1 files changed, 15 insertions, 8 deletions

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 54db2089a..456c29320 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -131,6 +131,11 @@ check_key_verify_compliance (PKT_public_key *pk)
  * If R_PK is not NULL, the public key is stored at that address if it
  * was found; other wise NULL is stored.
  *
+ * If R_KEYBLOCK is not NULL, the entire keyblock used to verify the
+ * signature is stored at that address.  If no key was found or on
+ * some other errors NULL is stored there.  The callers needs to
+ * release the keyblock using release_kbnode (kb).
+ *
  * Returns 0 on success.  An error code otherwise.  */
 gpg_error_t
 check_signature (ctrl_t ctrl,
@@ -138,7 +143,7 @@ check_signature (ctrl_t ctrl,
                  const void *extrahash, size_t extrahashlen,
                  PKT_public_key *forced_pk,
                  u32 *r_expiredate, int *r_expired, int *r_revoked,
-                 PKT_public_key **r_pk)
+                 PKT_public_key **r_pk, kbnode_t *r_keyblock)
 {
   int rc=0;
   PKT_public_key *pk;
@@ -151,6 +156,8 @@ check_signature (ctrl_t ctrl,
     *r_revoked = 0;
   if (r_pk)
     *r_pk = NULL;
+  if (r_keyblock)
+    *r_keyblock = NULL;
 
   pk = xtrycalloc (1, sizeof *pk);
   if (!pk)
@@ -181,7 +188,7 @@ check_signature (ctrl_t ctrl,
       log_info(_("WARNING: signature digest conflict in message\n"));
       rc = gpg_error (GPG_ERR_GENERAL);
     }
-  else if (get_pubkey_for_sig (ctrl, pk, sig, forced_pk))
+  else if (get_pubkey_for_sig (ctrl, pk, sig, forced_pk, r_keyblock))
     rc = gpg_error (GPG_ERR_NO_PUBKEY);
   else if ((rc = check_key_verify_compliance (pk)))
     ;/* Compliance failure.  */
@@ -780,9 +787,9 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
           keyid_from_fingerprint (ctrl, pk->revkey[i].fpr, pk->revkey[i].fprlen,
                                   keyid);
 
-          if(keyid[0]==sig->keyid[0] && keyid[1]==sig->keyid[1])
-	    /* The signature was generated by a designated revoker.
-	       Verify the signature.  */
+          /* If the signature was generated by a designated revoker
+           * verify the signature.  */
+          if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
 	    {
               gcry_md_hd_t md;
 
@@ -790,9 +797,9 @@ check_revocation_keys (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig)
                 BUG ();
               hash_public_key(md,pk);
 	      /* Note: check_signature only checks that the signature
-		 is good.  It does not fail if the key is revoked.  */
+	       * is good.  It does not fail if the key is revoked.  */
               rc = check_signature (ctrl, sig, md, NULL, 0, NULL,
-                                    NULL, NULL, NULL, NULL);
+                                    NULL, NULL, NULL, NULL, NULL);
 	      cache_sig_result(sig,rc);
               gcry_md_close (md);
 	      break;
@@ -997,7 +1004,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
               if (IS_CERT (sig))
                 signer->req_usage = PUBKEY_USAGE_CERT;
 
-              rc = get_pubkey_for_sig (ctrl, signer, sig, NULL);
+              rc = get_pubkey_for_sig (ctrl, signer, sig, NULL, NULL);
               if (rc)
                 {
                   xfree (signer);