security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00
Code Activity

* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry

Browse Source 
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid.  This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
This commit is contained in:
David Shaw 2002-11-13 05:20:43 +00:00
parent dbe54c8bd5
commit 7178a8056c
2 changed files with 27 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2002-11-12 David Shaw <dshaw@jabberwocky.com>
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys
carry these facts onto all their subkeys, but only after the
subkey has a chance to be marked valid. This is to fix an
incorrect "invalid public key" error verifying a signature made by
a revoked signing subkey, with a valid unrevoked primary key.
2002-11-09 Werner Koch <wk@gnupg.org> 2002-11-09 Werner Koch <wk@gnupg.org>
* passphrase.c (agent_send_all_options): Use tty_get_ttyname to * passphrase.c (agent_send_all_options): Use tty_get_ttyname to

40
g10/getkey.c
View File

@ -1834,21 +1834,6 @@ merge_selfsigs( KBNODE keyblock )
} }
merge_selfsigs_main ( keyblock, &revoked ); merge_selfsigs_main ( keyblock, &revoked );
main_pk = keyblock->pkt->pkt.public_key;
if ( revoked ) {
/* if the primary key has been revoked we better set the revoke
* flag on that key and all subkeys */
for(k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
PKT_public_key *pk = k->pkt->pkt.public_key;
pk->is_revoked = 1;
pk->main_keyid[0] = main_pk->main_keyid[0];
pk->main_keyid[1] = main_pk->main_keyid[1];
}
}
return;
}
/* now merge in the data from each of the subkeys */ /* now merge in the data from each of the subkeys */
for(k=keyblock; k; k = k->next ) { for(k=keyblock; k; k = k->next ) {
@ -1857,12 +1842,25 @@ merge_selfsigs( KBNODE keyblock )
} }
} }
/* If the main key is not valid, then the subkeys aren't either, main_pk = keyblock->pkt->pkt.public_key;
even if they have binding sigs. */ if ( revoked || main_pk->has_expired || !main_pk->is_valid ) {
if(!main_pk->is_valid) /* if the primary key is revoked, expired, or invalid we
for(k=keyblock; k; k=k->next) * better set the appropriate flags on that key and all
if(k->pkt->pkttype==PKT_PUBLIC_SUBKEY) * subkeys */
k->pkt->pkt.public_key->is_valid=0; for(k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
PKT_public_key *pk = k->pkt->pkt.public_key;
if(!main_pk->is_valid)
pk->is_valid = 0;
if(revoked)
pk->is_revoked = 1;
if(main_pk->has_expired)
pk->has_expired = main_pk->has_expired;
}
}
return;
}
/* set the preference list of all keys to those of the primary real /* set the preference list of all keys to those of the primary real
* user ID. Note: we use these preferences when we don't know by * user ID. Note: we use these preferences when we don't know by