From f7526c7bc754acf68bde0b79c785e875a9365d60 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 5 Jul 2018 20:55:32 +0200
Subject: gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.

* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/keydb.h | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'g10/keydb.h')

diff --git a/g10/keydb.h b/g10/keydb.h
index bd156a6a3..ea0fa9ddd 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -283,6 +283,10 @@ void cache_public_key( PKT_public_key *pk );
 /* Disable and drop the public key cache.  */
 void getkey_disable_caches(void);
 
+/* Return the public key used for signature SIG and store it at PK.  */
+gpg_error_t get_pubkey_for_sig (ctrl_t ctrl,
+                                PKT_public_key *pk, PKT_signature *sig);
+
 /* Return the public key with the key id KEYID and store it at PK.  */
 int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
 
@@ -291,6 +295,10 @@ int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
    also only considers primary keys.  */
 int get_pubkey_fast (PKT_public_key *pk, u32 *keyid);
 
+/* Return the entire keyblock used to create SIG.  This is a
+ * specialized version of get_pubkeyblock.  */
+kbnode_t get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig);
+
 /* Return the key block for the key with KEYID.  */
 kbnode_t get_pubkeyblock (ctrl_t ctrl, u32 *keyid);
 
-- 
cgit v1.2.3


From 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 6 Jul 2018 11:40:16 +0200
Subject: gpg: Move key cleaning functions to a separate file.

* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/keydb.h | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'g10/keydb.h')

diff --git a/g10/keydb.h b/g10/keydb.h
index ea0fa9ddd..9748e571e 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -64,6 +64,20 @@ struct kbnode_struct {
 #define is_cloned_kbnode(a)   ((a)->private_flag & 2)
 
 
+/*
+ * A structure to store key identification as well as some stuff
+ * needed for key validation.
+ */
+struct key_item {
+  struct key_item *next;
+  unsigned int ownertrust,min_ownertrust;
+  byte trust_depth;
+  byte trust_value;
+  char *trust_regexp;
+  u32 kid[2];
+};
+
+
 /* Bit flags used with build_pk_list.  */
 enum
   {
@@ -133,6 +147,22 @@ enum
   };
 
 
+/*
+ * Check whether the signature SIG is in the klist K.
+ */
+static inline struct key_item *
+is_in_klist (struct key_item *k, PKT_signature *sig)
+{
+  for (; k; k = k->next)
+    {
+      if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
+        return k;
+    }
+  return NULL;
+}
+
+
+
 /*-- keydb.c --*/
 
 #define KEYDB_RESOURCE_FLAG_PRIMARY  2  /* The primary resource.  */
-- 
cgit v1.2.3