gpg: Actually encrypt to ADSKs.

* g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock. * g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys. -- GnuPG-bug-id: 6395
author: Werner Koch <wk@gnupg.org> 2023-03-01 18:56:29 +0100
committer: Werner Koch <wk@gnupg.org> 2023-03-01 19:16:12 +0100
commit: ef5a48dd5178f61fd0ab1801d980102b2fe4d464 (patch)
tree: 549164d86c012114c5f04376ecd62bfb38a980fe
parent: gpg: Allow adding of Additional Decryption Subkeys. (diff)
download: gnupg2-ef5a48dd5178f61fd0ab1801d980102b2fe4d464.tar.xz
gnupg2-ef5a48dd5178f61fd0ab1801d980102b2fe4d464.zip
3 files changed, 39 insertions, 14 deletions
diff --git a/g10/getkey.c b/g10/getkey.c
index 3e94875b2..1b37c597d 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1718,7 +1718,8 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
  *
  * This function returns 0 on success.  Otherwise, an error code is
  * returned.  In particular, GPG_ERR_NO_PUBKEY is returned if the key
- * is not found.
+ * is not found.  If R_KEYBLOCK is not NULL and a key was found the
+ * keyblock is stored there; otherwiese NULL is stored there.
  *
  * The self-signed data has already been merged into the public key
  * using merge_selfsigs.  The caller must release the content of PK by
@@ -1726,13 +1727,17 @@ get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
  * free_public_key).
  */
 gpg_error_t
-get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
+get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname,
+                     kbnode_t *r_keyblock)
 {
   gpg_error_t err;
   kbnode_t keyblock;
   kbnode_t found_key;
   unsigned int infoflags;
 
+  if (r_keyblock)
+    *r_keyblock = NULL;
+
   err = read_key_from_file_or_buffer (ctrl, fname, NULL, 0, &keyblock);
   if (!err)
     {
@@ -1747,7 +1752,10 @@ get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
         err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
     }
 
-  release_kbnode (keyblock);
+  if (!err && r_keyblock)
+    *r_keyblock = keyblock;
+  else
+    release_kbnode (keyblock);
   return err;
 }
 
diff --git a/g10/keydb.h b/g10/keydb.h
index edbae5c3c..9323e3137 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -391,7 +391,8 @@ gpg_error_t get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
 
 /* Get a public key directly from file FNAME.  */
 gpg_error_t get_pubkey_fromfile (ctrl_t ctrl,
-                                 PKT_public_key *pk, const char *fname);
+                                 PKT_public_key *pk, const char *fname,
+                                 kbnode_t *r_keyblock);
 
 /* Get a public key from a buffer.  */
 gpg_error_t get_pubkey_from_buffer (ctrl_t ctrl, PKT_public_key *pkbuf,
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 459e7595a..2e8932b9c 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -845,7 +845,8 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
 {
   int rc;
   PKT_public_key *pk;
-  KBNODE keyblock = NULL;
+  kbnode_t keyblock = NULL;
+  kbnode_t node;
 
   if (!name || !*name)
     return gpg_error (GPG_ERR_INV_USER_ID);
@@ -856,7 +857,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
   pk->req_usage = use;
 
   if (from_file)
-    rc = get_pubkey_fromfile (ctrl, pk, name);
+    rc = get_pubkey_fromfile (ctrl, pk, name, &keyblock);
   else
     rc = get_best_pubkey_byname (ctrl, GET_PUBKEY_NORMAL,
                                  NULL, pk, name, &keyblock, 0);
@@ -895,10 +896,10 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
       int trustlevel;
 
       trustlevel = get_validity (ctrl, keyblock, pk, pk->user_id, NULL, 1);
-      release_kbnode (keyblock);
       if ( (trustlevel & TRUST_FLAG_DISABLED) )
         {
           /* Key has been disabled. */
+          release_kbnode (keyblock);
           send_status_inv_recp (13, name);
           log_info (_("%s: skipped: public key is disabled\n"), name);
           free_public_key (pk);
@@ -908,6 +909,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
       if ( !do_we_trust_pre (ctrl, pk, trustlevel) )
         {
           /* We don't trust this key.  */
+          release_kbnode (keyblock);
           send_status_inv_recp (10, name);
           free_public_key (pk);
           return GPG_ERR_UNUSABLE_PUBKEY;
@@ -926,19 +928,33 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
     {
       pk_list_t r;
 
-      r = xtrymalloc (sizeof *r);
-      if (!r)
-        {
-          rc = gpg_error_from_syserror ();
-          free_public_key (pk);
-          return rc;
-        }
+      r = xmalloc (sizeof *r);
       r->pk = pk;
       r->next = *pk_list_addr;
       r->flags = mark_hidden? 1:0;
       *pk_list_addr = r;
     }
 
+  for (node = keyblock; node; node = node->next)
+    if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+        && ((pk=node->pkt->pkt.public_key)->pubkey_usage & PUBKEY_USAGE_RENC)
+        && pk->flags.valid
+        && !pk->flags.revoked
+        && !pk->flags.disabled
+        && !pk->has_expired
+        && key_present_in_pk_list (*pk_list_addr, pk))
+      {
+        pk_list_t r;
+
+        r = xmalloc (sizeof *r);
+        r->pk = copy_public_key (NULL, pk);
+        r->next = *pk_list_addr;
+        r->flags = mark_hidden? 1:0;  /* FIXME: Use PK_LIST_HIDDEN ? */
+        *pk_list_addr = r;
+      }
+
+
+  release_kbnode (keyblock);
   return 0;
 }
author	Werner Koch <wk@gnupg.org>	2023-03-01 18:56:29 +0100
committer	Werner Koch <wk@gnupg.org>	2023-03-01 19:16:12 +0100
commit	ef5a48dd5178f61fd0ab1801d980102b2fe4d464 (patch)
tree	549164d86c012114c5f04376ecd62bfb38a980fe
parent	gpg: Allow adding of Additional Decryption Subkeys. (diff)
download	gnupg2-ef5a48dd5178f61fd0ab1801d980102b2fe4d464.tar.xz gnupg2-ef5a48dd5178f61fd0ab1801d980102b2fe4d464.zip