* keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not create

backsigs.

* getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey selfsigs
and verify they are valid.  If DO_BACKSIGS is not defined, fake this as
always valid.

* packet.h, parse-packet.c (parse_signature): Make parse_signature
non-static so we can parse 0x19s in self-sigs.

* main.h, sig-check.c (check_backsig): Check a 0x19 signature.
(signature_check2): Give a backsig warning if there is no or a bad 0x19
with signatures from a subkey.

1 files changed, 44 insertions, 1 deletions

diff --git a/g10/getkey.c b/g10/getkey.c
index 381b2f5ab..d24253ada 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1934,8 +1934,51 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
       return;
 
     subpk->is_valid = 1;
-}
 
+#ifndef DO_BACKSIGS
+    /* Pretend the backsig is present and accounted for. */
+    subpk->backsig=2;
+#else
+    /* Find the first 0x19 embedded signature on our self-sig. */
+    if(subpk->backsig==0)
+      {
+	int seq=0;
+
+	while((p=enum_sig_subpkt(sig->hashed,
+				 SIGSUBPKT_SIGNATURE,&n,&seq,NULL)))
+	  if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
+	    break;
+
+	if(p==NULL)
+	  {
+	    seq=0;
+	    /* It is safe to have this in the unhashed area since the
+	       0x19 is located here for convenience, not security. */
+	    while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,
+				     &n,&seq,NULL)))
+	      if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
+		break;
+	  }
+
+	if(p)
+	  {
+	    PKT_signature *backsig=m_alloc_clear(sizeof(PKT_signature));
+	    IOBUF backsig_buf=iobuf_temp_with_content(p,n);
+
+	    if(parse_signature(backsig_buf,PKT_SIGNATURE,n,backsig)==0)
+	      {
+		if(check_backsig(mainpk,subpk,backsig)==0)
+		  subpk->backsig=2;
+		else
+		  subpk->backsig=1;
+	      }
+
+	    iobuf_close(backsig_buf);
+	    free_seckey_enc(backsig);
+	  }
+      }
+#endif
+}
 
 
 /*