n"), log_info (_("next trustdb check due at %s\n"),
strtimestamp (next_expire)); strtimestamp (next_expire));
} }
rc2 = tdbio_update_version_record (); rc2 = tdbio_update_version_record (ctrl);
if (rc2) if (rc2)
{ {
log_error (_("unable to update trustdb version record: " log_error (_("unable to update trustdb version record: "

56
g10/trustdb.h
View File

@ -77,7 +77,7 @@ is_in_klist (struct key_item *k, PKT_signature *sig)
/*-- trust.c --*/ /*-- trust.c --*/
int cache_disabled_value (PKT_public_key *pk); int cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk);
void register_trusted_keyid (u32 *keyid); void register_trusted_keyid (u32 *keyid);
void register_trusted_key (const char *string); void register_trusted_key (const char *string);
@ -86,11 +86,12 @@ int string_to_trust_value (const char *str);
const char *uid_trust_string_fixed (ctrl_t ctrl, const char *uid_trust_string_fixed (ctrl_t ctrl,
PKT_public_key *key, PKT_user_id *uid); PKT_public_key *key, PKT_user_id *uid);
unsigned int get_ownertrust (PKT_public_key *pk); unsigned int get_ownertrust (ctrl_t ctrl, PKT_public_key *pk);
void update_ownertrust (PKT_public_key *pk, unsigned int new_trust); void update_ownertrust (ctrl_t ctrl,
int clear_ownertrusts (PKT_public_key *pk); PKT_public_key *pk, unsigned int new_trust);
int clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk);
void revalidation_mark (void); void revalidation_mark (ctrl_t ctrl);
void check_trustdb_stale (ctrl_t ctrl); void check_trustdb_stale (ctrl_t ctrl);
void check_or_update_trustdb (ctrl_t ctrl); void check_or_update_trustdb (ctrl_t ctrl);
@ -102,14 +103,14 @@ int get_validity_info (ctrl_t ctrl, kbnode_t kb, PKT_public_key *pk,
const char *get_validity_string (ctrl_t ctrl, const char *get_validity_string (ctrl_t ctrl,
PKT_public_key *pk, PKT_user_id *uid); PKT_public_key *pk, PKT_user_id *uid);
void mark_usable_uid_certs (kbnode_t keyblock, kbnode_t uidnode, void mark_usable_uid_certs (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
u32 *main_kid, struct key_item *klist, u32 *main_kid, struct key_item *klist,
u32 curtime, u32 *next_expire); u32 curtime, u32 *next_expire);
void clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, void clean_one_uid (ctrl_t ctrl, kbnode_t keyblock, kbnode_t uidnode,
int noisy, int self_only, int noisy, int self_only,
int *uids_cleaned, int *sigs_cleaned); int *uids_cleaned, int *sigs_cleaned);
void clean_key (kbnode_t keyblock, int noisy, int self_only, void clean_key (ctrl_t ctrl, kbnode_t keyblock, int noisy, int self_only,
int *uids_cleaned,int *sigs_cleaned); int *uids_cleaned,int *sigs_cleaned);
@ -127,16 +128,14 @@ void update_trustdb (ctrl_t ctrl);
int setup_trustdb( int level, const char *dbname ); int setup_trustdb( int level, const char *dbname );
void how_to_fix_the_trustdb (void); void how_to_fix_the_trustdb (void);
const char *trust_model_string (int model); const char *trust_model_string (int model);
gpg_error_t init_trustdb (int no_create); gpg_error_t init_trustdb (ctrl_t ctrl, int no_create);
int have_trustdb (void); int have_trustdb (ctrl_t ctrl);
void tdb_check_trustdb_stale (ctrl_t ctrl); void tdb_check_trustdb_stale (ctrl_t ctrl);
void sync_trustdb( void ); void tdb_revalidation_mark (ctrl_t ctrl);
void tdb_revalidation_mark (void);
int trustdb_pending_check(void); int trustdb_pending_check(void);
void tdb_check_or_update (ctrl_t ctrl); void tdb_check_or_update (ctrl_t ctrl);
int tdb_cache_disabled_value (PKT_public_key *pk); int tdb_cache_disabled_value (ctrl_t ctrl, PKT_public_key *pk);
unsigned int tdb_get_validity_core (ctrl_t ctrl, kbnode_t kb, unsigned int tdb_get_validity_core (ctrl_t ctrl, kbnode_t kb,
PKT_public_key *pk, PKT_user_id *uid, PKT_public_key *pk, PKT_user_id *uid,
@ -149,22 +148,27 @@ int enum_cert_paths( void **context, ulong *lid,
void enum_cert_paths_print( void **context, FILE *fp, void enum_cert_paths_print( void **context, FILE *fp,
int refresh, ulong selected_lid ); int refresh, ulong selected_lid );
void read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck, void read_trust_options (ctrl_t ctrl, byte *trust_model,
byte *marginals,byte *completes,byte *cert_depth, ulong *created, ulong *nextcheck,
byte *min_cert_level); byte *marginals, byte *completes, byte *cert_depth,
byte *min_cert_level);
unsigned int tdb_get_ownertrust (PKT_public_key *pk, int no_create); unsigned int tdb_get_ownertrust (ctrl_t ctrl, PKT_public_key *pk,
unsigned int tdb_get_min_ownertrust (PKT_public_key *pk, int no_create); int no_create);
int get_ownertrust_info (PKT_public_key *pk, int no_create); unsigned int tdb_get_min_ownertrust (ctrl_t ctrl, PKT_public_key *pk,
const char *get_ownertrust_string (PKT_public_key *pk, int no_create); int no_create);
int get_ownertrust_info (ctrl_t ctrl, PKT_public_key *pk, int no_create);
const char *get_ownertrust_string (ctrl_t ctrl,
PKT_public_key *pk, int no_create);
void tdb_update_ownertrust (PKT_public_key *pk, unsigned int new_trust); void tdb_update_ownertrust (ctrl_t ctrl, PKT_public_key *pk,
int tdb_clear_ownertrusts (PKT_public_key *pk); unsigned int new_trust);
int tdb_clear_ownertrusts (ctrl_t ctrl, PKT_public_key *pk);
/*-- tdbdump.c --*/ /*-- tdbdump.c --*/
void list_trustdb (estream_t fp, const char *username); void list_trustdb (ctrl_t ctrl, estream_t fp, const char *username);
void export_ownertrust(void); void export_ownertrust (ctrl_t ctrl);
void import_ownertrust(const char *fname); void import_ownertrust (ctrl_t ctrl, const char *fname);
/*-- pkclist.c --*/ /*-- pkclist.c --*/
int edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode); int edit_ownertrust (ctrl_t ctrl, PKT_public_key *pk, int mode);