diff options
| author | Werner Koch <[email protected]> | 2017-06-19 15:50:02 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-06-19 17:57:11 +0000 |
| commit | 3621dbe52584bc8b417f61b5370ebaa5598db956 (patch) | |
| tree | fb35fed8b4be7e65927e3935313bea70750193ed /sm/decrypt.c | |
| parent | indent: Always use "_(" and not "_ (" to mark translatable strings. (diff) | |
| download | gnupg-3621dbe52584bc8b417f61b5370ebaa5598db956.tar.gz gnupg-3621dbe52584bc8b417f61b5370ebaa5598db956.zip | |
gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check. Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
assert by debug message.
--
Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative. Better use a boolean test.
The assert could have lead to a regression for no good reason. Not
being compliant is better than breaking existing users.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'sm/decrypt.c')
| -rw-r--r-- | sm/decrypt.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sm/decrypt.c b/sm/decrypt.c index 7d43405f4..16181df00 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -493,9 +493,10 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) } /* Check that all certs are compliant with CO_DE_VS. */ - is_de_vs = (is_de_vs - && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, - nbits, NULL)); + is_de_vs = + (is_de_vs + && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, + nbits, NULL)); } oops: |