From 3621dbe52584bc8b417f61b5370ebaa5598db956 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 19 Jun 2017 17:50:02 +0200
Subject: gpg,gpgsm: Fix compliance check for DSA and avoid an assert.

* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check.  Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
assert by debug message.

--

Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative.  Better use a boolean test.

The assert could have lead to a regression for no good reason.  Not
being compliant is better than breaking existing users.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 sm/decrypt.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'sm')

diff --git a/sm/decrypt.c b/sm/decrypt.c
index 7d43405f4..16181df00 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -493,9 +493,10 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                       }
 
                     /* Check that all certs are compliant with CO_DE_VS.  */
-                    is_de_vs = (is_de_vs
-                                && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
-                                                          nbits, NULL));
+                    is_de_vs =
+                      (is_de_vs
+                       && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL,
+                                                 nbits, NULL));
                   }
 
                 oops:
-- 
cgit v1.2.3