security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

gpg,sm: Allow encryption (with warning) to any key in de-vs mode.

Browse Source 
* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

GnuPG-bug-id: 3306
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-27 14:54:50 +02:00
parent a0d0cbee76
commit 1bd22a85b4
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
g10/encrypt.c
View File

@ -657,16 +657,12 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
PKT_public_key *pk = pkr->pk; PKT_public_key *pk = pkr->pk;
unsigned int nbits = nbits_from_pk (pk); unsigned int nbits = nbits_from_pk (pk);
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, if (!gnupg_pk_is_compliant (opt.compliance,
pk->pubkey_algo, pk->pkey, nbits, NULL)) pk->pubkey_algo, pk->pkey, nbits, NULL))
{ log_info (_("WARNING: key %s is not suitable for encryption"
log_error (_("key %s not suitable for encryption" " in %s mode\n"),
" while in %s mode\n"), keystr_from_pk (pk),
keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance));
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
goto leave;
}
if (compliant if (compliant
&& !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey, && !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,

17
sm/encrypt.c
View File

@ -481,15 +481,16 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
/* Check compliance. */ /* Check compliance. */
pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo, if (!gnupg_pk_is_compliant (opt.compliance, pk_algo, NULL, nbits, NULL))
NULL, nbits, NULL))
{ {
log_error ("certificate ID 0x%08lX not suitable for " char kidstr[10+1];
"encryption while in %s mode\n",
gpgsm_get_short_fingerprint (cl->cert, NULL), snprintf (kidstr, sizeof kidstr, "0x%08lX",
gnupg_compliance_option_string (opt.compliance)); gpgsm_get_short_fingerprint (cl->cert, NULL));
rc = gpg_error (GPG_ERR_PUBKEY_ALGO); log_info (_("WARNING: key %s is not suitable for encryption"
goto leave; " in %s mode\n"),
kidstr,
gnupg_compliance_option_string (opt.compliance));
} }
/* Fixme: When adding ECC we need to provide the curvename and /* Fixme: When adding ECC we need to provide the curvename and