security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg,gpgsm: Fix compliance check for DSA and avoid an assert.

Browse source 
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check.  Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
assert by debug message.

--

Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative.  Better use a boolean test.

The assert could have lead to a regression for no good reason.  Not
being compliant is better than breaking existing users.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-06-19 17:50:02 +02:00
parent 6cc4702767
commit 3621dbe525
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 30 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

12
common/compliance.h
View file

@ -57,14 +57,17 @@ int gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
cipher_algo_t cipher,
enum gcry_cipher_modes mode);
int gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
int gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance,
int producer,
cipher_algo_t cipher,
enum gcry_cipher_modes mode);
int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
digest_algo_t digest);
int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer,
int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance,
int producer,
digest_algo_t digest);
const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);
const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode
compliance);
struct gnupg_compliance_option
{
@ -76,7 +79,8 @@ int gnupg_parse_compliance_option (const char *string,
struct gnupg_compliance_option options[],
size_t length,
int quiet);
const char *gnupg_compliance_option_string (enum gnupg_compliance_mode compliance);
const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
compliance);
#endif /*GNUPG_COMMON_COMPLIANCE_H*/