diff options
| author | Justus Winter <[email protected]> | 2017-06-19 09:00:04 +0000 |
|---|---|---|
| committer | Justus Winter <[email protected]> | 2017-06-19 09:00:04 +0000 |
| commit | 6e23416fe61d4130918f2d1bf6e1f98d102c4610 (patch) | |
| tree | 0fa8951fd4f6d121cb74e61c44afce304f845b3e /common | |
| parent | gpg: Check and fix keys on import. (diff) | |
| download | gnupg-6e23416fe61d4130918f2d1bf6e1f98d102c4610.tar.gz gnupg-6e23416fe61d4130918f2d1bf6e1f98d102c4610.zip | |
gpg: Disable compliance module for other GnuPG components.
* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--
This implements a default policy for modules not explicitly using the
compliance module. The default policy is to allow all algorithms, but
mark none of them as compliant.
Fixes gpgv.
GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <[email protected]>
Diffstat (limited to 'common')
| -rw-r--r-- | common/compliance.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/common/compliance.c b/common/compliance.c index b19112c3a..2662273d9 100644 --- a/common/compliance.c +++ b/common/compliance.c @@ -100,7 +100,8 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo, enum { is_rsa, is_dsa, is_pgp5, is_elg_sign, is_ecc } algotype; int result = 0; - log_assert (initialized); + if (! initialized) + return 0; switch (algo) { @@ -202,6 +203,9 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, enum pk_use_case use, int algo, gcry_mpi_t key[], unsigned int keylength, const char *curvename) { + if (! initialized) + return 1; + switch (compliance) { case CO_DE_VS: @@ -298,7 +302,8 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t cipher, enum gcry_cipher_modes mode) { - log_assert (initialized); + if (! initialized) + return 0; switch (compliance) { @@ -340,6 +345,9 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer, cipher_algo_t cipher, enum gcry_cipher_modes mode) { + if (! initialized) + return 1; + switch (compliance) { case CO_DE_VS: @@ -386,7 +394,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer, int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance, digest_algo_t digest) { - log_assert (initialized); + if (! initialized) + return 0; switch (compliance) { @@ -418,6 +427,9 @@ int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer, digest_algo_t digest) { + if (! initialized) + return 1; + switch (compliance) { case CO_DE_VS: @@ -450,8 +462,6 @@ gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer, const char * gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance) { - log_assert (initialized); - switch (compliance) { case CO_GNUPG: @@ -482,8 +492,6 @@ gnupg_parse_compliance_option (const char *string, { size_t i; - log_assert (initialized); - if (! ascii_strcasecmp (string, "help")) { log_info (_ ("valid values for option '%s':\n"), "--compliance"); @@ -507,8 +515,6 @@ gnupg_parse_compliance_option (const char *string, const char * gnupg_compliance_option_string (enum gnupg_compliance_mode compliance) { - log_assert (initialized); - switch (compliance) { case CO_GNUPG: return "--compliance=gnupg"; |