1 files changed, 23 insertions, 13 deletions

diff --git a/g10/sig-check.c b/g10/sig-check.c
index a68e031f6..6d7f1afbd 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -156,7 +156,7 @@ check_signature2 (ctrl_t ctrl,
       log_info(_("WARNING: signature digest conflict in message\n"));
       rc = gpg_error (GPG_ERR_GENERAL);
     }
-  else if (get_pubkey (ctrl, pk, sig->keyid))
+  else if (get_pubkey_for_sig (ctrl, pk, sig))
     rc = gpg_error (GPG_ERR_NO_PUBKEY);
   else if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
                                  pk->pubkey_algo, pk->pkey,
@@ -480,7 +480,8 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
     }
 
   /* For data signatures check that the key has sign usage.  */
-  if (IS_SIG (sig) && !(pk->pubkey_usage & PUBKEY_USAGE_SIG))
+  if (!IS_BACK_SIG (sig) && IS_SIG (sig)
+      && !(pk->pubkey_usage & PUBKEY_USAGE_SIG))
     {
       rc = gpg_error (GPG_ERR_WRONG_KEY_USAGE);
       if (!opt.quiet)
@@ -509,7 +510,8 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
     }
   else
     {
-      byte buf[6];
+      byte buf[10];
+      int i;
       size_t n;
       gcry_md_putc (digest, sig->pubkey_algo);
       gcry_md_putc (digest, sig->digest_algo);
@@ -530,13 +532,21 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
 	  n = 6;
 	}
 	/* add some magic per Section 5.2.4 of RFC 4880.  */
-	buf[0] = sig->version;
-	buf[1] = 0xff;
-	buf[2] = n >> 24;
-	buf[3] = n >> 16;
-	buf[4] = n >>  8;
-	buf[5] = n;
-	gcry_md_write( digest, buf, 6 );
+        i = 0;
+	buf[i++] = sig->version;
+	buf[i++] = 0xff;
+        if (sig->version >= 5)
+          {
+            buf[i++] = 0;
+            buf[i++] = 0;
+            buf[i++] = 0;
+            buf[i++] = 0;
+          }
+	buf[i++] = n >> 24;
+	buf[i++] = n >> 16;
+	buf[i++] = n >>  8;
+	buf[i++] = n;
+	gcry_md_write (digest, buf, i);
     }
     gcry_md_final( digest );
 
@@ -571,7 +581,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig )
 {
   if (uid->attrib_data)
     {
-      if (sig->version >=4)
+      if (sig->version >= 4)
         {
           byte buf[5];
           buf[0] = 0xd1;		   /* packet of type 17 */
@@ -585,7 +595,7 @@ hash_uid_packet (PKT_user_id *uid, gcry_md_hd_t md, PKT_signature *sig )
     }
   else
     {
-      if (sig->version >=4)
+      if (sig->version >= 4)
         {
           byte buf[5];
           buf[0] = 0xb4;	      /* indicates a userid packet */
@@ -926,7 +936,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
               if (IS_CERT (sig))
                 signer->req_usage = PUBKEY_USAGE_CERT;
 
-              rc = get_pubkey (ctrl, signer, sig->keyid);
+              rc = get_pubkey_for_sig (ctrl, signer, sig);
               if (rc)
                 {
                   xfree (signer);