g10: Fix checking key for signature validation.
authorNIIBE Yutaka <gniibe@fsij.org>
Thu, 4 Aug 2016 07:21:39 +0000 (16:21 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Thu, 4 Aug 2016 08:14:26 +0000 (17:14 +0900)
* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.

--

(backport of master
commit 6f284e6ed63f514b15fe610f490ffcefc87a2164)

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
g10/sig-check.c

index 6bac630..8dd0373 100644 (file)
@@ -76,9 +76,9 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
       }
     else if( get_pubkey( pk, sig->keyid ) )
        rc = G10ERR_NO_PUBKEY;
-    else if(!pk->is_valid && !pk->is_primary)
+    else if(!pk->is_valid)
         rc=G10ERR_BAD_PUBKEY; /* you cannot have a good sig from an
-                                invalid subkey */
+                                invalid key */
     else
       {
         if(r_expiredate)