gpg,gpgsm: Fix compliance check for DSA and avoid an assert.

* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA check. Explicitly check for allowed ECC algos. (gnupg_pk_is_allowed): Swap P and Q for DSA check. * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace assert by debug message. -- Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0 condition is surprising because it leads to the assumption SYMKEYS could be negative. Better use a boolean test. The assert could have lead to a regression for no good reason. Not being compliant is better than breaking existing users. Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2017-06-19 17:50:02 +0200
committer: Werner Koch <wk@gnupg.org> 2017-06-19 19:57:11 +0200
commit: 3621dbe52584bc8b417f61b5370ebaa5598db956 (patch)
tree: fb35fed8b4be7e65927e3935313bea70750193ed /common/compliance.h
parent: indent: Always use "_(" and not "_ (" to mark translatable strings. (diff)
download: gnupg2-3621dbe52584bc8b417f61b5370ebaa5598db956.tar.xz
gnupg2-3621dbe52584bc8b417f61b5370ebaa5598db956.zip
1 files changed, 8 insertions, 4 deletions
diff --git a/common/compliance.h b/common/compliance.h
index 183f142e7..d55bbf3ac 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -57,14 +57,17 @@ int gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance,
 int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
                                cipher_algo_t cipher,
                                enum gcry_cipher_modes mode);
-int gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance, int producer,
+int gnupg_cipher_is_allowed (enum gnupg_compliance_mode compliance,
+                             int producer,
                              cipher_algo_t cipher,
                              enum gcry_cipher_modes mode);
 int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
                                digest_algo_t digest);
-int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance, int producer,
+int gnupg_digest_is_allowed (enum gnupg_compliance_mode compliance,
+                             int producer,
                              digest_algo_t digest);
-const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);
+const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode
+                                          compliance);
 
 struct gnupg_compliance_option
 {
@@ -76,7 +79,8 @@ int gnupg_parse_compliance_option (const char *string,
                                    struct gnupg_compliance_option options[],
                                    size_t length,
                                    int quiet);
-const char *gnupg_compliance_option_string (enum gnupg_compliance_mode compliance);
+const char *gnupg_compliance_option_string (enum gnupg_compliance_mode
+                                            compliance);
 
 
 #endif /*GNUPG_COMMON_COMPLIANCE_H*/
author	Werner Koch <wk@gnupg.org>	2017-06-19 17:50:02 +0200
committer	Werner Koch <wk@gnupg.org>	2017-06-19 19:57:11 +0200
commit	3621dbe52584bc8b417f61b5370ebaa5598db956 (patch)
tree	fb35fed8b4be7e65927e3935313bea70750193ed /common/compliance.h
parent	indent: Always use "_(" and not "_ (" to mark translatable strings. (diff)
download	gnupg2-3621dbe52584bc8b417f61b5370ebaa5598db956.tar.xz gnupg2-3621dbe52584bc8b417f61b5370ebaa5598db956.zip