diff options
Diffstat (limited to 'sm/encrypt.c')
| -rw-r--r-- | sm/encrypt.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/sm/encrypt.c b/sm/encrypt.c index 2819a22b5..9e3216a79 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -313,6 +313,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) estream_t data_fp = NULL; certlist_t cl; int count; + int compliant; memset (&encparm, 0, sizeof encparm); @@ -456,15 +457,19 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid); + compliant = gnupg_cipher_is_compliant (CO_DE_VS, dek->algo, + GCRY_CIPHER_MODE_CBC); + /* Gather certificates of recipients, encrypt the session key for each and store them in the CMS object */ for (recpno = 0, cl = recplist; cl; recpno++, cl = cl->next) { unsigned char *encval; + unsigned int nbits; + int pk_algo; /* Check compliance. */ - unsigned int nbits; - int pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); + pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo, NULL, nbits, NULL)) { @@ -476,6 +481,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) goto leave; } + /* Fixme: When adding ECC we need to provide the curvename and + * the key to gnupg_pk_is_compliant. */ + if (compliant + && !gnupg_pk_is_compliant (CO_DE_VS, pk_algo, NULL, nbits, NULL)) + compliant = 0; + rc = encrypt_dek (dek, cl->cert, &encval); if (rc) { @@ -508,6 +519,10 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) } } + if (compliant) + gpgsm_status (ctrl, STATUS_ENCRYPTION_COMPLIANCE_MODE, + gnupg_status_compliance_flag (CO_DE_VS)); + /* Main control loop for encryption. */ recpno = 0; do |