3 files changed, 38 insertions, 38 deletions

diff --git a/g10/export.c b/g10/export.c
index 6a921c192..b4f1a2e4d 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -462,7 +462,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
   xfree (string); string = NULL;
   if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
       || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
-      || !npkey || npkey >= nskey || nskey > PUBKEY_MAX_NSKEY)
+      || !npkey || npkey >= nskey)
     goto bad_seckey;
 
   /* Check that the pubkey algo matches the one from the public key.  */
@@ -503,6 +503,10 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
       goto leave;
     }
 
+  /* This check has to go after the ecc adjustments. */
+  if (nskey > PUBKEY_MAX_NSKEY)
+    goto bad_seckey;
+
   /* Parse the key parameters.  */
   gcry_sexp_release (list);
   list = gcry_sexp_find_token (top_list, "skey", 0);
diff --git a/g10/keygen.c b/g10/keygen.c
index 1bf534837..c2c31d52e 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -338,23 +338,14 @@ keygen_set_std_prefs (const char *string,int personal)
 	      strcat(dummy_string,"S8 ");
 	    if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) )
 	      strcat(dummy_string,"S7 ");
-	    if ( !openpgp_cipher_test_algo (CIPHER_ALGO_CAST5) )
-	      strcat(dummy_string,"S3 ");
 	    strcat(dummy_string,"S2 "); /* 3DES */
 
             /* The default hash algo order is:
-                 SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
-               Ordering SHA-1 before SHA-384 might be viewed as a bit
-               strange; it is done because we expect that soon enough
-               SHA-3 will be available and at that point there should
-               be no more need for SHA-384 etc.  Anyway this order is
-               just a default and can easily be changed by a config
-               option.  */
+                 SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
+             */
 	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
 	      strcat (dummy_string, "H8 ");
 
-	    strcat (dummy_string, "H2 "); /* SHA-1 */
-
 	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
 	      strcat (dummy_string, "H9 ");
 
@@ -364,6 +355,8 @@ keygen_set_std_prefs (const char *string,int personal)
 	    if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
 	      strcat (dummy_string, "H11 ");
 
+	    strcat (dummy_string, "H2 "); /* SHA-1 */
+
 	    if(!check_compress_algo(COMPRESS_ALGO_ZLIB))
               {
                 strcat(dummy_string,"Z2 ");
diff --git a/g10/pkglue.c b/g10/pkglue.c
index 67d2efd39..684ce8a1d 100644
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@@ -190,7 +190,9 @@ int
 pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
             PKT_public_key *pk, gcry_mpi_t *pkey)
 {
-  gcry_sexp_t s_ciph, s_data, s_pkey;
+  gcry_sexp_t s_ciph = NULL;
+  gcry_sexp_t s_data = NULL;
+  gcry_sexp_t s_pkey = NULL;
   int rc;
 
   /* Make a sexp from pkey.  */
@@ -200,9 +202,8 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
 			    "(public-key(elg(p%m)(g%m)(y%m)))",
 			    pkey[0], pkey[1], pkey[2]);
       /* Put DATA into a simplified S-expression.  */
-      if (rc || gcry_sexp_build (&s_data, NULL, "%m", data))
-        BUG ();
-
+      if (!rc)
+        rc = gcry_sexp_build (&s_data, NULL, "%m", data);
     }
   else if (algo == PUBKEY_ALGO_RSA || algo == PUBKEY_ALGO_RSA_E)
     {
@@ -210,40 +211,42 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
 			    "(public-key(rsa(n%m)(e%m)))",
 			    pkey[0], pkey[1]);
       /* Put DATA into a simplified S-expression.  */
-      if (rc || gcry_sexp_build (&s_data, NULL, "%m", data))
-        BUG ();
+      if (!rc)
+        rc = gcry_sexp_build (&s_data, NULL, "%m", data);
     }
   else if (algo == PUBKEY_ALGO_ECDH)
     {
       gcry_mpi_t k;
-      char *curve;
 
       rc = pk_ecdh_generate_ephemeral_key (pkey, &k);
-      if (rc)
-        return rc;
-
-      curve = openpgp_oid_to_str (pkey[0]);
-      if (!curve)
-        rc = gpg_error_from_syserror ();
-      else
+      if (!rc)
         {
-          /* Now use the ephemeral secret to compute the shared point.  */
-          rc = gcry_sexp_build (&s_pkey, NULL,
-                                "(public-key(ecdh(curve%s)(q%m)))",
-                                curve, pkey[1]);
-          xfree (curve);
-          /* FIXME: Take care of RC.  */
-          /* Put K into a simplified S-expression.  */
-          if (rc || gcry_sexp_build (&s_data, NULL, "%m", k))
-            BUG ();
+          char *curve;
+
+          curve = openpgp_oid_to_str (pkey[0]);
+          if (!curve)
+            rc = gpg_error_from_syserror ();
+          else
+            {
+              /* Now use the ephemeral secret to compute the shared point.  */
+              rc = gcry_sexp_build (&s_pkey, NULL,
+                                    "(public-key(ecdh(curve%s)(q%m)))",
+                                    curve, pkey[1]);
+              xfree (curve);
+              /* Put K into a simplified S-expression.  */
+              if (!rc)
+                rc = gcry_sexp_build (&s_data, NULL, "%m", k);
+            }
+          gcry_mpi_release (k);
         }
     }
   else
-    return gpg_error (GPG_ERR_PUBKEY_ALGO);
-
+    rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
 
   /* Pass it to libgcrypt. */
-  rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+  if (!rc)
+    rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+
   gcry_sexp_release (s_data);
   gcry_sexp_release (s_pkey);