diff options
| author | Werner Koch <[email protected]> | 2017-07-27 11:56:38 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-07-27 11:56:38 +0000 |
| commit | a0d0cbee7654ad7582400efaa92d493cd8e669e9 (patch) | |
| tree | 20bfb26e2b78690f8ab54dc115dd5543f3331618 /g10/pubkey-enc.c | |
| parent | indent: Wrap an overlong line. (diff) | |
| download | gnupg-a0d0cbee7654ad7582400efaa92d493cd8e669e9.tar.gz gnupg-a0d0cbee7654ad7582400efaa92d493cd8e669e9.zip | |
gpg,sm: Fix compliance checking for decryption.
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check. We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg
so that we have only one translation.
--
We always allow decryption and print only a note if the key was not
complaint at the encryption site.
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/pubkey-enc.c')
| -rw-r--r-- | g10/pubkey-enc.c | 42 |
1 files changed, 18 insertions, 24 deletions
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 0ddb8d7bb..013fd2f1b 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -90,19 +90,16 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */ if (!(rc = get_seckey (ctrl, sk, k->keyid))) { - /* Check compliance. */ - if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION, - sk->pubkey_algo, - sk->pkey, nbits_from_pk (sk), NULL)) - { - log_info (_("key %s not suitable for decryption" - " while in %s mode\n"), - keystr_from_pk (sk), - gnupg_compliance_option_string (opt.compliance)); - rc = gpg_error (GPG_ERR_PUBKEY_ALGO); - } - else - rc = get_it (ctrl, k, dek, sk, k->keyid); + /* Print compliance warning. */ + if (!gnupg_pk_is_compliant (opt.compliance, + sk->pubkey_algo, + sk->pkey, nbits_from_pk (sk), NULL)) + log_info (_("Note: key %s was not suitable for encryption" + " in %s mode\n"), + keystr_from_pk (sk), + gnupg_compliance_option_string (opt.compliance)); + + rc = get_it (ctrl, k, dek, sk, k->keyid); } } else if (opt.skip_hidden_recipients) @@ -131,17 +128,14 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) log_info (_("anonymous recipient; trying secret key %s ...\n"), keystr (keyid)); - /* Check compliance. */ - if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION, - sk->pubkey_algo, - sk->pkey, nbits_from_pk (sk), NULL)) - { - log_info (_("key %s not suitable for decryption" - " while in %s mode\n"), - keystr_from_pk (sk), - gnupg_compliance_option_string (opt.compliance)); - continue; - } + /* Print compliance warning. */ + if (!gnupg_pk_is_compliant (opt.compliance, + sk->pubkey_algo, + sk->pkey, nbits_from_pk (sk), NULL)) + log_info (_("Note: key %s was not suitable for encryption" + " in %s mode\n"), + keystr_from_pk (sk), + gnupg_compliance_option_string (opt.compliance)); rc = get_it (ctrl, k, dek, sk, keyid); if (!rc) |