mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gpg,sm: String changes for compliance diagnostics.
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
5cf95157c5
commit
efe187e8a2
12 changed files with 48 additions and 52 deletions
|
|
@ -361,8 +361,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
|||
/* Check compliance. */
|
||||
if (! gnupg_cipher_is_allowed (opt.compliance, 0, algo, mode))
|
||||
{
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s'"
|
||||
" may not be used in %s mode\n"),
|
||||
gcry_cipher_algo_name (algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||
|
|
@ -489,7 +489,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
|||
snprintf (kidstr, sizeof kidstr, "0x%08lX",
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
log_info
|
||||
(_("Note: key %s was not suitable for encryption"
|
||||
(_("Note: key %s is not suitable for encryption"
|
||||
" in %s mode\n"),
|
||||
kidstr,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
|
|
|||
|
|
@ -412,8 +412,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
|||
(opt.compliance, 1, gcry_cipher_map_name (opt.def_cipher_algoid),
|
||||
gcry_cipher_mode_from_oid (opt.def_cipher_algoid)))
|
||||
{
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
opt.def_cipher_algoid,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||
|
|
|
|||
|
|
@ -1628,8 +1628,7 @@ main ( int argc, char **argv)
|
|||
gcry_cipher_mode_from_oid
|
||||
(opt.def_cipher_algoid),
|
||||
GCRY_CIPHER_MODE_NONE))
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
opt.def_cipher_algoid,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
|
|
@ -1639,8 +1638,7 @@ main ( int argc, char **argv)
|
|||
|| cmd == aSignEncr
|
||||
|| cmd == aClearsign,
|
||||
opt.forced_digest_algo))
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
forced_digest_algo,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
|
|
@ -1650,8 +1648,7 @@ main ( int argc, char **argv)
|
|||
|| cmd == aSignEncr
|
||||
|| cmd == aClearsign,
|
||||
opt.extra_digest_algo))
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
forced_digest_algo,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
|
|
|
|||
12
sm/sign.c
12
sm/sign.c
|
|
@ -475,8 +475,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||
/* Check compliance. */
|
||||
if (! gnupg_digest_is_allowed (opt.compliance, 1, cl->hash_algo))
|
||||
{
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
gcry_md_algo_name (cl->hash_algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
err = gpg_error (GPG_ERR_DIGEST_ALGO);
|
||||
|
|
@ -490,9 +489,12 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
|||
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo,
|
||||
NULL, nbits, NULL))
|
||||
{
|
||||
log_error ("certificate ID 0x%08lX not suitable for "
|
||||
"signing while in %s mode\n",
|
||||
gpgsm_get_short_fingerprint (cl->cert, NULL),
|
||||
char kidstr[10+1];
|
||||
|
||||
snprintf (kidstr, sizeof kidstr, "0x%08lX",
|
||||
gpgsm_get_short_fingerprint (cl->cert, NULL));
|
||||
log_error (_("key %s may not be used for signing in %s mode\n"),
|
||||
kidstr,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||
goto leave;
|
||||
|
|
|
|||
12
sm/verify.c
12
sm/verify.c
|
|
@ -458,17 +458,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
|||
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
|
||||
pk_algo, NULL, nbits, NULL))
|
||||
{
|
||||
log_error ("certificate ID 0x%08lX not suitable for "
|
||||
"verification while in %s mode\n",
|
||||
gpgsm_get_short_fingerprint (cert, NULL),
|
||||
char kidstr[10+1];
|
||||
|
||||
snprintf (kidstr, sizeof kidstr, "0x%08lX",
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
log_error (_("key %s may not be used for signing in %s mode\n"),
|
||||
kidstr,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
goto next_signer;
|
||||
}
|
||||
|
||||
if (! gnupg_digest_is_allowed (opt.compliance, 0, sigval_hash_algo))
|
||||
{
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
gcry_md_algo_name (sigval_hash_algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
goto next_signer;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue