[svn] GnuPG - r3908 - in trunk: . g10

svn author dshaw cvs at cvs.gnupg.org
Wed Oct 12 00:13:53 CEST 2005 

Author: dshaw
Date: 2005-10-12 00:13:49 +0200 (Wed, 12 Oct 2005)
New Revision: 3908

Modified:
   trunk/ChangeLog
   trunk/configure.ac
   trunk/g10/ChangeLog
   trunk/g10/getkey.c
   trunk/g10/keygen.c
   trunk/g10/sig-check.c
Log:
* getkey.c (merge_selfsigs_subkey), sig-check.c (signature_check2),
keygen.c (make_backsig): Did some backsig interop testing with the PGP
folks.  All is well, so I'm turning generation of backsigs on for new
keys.  Checking for backsigs on verification is still off.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2005-10-08 00:17:09 UTC (rev 3907)
+++ trunk/ChangeLog	2005-10-11 22:13:49 UTC (rev 3908)
@@ -1,3 +1,9 @@
+2005-10-11  David Shaw  <dshaw at jabberwocky.com>
+
+	* configure.ac: Did some backsig testing with the PGP folks.  All
+	is well, so I'm turning generation of backsigs on for new keys.
+	Checking for backsigs on verification is still off.
+
 2005-10-05  Werner Koch  <wk at g10code.com>
 
 	* configure.ac: Changed identification file name to g10/gpg.c

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2005-10-08 00:17:09 UTC (rev 3907)
+++ trunk/configure.ac	2005-10-11 22:13:49 UTC (rev 3908)
@@ -129,10 +129,10 @@
               gnupg_use_iconv=$enableval, gnupg_use_iconv=yes)
 AC_MSG_RESULT($gnupg_use_iconv)
 
-AC_MSG_CHECKING([whether to enable the experimental backsigs code])
+AC_MSG_CHECKING([whether to require signing subkeys to have back signatures])
 AC_ARG_ENABLE(backsigs,
               AC_HELP_STRING([--enable-backsigs],
-                             [enable the experimental backsigs code]),
+                             [require signing subkeys to have back signatures]),
               do_backsigs=$enableval, do_backsigs=no)
 AC_MSG_RESULT($do_backsigs)
 
@@ -757,8 +757,8 @@
   AC_DEFINE(USE_GNUPG_ICONV,1,[Define to use the new iconv based code])
 fi
 
-if test "$do_backsigs" = yes ; then
-  AC_DEFINE(DO_BACKSIGS,1,[Define to enable the experimental backsigs code])
+if test "$do_backsigs" = no ; then
+  AC_DEFINE(FAKE_BACKSIGS,1,[Define to fake missing backsigs])
 fi
 
 AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2005-10-08 00:17:09 UTC (rev 3907)
+++ trunk/g10/ChangeLog	2005-10-11 22:13:49 UTC (rev 3908)
@@ -1,3 +1,11 @@
+2005-10-11  David Shaw  <dshaw at jabberwocky.com>
+
+	* getkey.c (merge_selfsigs_subkey), sig-check.c
+	(signature_check2), keygen.c (make_backsig): Did some backsig
+	interop testing with the PGP folks.  All is well, so I'm turning
+	generation of backsigs on for new keys.  Checking for backsigs on
+	verification is still off.
+
 2005-10-05  Werner Koch  <wk at g10code.com>
 
 	* g10.c: Renamed to ..

Modified: trunk/g10/getkey.c
===================================================================
--- trunk/g10/getkey.c	2005-10-08 00:17:09 UTC (rev 3907)
+++ trunk/g10/getkey.c	2005-10-11 22:13:49 UTC (rev 3908)
@@ -2043,10 +2043,6 @@
 
     subpk->is_valid = 1;
 
-#ifndef DO_BACKSIGS
-    /* Pretend the backsig is present and accounted for. */
-    subpk->backsig=2;
-#else
     /* Find the first 0x19 embedded signature on our self-sig. */
     if(subpk->backsig==0)
       {
@@ -2086,6 +2082,12 @@
 	    free_seckey_enc(backsig);
 	  }
       }
+
+#ifdef FAKE_BACKSIGS
+    /* If there is no backsig, pretend there is a valid one.  If there
+       is a backsig (or an invalid backsig), use it. */
+    if(subpk->backsig==0)
+      subpk->backsig=2;
 #endif
 }
 

Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c	2005-10-08 00:17:09 UTC (rev 3907)
+++ trunk/g10/keygen.c	2005-10-11 22:13:49 UTC (rev 3908)
@@ -712,25 +712,17 @@
 }
 
 static int
-make_backsig(PKT_signature *sig, PKT_public_key *pk,
- 	     PKT_public_key *sub_pk, PKT_secret_key *sub_sk)
+make_backsig(PKT_signature *sig,PKT_public_key *pk,
+ 	     PKT_public_key *sub_pk,PKT_secret_key *sub_sk)
 {
   PKT_signature *backsig;
   int rc;
 
-#ifndef DO_BACKSIGS
-  /* This is not enabled yet, as I want to get a bit closer to RFC day
-     before enabling this.  I've been burned before :) */
+  cache_public_key(sub_pk);
 
-  return 0;
-#endif
-
-  cache_public_key (sub_pk);
-
-  rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk, 0x19, 0, 0, 0, 0,
- 			NULL,NULL);
-  if( rc )
-    log_error("make_keysig_packet failed for backsig: %s\n", g10_errstr(rc) );
+  rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk,0x19,0,0,0,0,NULL,NULL);
+  if(rc)
+    log_error("make_keysig_packet failed for backsig: %s\n",g10_errstr(rc));
   else
     {
       /* get it into a binary packed form. */

Modified: trunk/g10/sig-check.c
===================================================================
--- trunk/g10/sig-check.c	2005-10-08 00:17:09 UTC (rev 3907)
+++ trunk/g10/sig-check.c	2005-10-11 22:13:49 UTC (rev 3908)
@@ -100,8 +100,11 @@
 	      log_info(_("WARNING: signing subkey %s is not"
 			 " cross-certified\n"),keystr_from_pk(pk));
 	    else
-	      log_info(_("WARNING: signing subkey %s has an invalid"
-			 " cross-certification\n"),keystr_from_pk(pk));
+	      {
+		log_info(_("WARNING: signing subkey %s has an invalid"
+			   " cross-certification\n"),keystr_from_pk(pk));
+		rc=G10ERR_GENERAL;
+	      }
 	  }
       }

More information about the Gnupg-commits mailing list