Fix subkey check to cope with ECC subkeys

ECC subkeys are type 18 and we were only excluding type 19+, causing false positives on the weak subkey test.

Fix subkey check to cope with ECC subkeys
ECC subkeys are type 18 and we were only excluding type 19+, causing false positives on the weak subkey test.
5bc1222d · Jonathan McDowell · a00498cd · 5bc1222d · 5bc1222d
Commit 5bc1222d authored Jun 04, 2018 by Jonathan McDowell
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

debian/changelog debian/changelog +1 -0

t/at-least-2048.t t/at-least-2048.t +1 -1

No files found.
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ debian-keyring (2018.05.xx) UNRELEASED; urgency=medium
  [ Jonathan McDowell ]
  * Temporarily remove 0x021B361B6B031B00 (Julian Andres Klode) due to
    subkey loss
+  * Fix subkey check to cope with ECC subkeys

 -- Gunnar Wolf <gwolf@debian.org>  Wed, 30 May 2018 10:05:20 -0500

--- a/t/at-least-2048.t
+++ b/t/at-least-2048.t
@@ -9,7 +9,7 @@ find_too_short () {
 		| awk -F: -v keyring=$1 \
 		'BEGIN { ok = 1 } \
 		/^pub/ { fpr = $5 ; if ($3 < 2048) { print keyring ":\t0x" $5 " is smaller than 2048 bits"; ok = 0 } } \
-		/^sub/ { if ($2 != "r" && $2 != "e" && $3 < 2048 && $4 < 19) { print keyring ":\t0x" fpr " has subkey smaller than 2048 bits"; ok = 0 } } \
+		/^sub/ { if ($2 != "r" && $2 != "e" && $3 < 2048 && $4 < 18) { print keyring ":\t0x" fpr " has subkey smaller than 2048 bits"; ok = 0 } } \
 		END { if (!ok) { exit 1 } }'
 }