security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Replace --override-compliance-check by a real fix.

Browse source 
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--

The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key.  The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.

Fixes-commit: fb26e144ad
GnuPG-bug-id: 5655
This commit is contained in:
Werner Koch 2023-01-20 11:02:02 +01:00
parent b9528830d6
commit d98bf02a03
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 8 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

11
g10/sig-check.c
View file

@ -78,17 +78,10 @@ check_key_verify_compliance (PKT_public_key *pk)
NULL))
{
/* Compliance failure. */
log_info (_("key %s may not be used for signing in %s mode\n"),
log_error (_("key %s may not be used for signing in %s mode\n"),
keystr_from_pk (pk),
gnupg_compliance_option_string (opt.compliance));
if (opt.flags.override_compliance_check)
log_info (_("continuing verification anyway due to option %s\n"),
"--override-compliance-failure");
else
{
log_inc_errorcount (); /* We used log info above. */
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
}
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
}
return err;