gpg,gpgsm: Fix compliance check for DSA and avoid an assert.

* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA check. Explicitly check for allowed ECC algos. (gnupg_pk_is_allowed): Swap P and Q for DSA check. * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace assert by debug message. -- Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0 condition is surprising because it leads to the assumption SYMKEYS could be negative. Better use a boolean test. The assert could have lead to a regression for no good reason. Not being compliant is better than breaking existing users. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2017-06-19 17:50:02 +02:00 · 2017-06-19 17:50:02 +02:00 · 3621dbe525
commit 3621dbe525
parent 6cc4702767
4 changed files with 30 additions and 23 deletions
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -493,9 +493,10 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                      }

                    /* Check that all certs are compliant with CO_DE_VS.  */
-                    is_de_vs = (is_de_vs
-                                && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
-                                                          nbits, NULL));
+                    is_de_vs =
+                      (is_de_vs
+                       && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
+                                                 nbits, NULL));
                  }

                oops: