[Pkg-gnupg-commit] [gnupg2] 56/185: gpg: Disable compliance module for other GnuPG components.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:20 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 6e23416fe61d4130918f2d1bf6e1f98d102c4610
Author: Justus Winter <justus at g10code.com>
Date: Mon Jun 19 11:00:04 2017 +0200
gpg: Disable compliance module for other GnuPG components.
* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--
This implements a default policy for modules not explicitly using the
compliance module. The default policy is to allow all algorithms, but
mark none of them as compliant.
Fixes gpgv.
GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <justus at g10code.com>
---
common/compliance.c | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/common/compliance.c b/common/compliance.c
index b19112c..2662273 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -100,7 +100,8 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
enum { is_rsa, is_dsa, is_pgp5, is_elg_sign, is_ecc } algotype;
int result = 0;
- log_assert (initialized);
+ if (! initialized)
+ return 0;
switch (algo)
{
@@ -202,6 +203,9 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
enum pk_use_case use, int algo, gcry_mpi_t key[],
unsigned int keylength, const char *curvename)
{
+ if (! initialized)
+ return 1;
+
switch (compliance)
{
case CO_DE_VS:
@@ -298,7 +302,8 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
cipher_algo_t cipher,
enum gcry_cipher_modes mode)
{
- log_assert (initialized);
+ if (! initialized)
+ return 0;
switch (compliance)
{
@@ -340,6 +345,9 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
cipher_algo_t cipher,
enum gcry_cipher_modes mode)
{
+ if (! initialized)
+ return 1;
+
switch (compliance)
{
case CO_DE_VS:
@@ -386,7 +394,8 @@ gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
int
gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance, digest_algo_t digest)
{
- log_assert (initialized);
+ if (! initialized)
+ return 0;
switch (compliance)
{
@@ -418,6 +427,9 @@ int
gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer,
digest_algo_t digest)
{
+ if (! initialized)
+ return 1;
+
switch (compliance)
{
case CO_DE_VS:
@@ -450,8 +462,6 @@ gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer,
const char *
gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance)
{
- log_assert (initialized);
-
switch (compliance)
{
case CO_GNUPG:
@@ -482,8 +492,6 @@ gnupg_parse_compliance_option (const char *string,
{
size_t i;
- log_assert (initialized);
-
if (! ascii_strcasecmp (string, "help"))
{
log_info (_ ("valid values for option '%s':\n"), "--compliance");
@@ -507,8 +515,6 @@ gnupg_parse_compliance_option (const char *string,
const char *
gnupg_compliance_option_string (enum gnupg_compliance_mode compliance)
{
- log_assert (initialized);
-
switch (compliance)
{
case CO_GNUPG: return "--compliance=gnupg";
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list