gpg: Stop early when trying to create a primary Elgamal key.

* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
--

The problem is that --key-gen --batch with a parameter file didn't
detect that Elgamal is not capable of signing and so an error was only
triggered at the time the self-signature was created.  See the code
comment for details.

GnuPG-bug-id: 4329
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8)
(cherry picked from commit f5d3b982e44c5cfc60e9936020102a598b635187)

Gbp-Pq: Topic from-2.2.13
Gbp-Pq: Name gpg-Stop-early-when-trying-to-create-a-primary-Elgamal-ke.patch

diff --git a/g10/misc.c b/g10/misc.c
index 86baff9f6dcecd19cbdd12ba2f60139c9d5b6ed4..d9ebf483c21de9847849e8d46d789708c91f2163 100644 (file)
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -644,6 +644,13 @@ openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
   if (!ga)
     return gpg_error (GPG_ERR_PUBKEY_ALGO);
 
+  /* Elgamal in OpenPGP used to support signing and Libgcrypt still
+   * does.  However, we removed the signing capability from gpg ages
+   * ago.  This function should reflect this so that errors are thrown
+   * early and not only when we try to sign using Elgamal.  */
+  if (ga == GCRY_PK_ELG && (use & (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)))
+    return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
+
   /* Now check whether Libgcrypt has support for the algorithm.  */
   return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf);
 }