diff options
| author | Werner Koch <[email protected]> | 2017-06-20 07:25:56 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-06-23 10:01:20 +0000 |
| commit | f31dc2540acf7cd7f09fd94658e815822222bfcb (patch) | |
| tree | bf921cdb81341d25575ac6895da19d53038699e2 /g10/encrypt.c | |
| parent | indent,i18n: Make some new strings translatable. Wrap too long lines. (diff) | |
| download | gnupg-f31dc2540acf7cd7f09fd94658e815822222bfcb.tar.gz gnupg-f31dc2540acf7cd7f09fd94658e815822222bfcb.zip | |
gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
This status code allows to report whether an encryption operation was
compliant to de-vs.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/encrypt.c')
| -rw-r--r-- | g10/encrypt.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index 0d96659eb..4b21a6178 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -486,6 +486,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, progress_filter_context_t *pfx; PK_LIST pk_list; int do_compress; + int compliant; if (filefd != -1 && filename) return gpg_error (GPG_ERR_INV_ARG); /* Both given. */ @@ -625,15 +626,19 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, goto leave; } + compliant = gnupg_cipher_is_compliant (CO_DE_VS, cfx.dek->algo, + GCRY_CIPHER_MODE_CFB); + { pk_list_t pkr; + for (pkr = pk_list; pkr; pkr = pkr->next) { PKT_public_key *pk = pkr->pk; + unsigned int nbits = nbits_from_pk (pk); if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, - pk->pubkey_algo, - pk->pkey, nbits_from_pk (pk), NULL)) + pk->pubkey_algo, pk->pkey, nbits, NULL)) { log_error (_("key %s not suitable for encryption" " while in %s mode\n"), @@ -642,9 +647,20 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, rc = gpg_error (GPG_ERR_PUBKEY_ALGO); goto leave; } + + if (compliant + && !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey, + nbits, NULL)) + compliant = 0; } + } + if (compliant) + write_status_strings (STATUS_ENCRYPTION_COMPLIANCE_MODE, + gnupg_status_compliance_flag (CO_DE_VS), + NULL); + cfx.dek->use_mdc = use_mdc (pk_list,cfx.dek->algo); /* Only do the is-file-already-compressed check if we are using a @@ -965,7 +981,8 @@ write_pubkey_enc_from_list (ctrl_t ctrl, PK_LIST pk_list, DEK *dek, iobuf_t out) if (opt.throw_keyids && (PGP6 || PGP7 || PGP8)) { log_info(_("you may not use %s while in %s mode\n"), - "--throw-keyids", gnupg_compliance_option_string (opt.compliance)); + "--throw-keyids", + gnupg_compliance_option_string (opt.compliance)); compliance_failure(); } |