* options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main), sig-check.c

(signature_check2): Add --require-backsigs and --no-require-backsigs. Currently defaults to --no-require-backsigs.
2025-01-03 12:11:33 +01:00 · 2005-10-12 20:44:24 +00:00 · 2005-10-12 20:44:24 +00:00 · 094a7ab401
commit 094a7ab401
parent 47433adaa5
5 changed files with 33 additions and 12 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,10 @@
+2005-10-12  David Shaw  <dshaw@jabberwocky.com>
+
+	* options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main),
+	sig-check.c (signature_check2): Add --require-backsigs and
+	--no-require-backsigs.  Currently defaults to
+	--no-require-backsigs.
+
 2005-10-11  David Shaw  <dshaw@jabberwocky.com>

 	* getkey.c (merge_selfsigs_subkey), sig-check.c
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -2082,13 +2082,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
 	    free_seckey_enc(backsig);
 	  }
      }
-
-#ifdef FAKE_BACKSIGS
-    /* If there is no backsig, pretend there is a valid one.  If there
-       is a backsig (or an invalid backsig), use it. */
-    if(subpk->backsig==0)
-      subpk->backsig=2;
-#endif
 }


--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -355,6 +355,9 @@ enum cmd_and_opt_values
    opcscDriver,
    oDisableCCID,

+    oRequireBacksigs,
+    oNoRequireBacksigs,
+
    oNoop
  };

@ -695,6 +698,8 @@ static ARGPARSE_OPTS opts[] = {
       the favor. */
    { oLocalUser, "sign-with", 2, "@" },
    { oRecipient, "user", 2, "@" },
+    { oRequireBacksigs, "require-backsigs", 0, "@"},
+    { oNoRequireBacksigs, "no-require-backsigs", 0, "@"},
    {0,NULL,0,NULL}
 };

@ -2586,7 +2591,9 @@ main (int argc, char **argv )
            opt.limit_card_insert_tries = pargs.r.ret_int; 
            break;

-  
+	  case oRequireBacksigs: opt.require_backsigs=1; break;
+	  case oNoRequireBacksigs: opt.require_backsigs=0; break;
+
 	  case oNoop: break;

 	  default : pargs.err = configfp? 1:2; break;
--- a/g10/options.h
+++ b/g10/options.h
@ -162,6 +162,8 @@ struct
  STRLIST sig_policy_url;
  STRLIST cert_policy_url;
  STRLIST sig_keyserver_url;
+  STRLIST cert_subpackets;
+  STRLIST sig_subpackets;
  int use_embedded_filename;
  int allow_non_selfsigned_uid;
  int allow_freeform_uid;
@ -207,6 +209,11 @@ struct
  int disable_ccid;    /* Disable the use of the internal CCID driver. */
 #endif /*ENABLE_CARD_SUPPORT*/

+  /* If set, require an 0x19 backsig to be present on signatures made
+     by signing subkeys.  If not set, a missing backsig is not an
+     error (but an invalid backsig still is). */
+  int require_backsigs;
+
 } opt;

 /* CTRL is used to keep some global variables we currently can't
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -96,10 +96,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
 	   signaures issued by it. */
 	if(rc==0 && !pk->is_primary && pk->backsig<2)
 	  {
-	    if(pk->backsig==0)
-	      log_info(_("WARNING: signing subkey %s is not"
-			 " cross-certified\n"),keystr_from_pk(pk));
-	    else
+	    /* TODO: In a future version, once enough signing subkeys
+	       have backsigs, change this to always give the warning,
+	       and have --require-backsigs enable or disable the
+	       G10ERR_GENERAL. */
+	    if(pk->backsig==0 && opt.require_backsigs)
+	      {
+		log_info(_("WARNING: signing subkey %s is not"
+			   " cross-certified\n"),keystr_from_pk(pk));
+		rc=G10ERR_GENERAL;
+	      }
+	    else if(pk->backsig==1)
 	      {
 		log_info(_("WARNING: signing subkey %s has an invalid"
 			   " cross-certification\n"),keystr_from_pk(pk));