[git] GnuPG - branch, master, updated. gnupg-2.1.21-168-g1bd22a8
by Werner Koch
cvs at cvs.gnupg.org
Thu Jul 27 15:02:57 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 1bd22a85b4f06324037b3500d2fa8af62733c926 (commit)
from a0d0cbee7654ad7582400efaa92d493cd8e669e9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1bd22a85b4f06324037b3500d2fa8af62733c926
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jul 27 14:54:50 2017 +0200
gpg,sm: Allow encryption (with warning) to any key in de-vs mode.
* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
GnuPG-bug-id: 3306
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c63ec88..c7982d4 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -657,16 +657,12 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
PKT_public_key *pk = pkr->pk;
unsigned int nbits = nbits_from_pk (pk);
- if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION,
- pk->pubkey_algo, pk->pkey, nbits, NULL))
- {
- log_error (_("key %s not suitable for encryption"
- " while in %s mode\n"),
- keystr_from_pk (pk),
- gnupg_compliance_option_string (opt.compliance));
- rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
- goto leave;
- }
+ if (!gnupg_pk_is_compliant (opt.compliance,
+ pk->pubkey_algo, pk->pkey, nbits, NULL))
+ log_info (_("WARNING: key %s is not suitable for encryption"
+ " in %s mode\n"),
+ keystr_from_pk (pk),
+ gnupg_compliance_option_string (opt.compliance));
if (compliant
&& !gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
diff --git a/sm/encrypt.c b/sm/encrypt.c
index 7351932..0225476 100644
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@@ -481,15 +481,16 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
/* Check compliance. */
pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
- if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_ENCRYPTION, pk_algo,
- NULL, nbits, NULL))
+ if (!gnupg_pk_is_compliant (opt.compliance, pk_algo, NULL, nbits, NULL))
{
- log_error ("certificate ID 0x%08lX not suitable for "
- "encryption while in %s mode\n",
- gpgsm_get_short_fingerprint (cl->cert, NULL),
- gnupg_compliance_option_string (opt.compliance));
- rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
- goto leave;
+ char kidstr[10+1];
+
+ snprintf (kidstr, sizeof kidstr, "0x%08lX",
+ gpgsm_get_short_fingerprint (cl->cert, NULL));
+ log_info (_("WARNING: key %s is not suitable for encryption"
+ " in %s mode\n"),
+ kidstr,
+ gnupg_compliance_option_string (opt.compliance));
}
/* Fixme: When adding ECC we need to provide the curvename and
-----------------------------------------------------------------------
Summary of changes:
g10/encrypt.c | 16 ++++++----------
sm/encrypt.c | 17 +++++++++--------
2 files changed, 15 insertions(+), 18 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list