mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg,sm: Fix compliance checking for decryption.
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal signing check. We don't support Elgamal signing at all. (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA. Check the curvenames for ECDH. * g10/pubkey-enc.c (get_session_key): Print only a warning if the key is not compliant. * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg so that we have only one translation. -- We always allow decryption and print only a note if the key was not complaint at the encryption site. GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
6d95611d01
commit
a0d0cbee76
3 changed files with 62 additions and 48 deletions
22
sm/decrypt.c
22
sm/decrypt.c
|
|
@ -480,17 +480,19 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
|||
unsigned int nbits;
|
||||
int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
|
||||
|
||||
/* Check compliance. */
|
||||
if (! gnupg_pk_is_allowed (opt.compliance,
|
||||
PK_USE_DECRYPTION,
|
||||
pk_algo, NULL, nbits, NULL))
|
||||
/* Print compliance warning. */
|
||||
if (! gnupg_pk_is_compliant (opt.compliance,
|
||||
pk_algo, NULL, nbits, NULL))
|
||||
{
|
||||
log_error ("certificate ID 0x%08lX not suitable for "
|
||||
"decryption while in %s mode\n",
|
||||
gpgsm_get_short_fingerprint (cert, NULL),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||
goto oops;
|
||||
char kidstr[10+1];
|
||||
|
||||
snprintf (kidstr, sizeof kidstr, "0x%08lX",
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
log_info
|
||||
(_("Note: key %s was not suitable for encryption"
|
||||
" in %s mode\n"),
|
||||
kidstr,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
}
|
||||
|
||||
/* Check that all certs are compliant with CO_DE_VS. */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue