[Pkg-gnupg-commit] [gnupg2] 168/185: gpg, sm: Allow encryption (with warning) to any key in de-vs mode.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:33 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 1bd22a85b4f06324037b3500d2fa8af62733c926
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jul 27 14:54:50 2017 +0200
gpg,sm: Allow encryption (with warning) to any key in de-vs mode.
* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
GnuPG-bug-id: 3306
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/encrypt.c | 16 ++++++----------
sm/encrypt.c | 17 +++++++++--------
2 files changed, 15 insertions(+), 18 deletions(-)
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c63ec88..c7982d4 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -657,16 +657,12 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
PKT_public_key *pk = pkr->pk;
unsigned int nbits = nbits_from_pk (pk);
- if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION,
- pk->pubkey_algo, pk->pkey, nbits, NULL))
- {
- log_error (_("key %s not suitable for encryption"
- " while in %s mode\n"),
- keystr_from_pk (pk),
- gnupg_compliance_option_string (opt.compliance));
- rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
- goto leave;
- }
+ if (!gnupg_pk_is_compliant (opt.compliance,
+ pk->pubkey_algo, pk->pkey, nbits, NULL))
+ log_info (_("WARNING: key %s is not suitable for encryption"
+ " in %s mode\n"),
+ keystr_from_pk (pk),
+ gnupg_compliance_option_string (opt.compliance));
if (compliant
&& !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 7351932..0225476 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -481,15 +481,16 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
/* Check compliance. */
pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
- if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo,
- NULL, nbits, NULL))
+ if (!gnupg_pk_is_compliant (opt.compliance, pk_algo, NULL, nbits, NULL))
{
- log_error ("certificate ID 0x%08lX not suitable for "
- "encryption while in %s mode\n",
- gpgsm_get_short_fingerprint (cl->cert, NULL),
- gnupg_compliance_option_string (opt.compliance));
- rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
- goto leave;
+ char kidstr[10+1];
+
+ snprintf (kidstr, sizeof kidstr, "0x%08lX",
+ gpgsm_get_short_fingerprint (cl->cert, NULL));
+ log_info (_("WARNING: key %s is not suitable for encryption"
+ " in %s mode\n"),
+ kidstr,
+ gnupg_compliance_option_string (opt.compliance));
}
/* Fixme: When adding ECC we need to provide the curvename and
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list