[git] GnuPG - branch, master, updated. gnupg-2.1.22-7-g4e117f2
by Werner Koch
cvs at cvs.gnupg.org
Tue Aug 1 09:01:41 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 4e117f206beb38287ddcd3251fb7baabadfbddbb (commit)
via a21ca77988cee6987c4aca91a8e1c3ffd5c32c10 (commit)
from fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4e117f206beb38287ddcd3251fb7baabadfbddbb
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 1 08:41:47 2017 +0200
gpg,sm: Error out on compliance mismatch while decrypting.
* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
allowed in the current compliance mode.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--
The idea here is that the owner of the key created a non-compliant key
and later receives a mail encrypted to that key. The sender should
have checked this key too but we can't guarantee that. By hard
failing here the owner of the key will notice that he had created a
non-compliant key and thus has a chance to generate a new compliant
key. In case the compliant criteria changes and the owner wants to
decrypt an old message he can still switch gpg to another compliant
mode.
Fixes-commit: a0d0cbee7654ad7582400efaa92d493cd8e669e9
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 272562b..d7ba953 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -90,16 +90,19 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */
if (!(rc = get_seckey (ctrl, sk, k->keyid)))
{
- /* Print compliance warning. */
- if (!gnupg_pk_is_compliant (opt.compliance,
- sk->pubkey_algo,
- sk->pkey, nbits_from_pk (sk), NULL))
- log_info (_("Note: key %s is not suitable for encryption"
- " in %s mode\n"),
- keystr_from_pk (sk),
- gnupg_compliance_option_string (opt.compliance));
-
- rc = get_it (ctrl, k, dek, sk, k->keyid);
+ /* Check compliance. */
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+ sk->pubkey_algo,
+ sk->pkey, nbits_from_pk (sk), NULL))
+ {
+ log_info (_("key %s is not suitable for decryption"
+ " in %s mode\n"),
+ keystr_from_pk (sk),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ }
+ else
+ rc = get_it (ctrl, k, dek, sk, k->keyid);
}
}
else if (opt.skip_hidden_recipients)
@@ -128,14 +131,17 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek)
log_info (_("anonymous recipient; trying secret key %s ...\n"),
keystr (keyid));
- /* Print compliance warning. */
- if (!gnupg_pk_is_compliant (opt.compliance,
- sk->pubkey_algo,
- sk->pkey, nbits_from_pk (sk), NULL))
- log_info (_("Note: key %s is not suitable for encryption"
- " in %s mode\n"),
- keystr_from_pk (sk),
- gnupg_compliance_option_string (opt.compliance));
+ /* Check compliance. */
+ if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION,
+ sk->pubkey_algo,
+ sk->pkey, nbits_from_pk (sk), NULL))
+ {
+ log_info (_("key %s is not suitable for decryption"
+ " in %s mode\n"),
+ keystr_from_pk (sk),
+ gnupg_compliance_option_string (opt.compliance));
+ continue;
+ }
rc = get_it (ctrl, k, dek, sk, keyid);
if (!rc)
diff --git a/sm/decrypt.c b/sm/decrypt.c
index cdce1d4..60ed14a 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -480,19 +480,22 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
unsigned int nbits;
int pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
- /* Print compliance warning. */
- if (! gnupg_pk_is_compliant (opt.compliance,
- pk_algo, NULL, nbits, NULL))
+ /* Check compliance. */
+ if (!gnupg_pk_is_allowed (opt.compliance,
+ PK_USE_DECRYPTION,
+ pk_algo, NULL, nbits, NULL))
{
char kidstr[10+1];
snprintf (kidstr, sizeof kidstr, "0x%08lX",
gpgsm_get_short_fingerprint (cert, NULL));
log_info
- (_("Note: key %s is not suitable for encryption"
+ (_("key %s is not suitable for decryption"
" in %s mode\n"),
kidstr,
gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto oops;
}
/* Check that all certs are compliant with CO_DE_VS. */
@@ -504,9 +507,11 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
oops:
if (rc)
- /* We cannot check compliance of certs that we
- * don't have. */
- is_de_vs = 0;
+ {
+ /* We cannot check compliance of certs that we
+ * don't have. */
+ is_de_vs = 0;
+ }
xfree (issuer);
xfree (serial);
ksba_cert_release (cert);
commit a21ca77988cee6987c4aca91a8e1c3ffd5c32c10
Author: Werner Koch <wk at gnupg.org>
Date: Tue Aug 1 08:28:01 2017 +0200
indent: Wrap overlong lines in argparse.c
--
diff --git a/common/argparse.c b/common/argparse.c
index 590e6e9..f5e4ceb 100644
--- a/common/argparse.c
+++ b/common/argparse.c
@@ -918,11 +918,16 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
char *s, *s2;
int i;
- /* Fill in missing standard options: help, version, warranty and dump-options. */
- ARGPARSE_OPTS help_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_HELP, "help", "@");
- ARGPARSE_OPTS version_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_VERSION, "version", "@");
- ARGPARSE_OPTS warranty_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_WARRANTY, "warranty", "@");
- ARGPARSE_OPTS dump_options_opt = ARGPARSE_s_n(ARGPARSE_SHORTOPT_DUMP_OPTIONS, "dump-options", "@");
+ /* Fill in missing standard options: help, version, warranty and
+ * dump-options. */
+ ARGPARSE_OPTS help_opt
+ = ARGPARSE_s_n (ARGPARSE_SHORTOPT_HELP, "help", "@");
+ ARGPARSE_OPTS version_opt
+ = ARGPARSE_s_n (ARGPARSE_SHORTOPT_VERSION, "version", "@");
+ ARGPARSE_OPTS warranty_opt
+ = ARGPARSE_s_n (ARGPARSE_SHORTOPT_WARRANTY, "warranty", "@");
+ ARGPARSE_OPTS dump_options_opt
+ = ARGPARSE_s_n(ARGPARSE_SHORTOPT_DUMP_OPTIONS, "dump-options", "@");
int seen_help = 0;
int seen_version = 0;
int seen_warranty = 0;
-----------------------------------------------------------------------
Summary of changes:
common/argparse.c | 15 ++++++++++-----
g10/pubkey-enc.c | 42 ++++++++++++++++++++++++------------------
sm/decrypt.c | 19 ++++++++++++-------
3 files changed, 46 insertions(+), 30 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list