security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-25 01:42:45 +02:00
Code Activity

* getkey.c (merge_selfsigs_subkey), sig-check.c (signature_check2),

Browse Source 
keygen.c (make_backsig): Did some backsig interop testing with the PGP
folks.  All is well, so I'm turning generation of backsigs on for new
keys.  Checking for backsigs on verification is still off.
This commit is contained in:
David Shaw 2005-10-11 22:13:49 +00:00
parent 02aefe3866
commit 47433adaa5
6 changed files with 35 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2005-10-11 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Did some backsig testing with the PGP folks. All
is well, so I'm turning generation of backsigs on for new keys.
Checking for backsigs on verification is still off.
2005-10-05 Werner Koch <wk@g10code.com> 2005-10-05 Werner Koch <wk@g10code.com>
* configure.ac: Changed identification file name to g10/gpg.c * configure.ac: Changed identification file name to g10/gpg.c

8
configure.ac
View File

@ -129,10 +129,10 @@ AC_ARG_ENABLE(gnupg-iconv,
gnupg_use_iconv=$enableval, gnupg_use_iconv=yes) gnupg_use_iconv=$enableval, gnupg_use_iconv=yes)
AC_MSG_RESULT($gnupg_use_iconv) AC_MSG_RESULT($gnupg_use_iconv)
AC_MSG_CHECKING([whether to enable the experimental backsigs code]) AC_MSG_CHECKING([whether to require signing subkeys to have back signatures])
AC_ARG_ENABLE(backsigs, AC_ARG_ENABLE(backsigs,
AC_HELP_STRING([--enable-backsigs], AC_HELP_STRING([--enable-backsigs],
[enable the experimental backsigs code]), [require signing subkeys to have back signatures]),
do_backsigs=$enableval, do_backsigs=no) do_backsigs=$enableval, do_backsigs=no)
AC_MSG_RESULT($do_backsigs) AC_MSG_RESULT($do_backsigs)
@ -757,8 +757,8 @@ if test "$gnupg_use_iconv" = yes ; then
AC_DEFINE(USE_GNUPG_ICONV,1,[Define to use the new iconv based code]) AC_DEFINE(USE_GNUPG_ICONV,1,[Define to use the new iconv based code])
fi fi
if test "$do_backsigs" = yes ; then if test "$do_backsigs" = no ; then
AC_DEFINE(DO_BACKSIGS,1,[Define to enable the experimental backsigs code]) AC_DEFINE(FAKE_BACKSIGS,1,[Define to fake missing backsigs])
fi fi
AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes) AM_CONDITIONAL(ENABLE_CARD_SUPPORT, test "$card_support" = yes)

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2005-10-11 David Shaw <dshaw@jabberwocky.com>
* getkey.c (merge_selfsigs_subkey), sig-check.c
(signature_check2), keygen.c (make_backsig): Did some backsig
interop testing with the PGP folks. All is well, so I'm turning
generation of backsigs on for new keys. Checking for backsigs on
verification is still off.
2005-10-05 Werner Koch <wk@g10code.com> 2005-10-05 Werner Koch <wk@g10code.com>
* g10.c: Renamed to .. * g10.c: Renamed to ..

10
g10/getkey.c
View File

@ -2043,10 +2043,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
subpk->is_valid = 1; subpk->is_valid = 1;
#ifndef DO_BACKSIGS
/* Pretend the backsig is present and accounted for. */
subpk->backsig=2;
#else
/* Find the first 0x19 embedded signature on our self-sig. */ /* Find the first 0x19 embedded signature on our self-sig. */
if(subpk->backsig==0) if(subpk->backsig==0)
{ {
@ -2086,6 +2082,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
free_seckey_enc(backsig); free_seckey_enc(backsig);
} }
} }
#ifdef FAKE_BACKSIGS
/* If there is no backsig, pretend there is a valid one. If there
is a backsig (or an invalid backsig), use it. */
if(subpk->backsig==0)
subpk->backsig=2;
#endif #endif
} }

20
g10/keygen.c
View File

@ -712,25 +712,17 @@ keygen_add_revkey(PKT_signature *sig, void *opaque)
} }
static int static int
make_backsig(PKT_signature *sig, PKT_public_key *pk, make_backsig(PKT_signature *sig,PKT_public_key *pk,
PKT_public_key *sub_pk, PKT_secret_key *sub_sk) PKT_public_key *sub_pk,PKT_secret_key *sub_sk)
{ {
PKT_signature *backsig; PKT_signature *backsig;
int rc; int rc;
#ifndef DO_BACKSIGS cache_public_key(sub_pk);
/* This is not enabled yet, as I want to get a bit closer to RFC day
before enabling this. I've been burned before :) */
return 0; rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk,0x19,0,0,0,0,NULL,NULL);
#endif if(rc)
log_error("make_keysig_packet failed for backsig: %s\n",g10_errstr(rc));
cache_public_key (sub_pk);
rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk, 0x19, 0, 0, 0, 0,
NULL,NULL);
if( rc )
log_error("make_keysig_packet failed for backsig: %s\n", g10_errstr(rc) );
else else
{ {
/* get it into a binary packed form. */ /* get it into a binary packed form. */

7
g10/sig-check.c
View File

@ -100,8 +100,11 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
log_info(_("WARNING: signing subkey %s is not" log_info(_("WARNING: signing subkey %s is not"
" cross-certified\n"),keystr_from_pk(pk)); " cross-certified\n"),keystr_from_pk(pk));
else else
log_info(_("WARNING: signing subkey %s has an invalid" {
" cross-certification\n"),keystr_from_pk(pk)); log_info(_("WARNING: signing subkey %s has an invalid"
" cross-certification\n"),keystr_from_pk(pk));
rc=G10ERR_GENERAL;
}
} }
} }