aboutsummaryrefslogtreecommitdiffstats
path: root/g10/encrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'g10/encrypt.c')
-rw-r--r--g10/encrypt.c31
1 files changed, 28 insertions, 3 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c
index 40169e1e5..a021c0e07 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -325,7 +325,11 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
if (rc)
{
iobuf_close (inp);
- log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
+ if (gpg_err_code (rc) == GPG_ERR_CIPHER_ALGO
+ || gpg_err_code (rc) == GPG_ERR_DIGEST_ALGO)
+ ; /* Error has already been printed. */
+ else
+ log_error (_("error creating passphrase: %s\n"), gpg_strerror (rc));
release_progress_context (pfx);
return rc;
}
@@ -530,12 +534,33 @@ gpg_error_t
setup_symkey (STRING2KEY **symkey_s2k, DEK **symkey_dek)
{
int canceled;
+ int defcipher;
+ int s2kdigest;
+
+ defcipher = default_cipher_algo ();
+ if (!gnupg_cipher_is_allowed (opt.compliance, 1, defcipher,
+ GCRY_CIPHER_MODE_CFB))
+ {
+ log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
+ openpgp_cipher_algo_name (defcipher),
+ gnupg_compliance_option_string (opt.compliance));
+ return gpg_error (GPG_ERR_CIPHER_ALGO);
+ }
+
+ s2kdigest = S2K_DIGEST_ALGO;
+ if (!gnupg_digest_is_allowed (opt.compliance, 1, s2kdigest))
+ {
+ log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
+ gcry_md_algo_name (s2kdigest),
+ gnupg_compliance_option_string (opt.compliance));
+ return gpg_error (GPG_ERR_DIGEST_ALGO);
+ }
*symkey_s2k = xmalloc_clear (sizeof **symkey_s2k);
(*symkey_s2k)->mode = opt.s2k_mode;
- (*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;
+ (*symkey_s2k)->hash_algo = s2kdigest;
- *symkey_dek = passphrase_to_dek (default_cipher_algo (),
+ *symkey_dek = passphrase_to_dek (defcipher,
*symkey_s2k, 1, 0, NULL, &canceled);
if (!*symkey_dek || !(*symkey_dek)->keylen)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 06:52:25 +0000