diff options
| -rw-r--r-- | g10/decrypt-data.c | 3 | ||||
| -rw-r--r-- | g10/encrypt.c | 7 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 21 | ||||
| -rw-r--r-- | g10/sign.c | 2 | ||||
| -rw-r--r-- | sm/decrypt.c | 3 | ||||
| -rw-r--r-- | sm/encrypt.c | 6 | ||||
| -rw-r--r-- | sm/gpgsm.c | 12 |
7 files changed, 33 insertions, 21 deletions
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 77681d199..12693fe61 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -99,7 +99,8 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) } /* Check compliance. */ - if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, GCRY_CIPHER_MODE_CFB)) + if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo, + GCRY_CIPHER_MODE_CFB)) { log_error (_("you may not use cipher algorithm '%s'" " while in %s mode\n"), diff --git a/g10/encrypt.c b/g10/encrypt.c index b92a4f046..0d96659eb 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -630,10 +630,13 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, for (pkr = pk_list; pkr; pkr = pkr->next) { PKT_public_key *pk = pkr->pk; - if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk->pubkey_algo, + + if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, + pk->pubkey_algo, pk->pkey, nbits_from_pk (pk), NULL)) { - log_error ("key %s not suitable for encryption while in %s mode\n", + log_error (_("key %s not suitable for encryption" + " while in %s mode\n"), keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance)); rc = gpg_error (GPG_ERR_PUBKEY_ALGO); diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 9a7c0911a..0ddb8d7bb 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -95,13 +95,14 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) sk->pubkey_algo, sk->pkey, nbits_from_pk (sk), NULL)) { - log_info ("key %s not suitable for decryption while in %s mode\n", - keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance)); - free_public_key (sk); - return gpg_error (GPG_ERR_PUBKEY_ALGO); + log_info (_("key %s not suitable for decryption" + " while in %s mode\n"), + keystr_from_pk (sk), + gnupg_compliance_option_string (opt.compliance)); + rc = gpg_error (GPG_ERR_PUBKEY_ALGO); } - - rc = get_it (ctrl, k, dek, sk, k->keyid); + else + rc = get_it (ctrl, k, dek, sk, k->keyid); } } else if (opt.skip_hidden_recipients) @@ -135,8 +136,10 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) sk->pubkey_algo, sk->pkey, nbits_from_pk (sk), NULL)) { - log_info ("key %s not suitable for decryption while in %s mode\n", - keystr_from_pk (sk), gnupg_compliance_option_string (opt.compliance)); + log_info (_("key %s not suitable for decryption" + " while in %s mode\n"), + keystr_from_pk (sk), + gnupg_compliance_option_string (opt.compliance)); continue; } @@ -153,7 +156,7 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) enum_secret_keys (ctrl, &enum_context, NULL); /* free context */ } -leave: + leave: free_public_key (sk); if (DBG_CLOCK) log_clock ("get_session_key leave"); diff --git a/g10/sign.c b/g10/sign.c index 71b040899..0ba115188 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -292,7 +292,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig, if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pksk->pubkey_algo, pksk->pkey, nbits_from_pk (pksk), NULL)) { - log_error ("key %s not suitable for signing while in %s mode\n", + log_error (_("key %s not suitable for signing while in %s mode\n"), keystr_from_pk (pksk), gnupg_compliance_option_string (opt.compliance)); err = gpg_error (GPG_ERR_PUBKEY_ALGO); diff --git a/sm/decrypt.c b/sm/decrypt.c index 16181df00..170ad5ad3 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -481,7 +481,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) int pk_algo = gpgsm_get_key_algo_info (cert, &nbits); /* Check compliance. */ - if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION, + if (! gnupg_pk_is_allowed (opt.compliance, + PK_USE_DECRYPTION, pk_algo, NULL, nbits, NULL)) { log_error ("certificate ID 0x%08lX not suitable for " diff --git a/sm/encrypt.c b/sm/encrypt.c index 9957bb90f..2819a22b5 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -407,9 +407,9 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) } /* Check compliance. */ - if (! gnupg_cipher_is_allowed (opt.compliance, 1, - gcry_cipher_map_name (opt.def_cipher_algoid), - gcry_cipher_mode_from_oid (opt.def_cipher_algoid))) + if (!gnupg_cipher_is_allowed + (opt.compliance, 1, gcry_cipher_map_name (opt.def_cipher_algoid), + gcry_cipher_mode_from_oid (opt.def_cipher_algoid))) { log_error (_("you may not use cipher algorithm '%s'" " while in %s mode\n"), diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 5277140f2..4e337fe8c 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -1625,11 +1625,13 @@ main ( int argc, char **argv) GCRY_CIPHER_MODE_NONE) && ! gnupg_cipher_is_allowed (opt.compliance, cmd == aEncr || cmd == aSignEncr, - gcry_cipher_mode_from_oid (opt.def_cipher_algoid), + gcry_cipher_mode_from_oid + (opt.def_cipher_algoid), GCRY_CIPHER_MODE_NONE)) log_error (_("you may not use cipher algorithm '%s'" " while in %s mode\n"), - opt.def_cipher_algoid, gnupg_compliance_option_string (opt.compliance)); + opt.def_cipher_algoid, + gnupg_compliance_option_string (opt.compliance)); if (forced_digest_algo && ! gnupg_digest_is_allowed (opt.compliance, @@ -1639,7 +1641,8 @@ main ( int argc, char **argv) opt.forced_digest_algo)) log_error (_("you may not use digest algorithm '%s'" " while in %s mode\n"), - forced_digest_algo, gnupg_compliance_option_string (opt.compliance)); + forced_digest_algo, + gnupg_compliance_option_string (opt.compliance)); if (extra_digest_algo && ! gnupg_digest_is_allowed (opt.compliance, @@ -1649,7 +1652,8 @@ main ( int argc, char **argv) opt.extra_digest_algo)) log_error (_("you may not use digest algorithm '%s'" " while in %s mode\n"), - forced_digest_algo, gnupg_compliance_option_string (opt.compliance)); + forced_digest_algo, + gnupg_compliance_option_string (opt.compliance)); if (log_get_errorcount(0)) gpgsm_exit(2); |