diff options
| author | Werner Koch <wk@gnupg.org> | 2017-06-19 17:50:02 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-06-19 19:57:11 +0200 |
| commit | 3621dbe52584bc8b417f61b5370ebaa5598db956 (patch) | |
| tree | fb35fed8b4be7e65927e3935313bea70750193ed /g10/mainproc.c | |
| parent | indent: Always use "_(" and not "_ (" to mark translatable strings. (diff) | |
| download | gnupg2-3621dbe52584bc8b417f61b5370ebaa5598db956.tar.xz gnupg2-3621dbe52584bc8b417f61b5370ebaa5598db956.zip | |
gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check. Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
assert by debug message.
--
Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative. Better use a boolean test.
The assert could have lead to a regression for no good reason. Not
being compliant is better than breaking existing users.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/mainproc.c')
| -rw-r--r-- | g10/mainproc.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index 2db8de1d5..c57925c9f 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -94,7 +94,7 @@ struct mainproc_context kbnode_t list; /* The current list of packets. */ iobuf_t iobuf; /* Used to get the filename etc. */ int trustletter; /* Temporary usage in list_node. */ - ulong symkeys; + ulong symkeys; /* Number of symmetrically encrypted session keys. */ struct kidlist_item *pkenc_list; /* List of encryption packets. */ struct { unsigned int sig_seen:1; /* Set to true if a signature packet @@ -603,18 +603,19 @@ proc_encrypted (CTX c, PACKET *pkt) /* Compute compliance with CO_DE_VS. */ if (!result && is_status_enabled () /* Symmetric encryption and asymmetric encryption voids compliance. */ - && ((c->symkeys > 0) != (c->pkenc_list != NULL)) + && (c->symkeys != !!c->pkenc_list ) /* Overriding session key voids compliance. */ - && opt.override_session_key == NULL + && !opt.override_session_key /* Check symmetric cipher. */ - && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo, GCRY_CIPHER_MODE_CFB)) + && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo, + GCRY_CIPHER_MODE_CFB)) { struct kidlist_item *i; int compliant = 1; PKT_public_key *pk = xmalloc (sizeof *pk); - log_assert (c->pkenc_list || c->symkeys - || !"where else did the session key come from!?"); + if ( !(c->pkenc_list || c->symkeys) ) + log_debug ("%s: where else did the session key come from?\n", __func__); /* Now check that every key used to encrypt the session key is * compliant. */ |