sm: Flag Brainpool curves as compliant for all other operations.

* sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to (gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all callers. * sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance checker. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6253
2025-07-02 22:46:30 +02:00 · 2023-10-24 14:51:16 +02:00 · 2023-10-24 14:51:16 +02:00 · 2c3c049fd8
commit 2c3c049fd8
parent 97708e2ac7
8 changed files with 27 additions and 25 deletions
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@ -1065,6 +1065,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
  int recp;
  estream_t in_fp = NULL;
  struct decrypt_filter_parm_s dfparm;
+  char *curve = NULL;

  memset (&dfparm, 0, sizeof dfparm);

@ -1309,14 +1310,15 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)

                  pkfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
                  pkalgostr = gpgsm_pubkey_algo_string (cert, NULL);
-                  pk_algo = gpgsm_get_key_algo_info (cert, &nbits);
+                  xfree (curve);
+                  pk_algo = gpgsm_get_key_algo_info (cert, &nbits, &curve);
                  if (!opt.quiet)
                    log_info (_("encrypted to %s key %s\n"), pkalgostr, pkfpr);

                  /* Check compliance.  */
                  if (!gnupg_pk_is_allowed (opt.compliance,
                                            PK_USE_DECRYPTION,
-                                            pk_algo, 0, NULL, nbits, NULL))
+                                            pk_algo, 0, NULL, nbits, curve))
                    {
                      char  kidstr[10+1];

@ -1334,7 +1336,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                  dfparm.is_de_vs =
                    (dfparm.is_de_vs
                     && gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0,
-                                               NULL, nbits, NULL));
+                                               NULL, nbits, curve));

                oops:
                  if (rc)
@ -1512,6 +1514,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
      log_error ("message decryption failed: %s <%s>\n",
                 gpg_strerror (rc), gpg_strsource (rc));
    }
+  xfree (curve);
  ksba_cms_release (cms);
  gnupg_ksba_destroy_reader (b64reader);
  gnupg_ksba_destroy_writer (b64writer);