[Pkg-gnupg-commit] [gnupg2] 174/185: gpg, sm: String changes for compliance diagnostics.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:34 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit efe187e8a2b583defdcd9d4b96e3dc83f95bef0d
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jul 28 17:46:43 2017 +0200
gpg,sm: String changes for compliance diagnostics.
Signed-off-by: Werner Koch <wk at gnupg.org>
---
g10/decrypt-data.c | 3 +--
g10/encrypt.c | 5 ++---
g10/gpg.c | 31 ++++++++++++++++---------------
g10/pkclist.c | 4 ++--
g10/pubkey-enc.c | 4 ++--
g10/sig-check.c | 6 ++----
g10/sign.c | 5 ++---
sm/decrypt.c | 6 +++---
sm/encrypt.c | 3 +--
sm/gpgsm.c | 9 +++------
sm/sign.c | 12 +++++++-----
sm/verify.c | 12 +++++++-----
12 files changed, 48 insertions(+), 52 deletions(-)
diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c
index 12693fe..736534d 100644
--- a/g10/decrypt-data.c
+++ b/g10/decrypt-data.c
@@ -102,8 +102,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek)
if (! gnupg_cipher_is_allowed (opt.compliance, 0, dek->algo,
GCRY_CIPHER_MODE_CFB))
{
- log_error (_("you may not use cipher algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
openpgp_cipher_algo_name (dek->algo),
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c7982d4..c68d6d5 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -628,8 +628,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (! gnupg_cipher_is_allowed (opt.compliance, 1, cfx.dek->algo,
GCRY_CIPHER_MODE_CFB))
{
- log_error (_("you may not use cipher algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
openpgp_cipher_algo_name (cfx.dek->algo),
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
@@ -996,7 +995,7 @@ write_pubkey_enc_from_list (ctrl_t ctrl, PK_LIST pk_list, DEK *dek, iobuf_t out)
{
if (opt.throw_keyids && (PGP6 || PGP7 || PGP8))
{
- log_info(_("you may not use %s while in %s mode\n"),
+ log_info(_("option '%s' may not be used in %s mode\n"),
"--throw-keyids",
gnupg_compliance_option_string (opt.compliance));
compliance_failure();
diff --git a/g10/gpg.c b/g10/gpg.c
index 52b6089..d2227b3 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3860,19 +3860,22 @@ main (int argc, char **argv)
switch(badtype)
{
case PREFTYPE_SYM:
- log_info(_("you may not use cipher algorithm '%s'"
- " while in %s mode\n"),
- badalg, gnupg_compliance_option_string (opt.compliance));
+ log_info (_("cipher algorithm '%s'"
+ " may not be used in %s mode\n"),
+ badalg,
+ gnupg_compliance_option_string (opt.compliance));
break;
case PREFTYPE_HASH:
- log_info(_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
- badalg, gnupg_compliance_option_string (opt.compliance));
+ log_info (_("digest algorithm '%s'"
+ " may not be used in %s mode\n"),
+ badalg,
+ gnupg_compliance_option_string (opt.compliance));
break;
case PREFTYPE_ZIP:
- log_info(_("you may not use compression algorithm '%s'"
- " while in %s mode\n"),
- badalg, gnupg_compliance_option_string (opt.compliance));
+ log_info (_("compression algorithm '%s'"
+ " may not be used in %s mode\n"),
+ badalg,
+ gnupg_compliance_option_string (opt.compliance));
break;
default:
BUG();
@@ -3897,8 +3900,7 @@ main (int argc, char **argv)
|| cmd == aSignEncrSym,
opt.def_cipher_algo,
GCRY_CIPHER_MODE_NONE))
- log_error (_("you may not use cipher algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
openpgp_cipher_algo_name (opt.def_cipher_algo),
gnupg_compliance_option_string (opt.compliance));
@@ -3910,8 +3912,7 @@ main (int argc, char **argv)
|| cmd == aSignSym
|| cmd == aClearsign,
opt.def_digest_algo))
- log_error (_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
gcry_md_algo_name (opt.def_digest_algo),
gnupg_compliance_option_string (opt.compliance));
@@ -4128,7 +4129,7 @@ main (int argc, char **argv)
" with --s2k-mode 0\n"));
else if(PGP6 || PGP7)
log_error(_("you cannot use --symmetric --encrypt"
- " while in %s mode\n"),
+ " in %s mode\n"),
gnupg_compliance_option_string (opt.compliance));
else
{
@@ -4189,7 +4190,7 @@ main (int argc, char **argv)
" with --s2k-mode 0\n"));
else if(PGP6 || PGP7)
log_error(_("you cannot use --symmetric --sign --encrypt"
- " while in %s mode\n"),
+ " in %s mode\n"),
gnupg_compliance_option_string (opt.compliance));
else
{
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 48cfe45..67d932e 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1026,7 +1026,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
issue a warning and switch into GnuPG mode. */
if ((rov->flags & PK_LIST_HIDDEN) && (PGP6 || PGP7 || PGP8))
{
- log_info(_("you may not use %s while in %s mode\n"),
+ log_info(_("option '%s' may not be used in %s mode\n"),
"--hidden-recipient",
gnupg_compliance_option_string (opt.compliance));
@@ -1077,7 +1077,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
GnuPG mode. */
if ((r->flags&PK_LIST_ENCRYPT_TO) && (PGP6 || PGP7 || PGP8))
{
- log_info(_("you may not use %s while in %s mode\n"),
+ log_info(_("option '%s' may not be used in %s mode\n"),
"--hidden-encrypt-to",
gnupg_compliance_option_string (opt.compliance));
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 013fd2f..272562b 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -94,7 +94,7 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
if (!gnupg_pk_is_compliant (opt.compliance,
sk->pubkey_algo,
sk->pkey, nbits_from_pk (sk), NULL))
- log_info (_("Note: key %s was not suitable for encryption"
+ log_info (_("Note: key %s is not suitable for encryption"
" in %s mode\n"),
keystr_from_pk (sk),
gnupg_compliance_option_string (opt.compliance));
@@ -132,7 +132,7 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
if (!gnupg_pk_is_compliant (opt.compliance,
sk->pubkey_algo,
sk->pkey, nbits_from_pk (sk), NULL))
- log_info (_("Note: key %s was not suitable for encryption"
+ log_info (_("Note: key %s is not suitable for encryption"
" in %s mode\n"),
keystr_from_pk (sk),
gnupg_compliance_option_string (opt.compliance));
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 2a3acc4..60e988e 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -136,8 +136,7 @@ check_signature2 (ctrl_t ctrl,
else if (! gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo))
{
/* Compliance failure. */
- log_info (_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
+ log_info (_("digest algorithm '%s' may not be used in %s mode\n"),
gcry_md_algo_name (sig->digest_algo),
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_DIGEST_ALGO);
@@ -162,8 +161,7 @@ check_signature2 (ctrl_t ctrl,
NULL))
{
/* Compliance failure. */
- log_error (_("key %s is not suitable for signature verification"
- " in %s mode\n"),
+ log_error (_("key %s may not be used for signing in %s mode\n"),
keystr_from_pk (pk),
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
diff --git a/g10/sign.c b/g10/sign.c
index f7dd974..4cf0cd3 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -281,8 +281,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
/* Check compliance. */
if (! gnupg_digest_is_allowed (opt.compliance, 1, mdalgo))
{
- log_error (_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
gcry_md_algo_name (mdalgo),
gnupg_compliance_option_string (opt.compliance));
err = gpg_error (GPG_ERR_DIGEST_ALGO);
@@ -292,7 +291,7 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig,
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pksk->pubkey_algo,
pksk->pkey, nbits_from_pk (pksk), NULL))
{
- log_error (_("key %s not suitable for signing while in %s mode\n"),
+ log_error (_("key %s may not be used for signing in %s mode\n"),
keystr_from_pk (pksk),
gnupg_compliance_option_string (opt.compliance));
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 3de742a..cdce1d4 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -361,8 +361,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
/* Check compliance. */
if (! gnupg_cipher_is_allowed (opt.compliance, 0, algo, mode))
{
- log_error (_("you may not use cipher algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("cipher algorithm '%s'"
+ " may not be used in %s mode\n"),
gcry_cipher_algo_name (algo),
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
@@ -489,7 +489,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
snprintf (kidstr, sizeof kidstr, "0x%08lX",
gpgsm_get_short_fingerprint (cert, NULL));
log_info
- (_("Note: key %s was not suitable for encryption"
+ (_("Note: key %s is not suitable for encryption"
" in %s mode\n"),
kidstr,
gnupg_compliance_option_string (opt.compliance));
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 0225476..6213a66 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -412,8 +412,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
(opt.compliance, 1, gcry_cipher_map_name (opt.def_cipher_algoid),
gcry_cipher_mode_from_oid (opt.def_cipher_algoid)))
{
- log_error (_("you may not use cipher algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
opt.def_cipher_algoid,
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 4e337fe..10eff0a 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1628,8 +1628,7 @@ main ( int argc, char **argv)
gcry_cipher_mode_from_oid
(opt.def_cipher_algoid),
GCRY_CIPHER_MODE_NONE))
- log_error (_("you may not use cipher algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("cipher algorithm '%s' may not be used in %s mode\n"),
opt.def_cipher_algoid,
gnupg_compliance_option_string (opt.compliance));
@@ -1639,8 +1638,7 @@ main ( int argc, char **argv)
|| cmd == aSignEncr
|| cmd == aClearsign,
opt.forced_digest_algo))
- log_error (_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
forced_digest_algo,
gnupg_compliance_option_string (opt.compliance));
@@ -1650,8 +1648,7 @@ main ( int argc, char **argv)
|| cmd == aSignEncr
|| cmd == aClearsign,
opt.extra_digest_algo))
- log_error (_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
forced_digest_algo,
gnupg_compliance_option_string (opt.compliance));
diff --git a/sm/sign.c b/sm/sign.c
index 1411501..24ecad3 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -475,8 +475,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
/* Check compliance. */
if (! gnupg_digest_is_allowed (opt.compliance, 1, cl->hash_algo))
{
- log_error (_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
gcry_md_algo_name (cl->hash_algo),
gnupg_compliance_option_string (opt.compliance));
err = gpg_error (GPG_ERR_DIGEST_ALGO);
@@ -490,9 +489,12 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo,
NULL, nbits, NULL))
{
- log_error ("certificate ID 0x%08lX not suitable for "
- "signing while in %s mode\n",
- gpgsm_get_short_fingerprint (cl->cert, NULL),
+ char kidstr[10+1];
+
+ snprintf (kidstr, sizeof kidstr, "0x%08lX",
+ gpgsm_get_short_fingerprint (cl->cert, NULL));
+ log_error (_("key %s may not be used for signing in %s mode\n"),
+ kidstr,
gnupg_compliance_option_string (opt.compliance));
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
goto leave;
diff --git a/sm/verify.c b/sm/verify.c
index f79c0ae..10b3f43 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -458,17 +458,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
pk_algo, NULL, nbits, NULL))
{
- log_error ("certificate ID 0x%08lX not suitable for "
- "verification while in %s mode\n",
- gpgsm_get_short_fingerprint (cert, NULL),
+ char kidstr[10+1];
+
+ snprintf (kidstr, sizeof kidstr, "0x%08lX",
+ gpgsm_get_short_fingerprint (cert, NULL));
+ log_error (_("key %s may not be used for signing in %s mode\n"),
+ kidstr,
gnupg_compliance_option_string (opt.compliance));
goto next_signer;
}
if (! gnupg_digest_is_allowed (opt.compliance, 0, sigval_hash_algo))
{
- log_error (_("you may not use digest algorithm '%s'"
- " while in %s mode\n"),
+ log_error (_("digest algorithm '%s' may not be used in %s mode\n"),
gcry_md_algo_name (sigval_hash_algo),
gnupg_compliance_option_string (opt.compliance));
goto next_signer;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list