mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-16 00:29:50 +02:00
gpg: Stop early when trying to create a primary Elgamal key.
* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
--
The problem is that --key-gen --batch with a parameter file didn't
detect that Elgamal is not capable of signing and so an error was only
triggered at the time the self-signature was created. See the code
comment for details.
GnuPG-bug-id: 4329
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f97dc55ff1
)
This commit is contained in:
parent
9dc76d599c
commit
f5d3b982e4
|
@ -644,6 +644,13 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
|
||||||
if (!ga)
|
if (!ga)
|
||||||
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||||
|
|
||||||
|
/* Elgamal in OpenPGP used to support signing and Libgcrypt still
|
||||||
|
* does. However, we removed the signing capability from gpg ages
|
||||||
|
* ago. This function should reflect this so that errors are thrown
|
||||||
|
* early and not only when we try to sign using Elgamal. */
|
||||||
|
if (ga == GCRY_PK_ELG && (use & (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)))
|
||||||
|
return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
|
||||||
|
|
||||||
/* Now check whether Libgcrypt has support for the algorithm. */
|
/* Now check whether Libgcrypt has support for the algorithm. */
|
||||||
return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf);
|
return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user