gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.

* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit f7526c7bc754acf68bde0b79c785e875a9365d60)

1 files changed, 45 insertions, 2 deletions

diff --git a/g10/getkey.c b/g10/getkey.c
index 7c407dd0c..d76e7cc77 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -677,6 +677,24 @@ pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
 }
 
 
+/* Specialized version of get_pubkey which retrieves the key based on
+ * information in SIG.  In contrast to get_pubkey PK is required.  */
+gpg_error_t
+get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
+{
+  const byte *fpr;
+  size_t fprlen;
+
+  /* First try the new ISSUER_FPR info.  */
+  fpr = issuer_fpr_raw (sig, &fprlen);
+  if (fpr && !get_pubkey_byfprint (ctrl, pk, NULL, fpr, fprlen))
+    return 0;
+
+  /* Fallback to use the ISSUER_KEYID.  */
+  return get_pubkey (ctrl, pk, sig->keyid);
+}
+
+
 /* Return the public key with the key id KEYID and store it at PK.
  * The resources in *PK should be released using
  * release_public_key_parts().  This function also stores a copy of
@@ -739,8 +757,9 @@ get_pubkey (ctrl_t ctrl, PKT_public_key * pk, u32 * keyid)
   /* Do a lookup.  */
   {
     struct getkey_ctx_s ctx;
-    KBNODE kb = NULL;
-    KBNODE found_key = NULL;
+    kbnode_t kb = NULL;
+    kbnode_t found_key = NULL;
+
     memset (&ctx, 0, sizeof ctx);
     ctx.exact = 1; /* Use the key ID exactly as given.  */
     ctx.not_allocated = 1;
@@ -863,6 +882,28 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
 }
 
 
+/* Return the entire keyblock used to create SIG.  This is a
+ * specialized version of get_pubkeyblock.
+ *
+ * FIXME: This is a hack because get_pubkey_for_sig was already called
+ * and it could have used a cache to hold the key.  */
+kbnode_t
+get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig)
+{
+  const byte *fpr;
+  size_t fprlen;
+  kbnode_t keyblock;
+
+  /* First try the new ISSUER_FPR info.  */
+  fpr = issuer_fpr_raw (sig, &fprlen);
+  if (fpr && !get_pubkey_byfprint (ctrl, NULL, &keyblock, fpr, fprlen))
+    return keyblock;
+
+  /* Fallback to use the ISSUER_KEYID.  */
+  return get_pubkeyblock (ctrl, sig->keyid);
+}
+
+
 /* Return the key block for the key with key id KEYID or NULL, if an
  * error occurs.  Use release_kbnode() to release the key block.
  *
@@ -1802,6 +1843,8 @@ get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
       memset (&ctx, 0, sizeof ctx);
       ctx.exact = 1;
       ctx.not_allocated = 1;
+      /* FIXME: We should get the handle from the cache like we do in
+       * get_pubkey.  */
       ctx.kr_handle = keydb_new ();
       if (!ctx.kr_handle)
         return gpg_error_from_syserror ();