gpg,sm: Error out on compliance mismatch while decrypting.

* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not allowed in the current compliance mode. * sm/decrypt.c (gpgsm_decrypt): Ditto. -- The idea here is that the owner of the key created a non-compliant key and later receives a mail encrypted to that key. The sender should have checked this key too but we can't guarantee that. By hard failing here the owner of the key will notice that he had created a non-compliant key and thus has a chance to generate a new compliant key. In case the compliant criteria changes and the owner wants to decrypt an old message he can still switch gpg to another compliant mode. Fixes-commit: a0d0cbee7654ad7582400efaa92d493cd8e669e9 GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@gnupg.org> 2017-08-01 08:41:47 +0200
committer: Werner Koch <wk@gnupg.org> 2017-08-01 08:41:47 +0200
commit: 4e117f206beb38287ddcd3251fb7baabadfbddbb (patch)
tree: c1f939357c46703c8ffbe94889e7b897d10666fb /sm
parent: indent: Wrap overlong lines in argparse.c (diff)
download: gnupg2-4e117f206beb38287ddcd3251fb7baabadfbddbb.tar.xz
gnupg2-4e117f206beb38287ddcd3251fb7baabadfbddbb.zip
1 files changed, 12 insertions, 7 deletions
diff --git a/sm/decrypt.c b/sm/decrypt.c
index cdce1d434..60ed14a64 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -480,19 +480,22 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                     unsigned int nbits;
                     int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
 
-                    /* Print compliance warning.  */
-                    if (! gnupg_pk_is_compliant (opt.compliance,
-                                                 pk_algo, NULL, nbits, NULL))
+                    /* Check compliance.  */
+                    if (!gnupg_pk_is_allowed (opt.compliance,
+                                              PK_USE_DECRYPTION,
+                                              pk_algo, NULL, nbits, NULL))
                       {
                         char  kidstr[10+1];
 
                         snprintf (kidstr, sizeof kidstr, "0x%08lX",
                                   gpgsm_get_short_fingerprint (cert, NULL));
                         log_info
-                          (_("Note: key %s is not suitable for encryption"
+                          (_("key %s is not suitable for decryption"
                              " in %s mode\n"),
                            kidstr,
                            gnupg_compliance_option_string (opt.compliance));
+                        rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+                        goto oops;
                       }
 
                     /* Check that all certs are compliant with CO_DE_VS.  */
@@ -504,9 +507,11 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
 
                 oops:
                   if (rc)
-                    /* We cannot check compliance of certs that we
-                     * don't have.  */
-                    is_de_vs = 0;
+                    {
+                      /* We cannot check compliance of certs that we
+                       * don't have.  */
+                      is_de_vs = 0;
+                    }
                   xfree (issuer);
                   xfree (serial);
                   ksba_cert_release (cert);
author	Werner Koch <wk@gnupg.org>	2017-08-01 08:41:47 +0200
committer	Werner Koch <wk@gnupg.org>	2017-08-01 08:41:47 +0200
commit	4e117f206beb38287ddcd3251fb7baabadfbddbb (patch)
tree	c1f939357c46703c8ffbe94889e7b897d10666fb /sm
parent	indent: Wrap overlong lines in argparse.c (diff)
download	gnupg2-4e117f206beb38287ddcd3251fb7baabadfbddbb.tar.xz gnupg2-4e117f206beb38287ddcd3251fb7baabadfbddbb.zip