From 6f284e6ed63f514b15fe610f490ffcefc87a2164 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 4 Aug 2016 16:21:39 +0900 Subject: g10: Fix checking key for signature validation. * g10/sig-check.c (check_signature2): Not only subkey, but also primary key should have flags.valid=1. -- The tweak of gpgv in e32c575e0f3704e7563048eea6d26844bdfc494b only makes sense with this change. Signed-off-by: NIIBE Yutaka --- g10/sig-check.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'g10/sig-check.c') diff --git a/g10/sig-check.c b/g10/sig-check.c index 7000b480c..334add785 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -118,9 +118,9 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, } else if( get_pubkey( pk, sig->keyid ) ) rc = GPG_ERR_NO_PUBKEY; - else if(!pk->flags.valid && !pk->flags.primary) + else if(!pk->flags.valid) { - /* You cannot have a good sig from an invalid subkey. */ + /* You cannot have a good sig from an invalid key. */ rc = GPG_ERR_BAD_PUBKEY; } else -- cgit v1.2.3