fix: Don't treat forged outgoing messages as Autocrypt-encrypted

src/decrypt.rs

@@ -12,7 +12,7 @@ use crate::authres::{self, DkimResults};
 use crate::contact::addr_cmp;
 use crate::context::Context;
 use crate::headerdef::{HeaderDef, HeaderDefMap};
-use crate::key::{DcKey, Fingerprint, SignedPublicKey, SignedSecretKey};
+use crate::key::{self, DcKey, Fingerprint, SignedPublicKey, SignedSecretKey};
 use crate::peerstate::Peerstate;
 use crate::pgp;
 
@@ -264,16 +264,22 @@ pub(crate) fn validate_detached_signature<'a, 'b>(
     }
 }
 
-pub(crate) fn keyring_from_peerstate(peerstate: Option<&Peerstate>) -> Vec<SignedPublicKey> {
+/// Returns public keyring for `peerstate`.
+pub(crate) async fn keyring_from_peerstate(
+    context: &Context,
+    peerstate: Option<&Peerstate>,
+) -> Result<Vec<SignedPublicKey>> {
     let mut public_keyring_for_validate = Vec::new();
     if let Some(peerstate) = peerstate {
         if let Some(key) = &peerstate.public_key {
             public_keyring_for_validate.push(key.clone());
         } else if let Some(key) = &peerstate.gossip_key {
             public_keyring_for_validate.push(key.clone());
+        } else if context.is_self_addr(&peerstate.addr).await? {
+            public_keyring_for_validate = key::load_self_public_keyring(context).await?;
         }
     }
-    public_keyring_for_validate
+    Ok(public_keyring_for_validate)
 }
 
 /// Applies Autocrypt header to Autocrypt peer state and saves it into the database.
@@ -292,6 +298,7 @@ pub(crate) async fn get_autocrypt_peerstate(
     message_time: i64,
     allow_change: bool,
 ) -> Result<Option<Peerstate>> {
+    let allow_change = allow_change && !context.is_self_addr(from).await?;
     let mut peerstate;
 
     // Apply Autocrypt header