From f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 22 Jan 2019 10:06:15 +0100
Subject: [PATCH] gpg: Stop early when trying to create a primary Elgamal key.

* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
--

The problem is that --key-gen --batch with a parameter file didn't
detect that Elgamal is not capable of signing and so an error was only
triggered at the time the self-signature was created.  See the code
comment for details.

GnuPG-bug-id: 4329
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/misc.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/g10/misc.c b/g10/misc.c
index f129e8327..a3f0c679e 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -723,6 +723,13 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
   if (!ga)
     return gpg_error (GPG_ERR_PUBKEY_ALGO);
 
+  /* Elgamal in OpenPGP used to support signing and Libgcrypt still
+   * does.  However, we removed the signing capability from gpg ages
+   * ago.  This function should reflect this so that errors are thrown
+   * early and not only when we try to sign using Elgamal.  */
+  if (ga == GCRY_PK_ELG && (use & (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)))
+    return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+
   /* Now check whether Libgcrypt has support for the algorithm.  */
   return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf);
 }