From 47433adaa56339dbc28c60b9f800fe1522312ad2 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Tue, 11 Oct 2005 22:13:49 +0000
Subject: [PATCH] * getkey.c (merge_selfsigs_subkey), sig-check.c
 (signature_check2), keygen.c (make_backsig): Did some backsig interop testing
 with the PGP folks.  All is well, so I'm turning generation of backsigs on
 for new keys.  Checking for backsigs on verification is still off.

---
 ChangeLog       |  6 ++++++
 configure.ac    |  8 ++++----
 g10/ChangeLog   |  8 ++++++++
 g10/getkey.c    | 10 ++++++----
 g10/keygen.c    | 20 ++++++--------------
 g10/sig-check.c |  7 +++++--
 6 files changed, 35 insertions(+), 24 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 297f98cfc..020e1663d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2005-10-11  David Shaw  <dshaw@jabberwocky.com>
+
+	* configure.ac: Did some backsig testing with the PGP folks.  All
+	is well, so I'm turning generation of backsigs on for new keys.
+	Checking for backsigs on verification is still off.
+
 2005-10-05  Werner Koch  <wk@g10code.com>
 
 	* configure.ac: Changed identification file name to g10/gpg.c
diff --git a/configure.ac b/configure.ac
index 484c1a913..d77d4eaca 100644
--- a/configure.ac
+++ b/configure.ac
@@ -129,10 +129,10 @@ AC_ARG_ENABLE(gnupg-iconv,
               gnupg_use_iconv=$enableval, gnupg_use_iconv=yes)
 AC_MSG_RESULT($gnupg_use_iconv)
 
-AC_MSG_CHECKING([whether to enable the experimental backsigs code])
+AC_MSG_CHECKING([whether to require signing subkeys to have back signatures])
 AC_ARG_ENABLE(backsigs,
               AC_HELP_STRING([--enable-backsigs],
-                             [enable the experimental backsigs code]),
+                             [require signing subkeys to have back signatures]),
               do_backsigs=$enableval, do_backsigs=no)
 AC_MSG_RESULT($do_backsigs)
 
@@ -757,8 +757,8 @@ if test "$gnupg_use_iconv" = yes ; then
   AC_DEFINE(USE_GNUPG_ICONV,1,[Define to use the new iconv based code])
 fi
 
-if test "$do_backsigs" = yes ; then
-  AC_DEFINE(DO_BACKSIGS,1,[Define to enable the experimental backsigs code])
+if test "$do_backsigs" = no ; then
+  AC_DEFINE(FAKE_BACKSIGS,1,[Define to fake missing backsigs])
 fi
 
 AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)
diff --git a/g10/ChangeLog b/g10/ChangeLog
index c5992a0a0..9410b27bb 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,11 @@
+2005-10-11  David Shaw  <dshaw@jabberwocky.com>
+
+	* getkey.c (merge_selfsigs_subkey), sig-check.c
+	(signature_check2), keygen.c (make_backsig): Did some backsig
+	interop testing with the PGP folks.  All is well, so I'm turning
+	generation of backsigs on for new keys.  Checking for backsigs on
+	verification is still off.
+
 2005-10-05  Werner Koch  <wk@g10code.com>
 
 	* g10.c: Renamed to ..
diff --git a/g10/getkey.c b/g10/getkey.c
index 07bdfcbd7..864c8bfb7 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -2043,10 +2043,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
 
     subpk->is_valid = 1;
 
-#ifndef DO_BACKSIGS
-    /* Pretend the backsig is present and accounted for. */
-    subpk->backsig=2;
-#else
     /* Find the first 0x19 embedded signature on our self-sig. */
     if(subpk->backsig==0)
       {
@@ -2086,6 +2082,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
 	    free_seckey_enc(backsig);
 	  }
       }
+
+#ifdef FAKE_BACKSIGS
+    /* If there is no backsig, pretend there is a valid one.  If there
+       is a backsig (or an invalid backsig), use it. */
+    if(subpk->backsig==0)
+      subpk->backsig=2;
 #endif
 }
 
diff --git a/g10/keygen.c b/g10/keygen.c
index 3bf5af48b..72df993c0 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -712,25 +712,17 @@ keygen_add_revkey(PKT_signature *sig, void *opaque)
 }
 
 static int
-make_backsig(PKT_signature *sig, PKT_public_key *pk,
- 	     PKT_public_key *sub_pk, PKT_secret_key *sub_sk)
+make_backsig(PKT_signature *sig,PKT_public_key *pk,
+ 	     PKT_public_key *sub_pk,PKT_secret_key *sub_sk)
 {
   PKT_signature *backsig;
   int rc;
 
-#ifndef DO_BACKSIGS
-  /* This is not enabled yet, as I want to get a bit closer to RFC day
-     before enabling this.  I've been burned before :) */
+  cache_public_key(sub_pk);
 
-  return 0;
-#endif
-
-  cache_public_key (sub_pk);
-
-  rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk, 0x19, 0, 0, 0, 0,
- 			NULL,NULL);
-  if( rc )
-    log_error("make_keysig_packet failed for backsig: %s\n", g10_errstr(rc) );
+  rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk,0x19,0,0,0,0,NULL,NULL);
+  if(rc)
+    log_error("make_keysig_packet failed for backsig: %s\n",g10_errstr(rc));
   else
     {
       /* get it into a binary packed form. */
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 606c38d0b..80bfeb94c 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -100,8 +100,11 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
 	      log_info(_("WARNING: signing subkey %s is not"
 			 " cross-certified\n"),keystr_from_pk(pk));
 	    else
-	      log_info(_("WARNING: signing subkey %s has an invalid"
-			 " cross-certification\n"),keystr_from_pk(pk));
+	      {
+		log_info(_("WARNING: signing subkey %s has an invalid"
+			   " cross-certification\n"),keystr_from_pk(pk));
+		rc=G10ERR_GENERAL;
+	      }
 	  }
       }