diff options
| author | Werner Koch <wk@gnupg.org> | 2017-08-01 08:41:47 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-08-01 08:41:47 +0200 |
| commit | 4e117f206beb38287ddcd3251fb7baabadfbddbb (patch) | |
| tree | c1f939357c46703c8ffbe94889e7b897d10666fb /g10/pubkey-enc.c | |
| parent | indent: Wrap overlong lines in argparse.c (diff) | |
| download | gnupg2-4e117f206beb38287ddcd3251fb7baabadfbddbb.tar.xz gnupg2-4e117f206beb38287ddcd3251fb7baabadfbddbb.zip | |
gpg,sm: Error out on compliance mismatch while decrypting.
* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
allowed in the current compliance mode.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--
The idea here is that the owner of the key created a non-compliant key
and later receives a mail encrypted to that key. The sender should
have checked this key too but we can't guarantee that. By hard
failing here the owner of the key will notice that he had created a
non-compliant key and thus has a chance to generate a new compliant
key. In case the compliant criteria changes and the owner wants to
decrypt an old message he can still switch gpg to another compliant
mode.
Fixes-commit: a0d0cbee7654ad7582400efaa92d493cd8e669e9
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/pubkey-enc.c')
| -rw-r--r-- | g10/pubkey-enc.c | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 272562b18..d7ba95391 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -90,16 +90,19 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */ if (!(rc = get_seckey (ctrl, sk, k->keyid))) { - /* Print compliance warning. */ - if (!gnupg_pk_is_compliant (opt.compliance, - sk->pubkey_algo, - sk->pkey, nbits_from_pk (sk), NULL)) - log_info (_("Note: key %s is not suitable for encryption" - " in %s mode\n"), - keystr_from_pk (sk), - gnupg_compliance_option_string (opt.compliance)); - - rc = get_it (ctrl, k, dek, sk, k->keyid); + /* Check compliance. */ + if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION, + sk->pubkey_algo, + sk->pkey, nbits_from_pk (sk), NULL)) + { + log_info (_("key %s is not suitable for decryption" + " in %s mode\n"), + keystr_from_pk (sk), + gnupg_compliance_option_string (opt.compliance)); + rc = gpg_error (GPG_ERR_PUBKEY_ALGO); + } + else + rc = get_it (ctrl, k, dek, sk, k->keyid); } } else if (opt.skip_hidden_recipients) @@ -128,14 +131,17 @@ get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) log_info (_("anonymous recipient; trying secret key %s ...\n"), keystr (keyid)); - /* Print compliance warning. */ - if (!gnupg_pk_is_compliant (opt.compliance, - sk->pubkey_algo, - sk->pkey, nbits_from_pk (sk), NULL)) - log_info (_("Note: key %s is not suitable for encryption" - " in %s mode\n"), - keystr_from_pk (sk), - gnupg_compliance_option_string (opt.compliance)); + /* Check compliance. */ + if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_DECRYPTION, + sk->pubkey_algo, + sk->pkey, nbits_from_pk (sk), NULL)) + { + log_info (_("key %s is not suitable for decryption" + " in %s mode\n"), + keystr_from_pk (sk), + gnupg_compliance_option_string (opt.compliance)); + continue; + } rc = get_it (ctrl, k, dek, sk, keyid); if (!rc) |