diff options
| author | Werner Koch <wk@gnupg.org> | 2017-07-27 14:54:50 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-07-27 14:57:32 +0200 |
| commit | 1bd22a85b4f06324037b3500d2fa8af62733c926 (patch) | |
| tree | 6f91cd47cd0086b9c92fcc7fcbcf38148ec1dd36 | |
| parent | gpg,sm: Fix compliance checking for decryption. (diff) | |
| download | gnupg2-1bd22a85b4f06324037b3500d2fa8af62733c926.tar.xz gnupg2-1bd22a85b4f06324037b3500d2fa8af62733c926.zip | |
gpg,sm: Allow encryption (with warning) to any key in de-vs mode.
* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
GnuPG-bug-id: 3306
Signed-off-by: Werner Koch <wk@gnupg.org>
| -rw-r--r-- | g10/encrypt.c | 16 | ||||
| -rw-r--r-- | sm/encrypt.c | 17 |
2 files changed, 15 insertions, 18 deletions
diff --git a/g10/encrypt.c b/g10/encrypt.c index c63ec8838..c7982d448 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -657,16 +657,12 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, PKT_public_key *pk = pkr->pk; unsigned int nbits = nbits_from_pk (pk); - if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, - pk->pubkey_algo, pk->pkey, nbits, NULL)) - { - log_error (_("key %s not suitable for encryption" - " while in %s mode\n"), - keystr_from_pk (pk), - gnupg_compliance_option_string (opt.compliance)); - rc = gpg_error (GPG_ERR_PUBKEY_ALGO); - goto leave; - } + if (!gnupg_pk_is_compliant (opt.compliance, + pk->pubkey_algo, pk->pkey, nbits, NULL)) + log_info (_("WARNING: key %s is not suitable for encryption" + " in %s mode\n"), + keystr_from_pk (pk), + gnupg_compliance_option_string (opt.compliance)); if (compliant && !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey, diff --git a/sm/encrypt.c b/sm/encrypt.c index 73519325e..0225476e7 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -481,15 +481,16 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp) /* Check compliance. */ pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits); - if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo, - NULL, nbits, NULL)) + if (!gnupg_pk_is_compliant (opt.compliance, pk_algo, NULL, nbits, NULL)) { - log_error ("certificate ID 0x%08lX not suitable for " - "encryption while in %s mode\n", - gpgsm_get_short_fingerprint (cl->cert, NULL), - gnupg_compliance_option_string (opt.compliance)); - rc = gpg_error (GPG_ERR_PUBKEY_ALGO); - goto leave; + char kidstr[10+1]; + + snprintf (kidstr, sizeof kidstr, "0x%08lX", + gpgsm_get_short_fingerprint (cl->cert, NULL)); + log_info (_("WARNING: key %s is not suitable for encryption" + " in %s mode\n"), + kidstr, + gnupg_compliance_option_string (opt.compliance)); } /* Fixme: When adding ECC we need to provide the curvename and |