mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-17 14:07:03 +01:00
gpg,sm: String changes for compliance diagnostics.
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
5cf95157c5
commit
efe187e8a2
@ -102,8 +102,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
|
||||
if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo,
|
||||
GCRY_CIPHER_MODE_CFB))
|
||||
{
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
openpgp_cipher_algo_name (dek->algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||
|
@ -628,8 +628,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
|
||||
if (! gnupg_cipher_is_allowed (opt.compliance, 1, cfx.dek->algo,
|
||||
GCRY_CIPHER_MODE_CFB))
|
||||
{
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
openpgp_cipher_algo_name (cfx.dek->algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||
@ -996,7 +995,7 @@ write_pubkey_enc_from_list (ctrl_t ctrl, PK_LIST pk_list, DEK *dek, iobuf_t out)
|
||||
{
|
||||
if (opt.throw_keyids && (PGP6 || PGP7 || PGP8))
|
||||
{
|
||||
log_info(_("you may not use %s while in %s mode\n"),
|
||||
log_info(_("option '%s' may not be used in %s mode\n"),
|
||||
"--throw-keyids",
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
compliance_failure();
|
||||
|
31
g10/gpg.c
31
g10/gpg.c
@ -3860,19 +3860,22 @@ main (int argc, char **argv)
|
||||
switch(badtype)
|
||||
{
|
||||
case PREFTYPE_SYM:
|
||||
log_info(_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
badalg, gnupg_compliance_option_string (opt.compliance));
|
||||
log_info (_("cipher algorithm '%s'"
|
||||
" may not be used in %s mode\n"),
|
||||
badalg,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
break;
|
||||
case PREFTYPE_HASH:
|
||||
log_info(_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
badalg, gnupg_compliance_option_string (opt.compliance));
|
||||
log_info (_("digest algorithm '%s'"
|
||||
" may not be used in %s mode\n"),
|
||||
badalg,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
break;
|
||||
case PREFTYPE_ZIP:
|
||||
log_info(_("you may not use compression algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
badalg, gnupg_compliance_option_string (opt.compliance));
|
||||
log_info (_("compression algorithm '%s'"
|
||||
" may not be used in %s mode\n"),
|
||||
badalg,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
@ -3897,8 +3900,7 @@ main (int argc, char **argv)
|
||||
|| cmd == aSignEncrSym,
|
||||
opt.def_cipher_algo,
|
||||
GCRY_CIPHER_MODE_NONE))
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
openpgp_cipher_algo_name (opt.def_cipher_algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
@ -3910,8 +3912,7 @@ main (int argc, char **argv)
|
||||
|| cmd == aSignSym
|
||||
|| cmd == aClearsign,
|
||||
opt.def_digest_algo))
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
gcry_md_algo_name (opt.def_digest_algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
@ -4128,7 +4129,7 @@ main (int argc, char **argv)
|
||||
" with --s2k-mode 0\n"));
|
||||
else if(PGP6 || PGP7)
|
||||
log_error(_("you cannot use --symmetric --encrypt"
|
||||
" while in %s mode\n"),
|
||||
" in %s mode\n"),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
else
|
||||
{
|
||||
@ -4189,7 +4190,7 @@ main (int argc, char **argv)
|
||||
" with --s2k-mode 0\n"));
|
||||
else if(PGP6 || PGP7)
|
||||
log_error(_("you cannot use --symmetric --sign --encrypt"
|
||||
" while in %s mode\n"),
|
||||
" in %s mode\n"),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
else
|
||||
{
|
||||
|
@ -1026,7 +1026,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
|
||||
issue a warning and switch into GnuPG mode. */
|
||||
if ((rov->flags & PK_LIST_HIDDEN) && (PGP6 || PGP7 || PGP8))
|
||||
{
|
||||
log_info(_("you may not use %s while in %s mode\n"),
|
||||
log_info(_("option '%s' may not be used in %s mode\n"),
|
||||
"--hidden-recipient",
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
@ -1077,7 +1077,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
|
||||
GnuPG mode. */
|
||||
if ((r->flags&PK_LIST_ENCRYPT_TO) && (PGP6 || PGP7 || PGP8))
|
||||
{
|
||||
log_info(_("you may not use %s while in %s mode\n"),
|
||||
log_info(_("option '%s' may not be used in %s mode\n"),
|
||||
"--hidden-encrypt-to",
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
|
@ -94,7 +94,7 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
|
||||
if (!gnupg_pk_is_compliant (opt.compliance,
|
||||
sk->pubkey_algo,
|
||||
sk->pkey, nbits_from_pk (sk), NULL))
|
||||
log_info (_("Note: key %s was not suitable for encryption"
|
||||
log_info (_("Note: key %s is not suitable for encryption"
|
||||
" in %s mode\n"),
|
||||
keystr_from_pk (sk),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
@ -132,7 +132,7 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
|
||||
if (!gnupg_pk_is_compliant (opt.compliance,
|
||||
sk->pubkey_algo,
|
||||
sk->pkey, nbits_from_pk (sk), NULL))
|
||||
log_info (_("Note: key %s was not suitable for encryption"
|
||||
log_info (_("Note: key %s is not suitable for encryption"
|
||||
" in %s mode\n"),
|
||||
keystr_from_pk (sk),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
@ -136,8 +136,7 @@ check_signature2 (ctrl_t ctrl,
|
||||
else if (! gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo))
|
||||
{
|
||||
/* Compliance failure. */
|
||||
log_info (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_info (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
gcry_md_algo_name (sig->digest_algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_DIGEST_ALGO);
|
||||
@ -162,8 +161,7 @@ check_signature2 (ctrl_t ctrl,
|
||||
NULL))
|
||||
{
|
||||
/* Compliance failure. */
|
||||
log_error (_("key %s is not suitable for signature verification"
|
||||
" in %s mode\n"),
|
||||
log_error (_("key %s may not be used for signing in %s mode\n"),
|
||||
keystr_from_pk (pk),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||
|
@ -281,8 +281,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
|
||||
/* Check compliance. */
|
||||
if (! gnupg_digest_is_allowed (opt.compliance, 1, mdalgo))
|
||||
{
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
gcry_md_algo_name (mdalgo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
err = gpg_error (GPG_ERR_DIGEST_ALGO);
|
||||
@ -292,7 +291,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
|
||||
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pksk->pubkey_algo,
|
||||
pksk->pkey, nbits_from_pk (pksk), NULL))
|
||||
{
|
||||
log_error (_("key %s not suitable for signing while in %s mode\n"),
|
||||
log_error (_("key %s may not be used for signing in %s mode\n"),
|
||||
keystr_from_pk (pksk),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||
|
@ -361,8 +361,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
||||
/* Check compliance. */
|
||||
if (! gnupg_cipher_is_allowed (opt.compliance, 0, algo, mode))
|
||||
{
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s'"
|
||||
" may not be used in %s mode\n"),
|
||||
gcry_cipher_algo_name (algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||
@ -489,7 +489,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
|
||||
snprintf (kidstr, sizeof kidstr, "0x%08lX",
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
log_info
|
||||
(_("Note: key %s was not suitable for encryption"
|
||||
(_("Note: key %s is not suitable for encryption"
|
||||
" in %s mode\n"),
|
||||
kidstr,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
@ -412,8 +412,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
|
||||
(opt.compliance, 1, gcry_cipher_map_name (opt.def_cipher_algoid),
|
||||
gcry_cipher_mode_from_oid (opt.def_cipher_algoid)))
|
||||
{
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
opt.def_cipher_algoid,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
|
||||
|
@ -1628,8 +1628,7 @@ main ( int argc, char **argv)
|
||||
gcry_cipher_mode_from_oid
|
||||
(opt.def_cipher_algoid),
|
||||
GCRY_CIPHER_MODE_NONE))
|
||||
log_error (_("you may not use cipher algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
|
||||
opt.def_cipher_algoid,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
@ -1639,8 +1638,7 @@ main ( int argc, char **argv)
|
||||
|| cmd == aSignEncr
|
||||
|| cmd == aClearsign,
|
||||
opt.forced_digest_algo))
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
forced_digest_algo,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
@ -1650,8 +1648,7 @@ main ( int argc, char **argv)
|
||||
|| cmd == aSignEncr
|
||||
|| cmd == aClearsign,
|
||||
opt.extra_digest_algo))
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
forced_digest_algo,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
|
||||
|
12
sm/sign.c
12
sm/sign.c
@ -475,8 +475,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
||||
/* Check compliance. */
|
||||
if (! gnupg_digest_is_allowed (opt.compliance, 1, cl->hash_algo))
|
||||
{
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
gcry_md_algo_name (cl->hash_algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
err = gpg_error (GPG_ERR_DIGEST_ALGO);
|
||||
@ -490,9 +489,12 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
||||
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo,
|
||||
NULL, nbits, NULL))
|
||||
{
|
||||
log_error ("certificate ID 0x%08lX not suitable for "
|
||||
"signing while in %s mode\n",
|
||||
gpgsm_get_short_fingerprint (cl->cert, NULL),
|
||||
char kidstr[10+1];
|
||||
|
||||
snprintf (kidstr, sizeof kidstr, "0x%08lX",
|
||||
gpgsm_get_short_fingerprint (cl->cert, NULL));
|
||||
log_error (_("key %s may not be used for signing in %s mode\n"),
|
||||
kidstr,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||
goto leave;
|
||||
|
12
sm/verify.c
12
sm/verify.c
@ -458,17 +458,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
|
||||
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
|
||||
pk_algo, NULL, nbits, NULL))
|
||||
{
|
||||
log_error ("certificate ID 0x%08lX not suitable for "
|
||||
"verification while in %s mode\n",
|
||||
gpgsm_get_short_fingerprint (cert, NULL),
|
||||
char kidstr[10+1];
|
||||
|
||||
snprintf (kidstr, sizeof kidstr, "0x%08lX",
|
||||
gpgsm_get_short_fingerprint (cert, NULL));
|
||||
log_error (_("key %s may not be used for signing in %s mode\n"),
|
||||
kidstr,
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
goto next_signer;
|
||||
}
|
||||
|
||||
if (! gnupg_digest_is_allowed (opt.compliance, 0, sigval_hash_algo))
|
||||
{
|
||||
log_error (_("you may not use digest algorithm '%s'"
|
||||
" while in %s mode\n"),
|
||||
log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
|
||||
gcry_md_algo_name (sigval_hash_algo),
|
||||
gnupg_compliance_option_string (opt.compliance));
|
||||
goto next_signer;
|
||||
|
Loading…
x
Reference in New Issue
Block a user