gpg: Add option --assert-pubkey_algo.

* g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
2025-07-03 22:56:33 +02:00 · 2024-02-10 14:24:50 +01:00 · 2024-02-10 14:24:50 +01:00 · 302afcb6f6
commit 302afcb6f6
parent 5842eee805
20 changed files with 424 additions and 58 deletions
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -451,6 +451,7 @@ enum cmd_and_opt_values
    oCompatibilityFlags,
    oAddDesigRevoker,
    oAssertSigner,
+    oAssertPubkeyAlgo,
    oKbxBufferSize,

    oNoop
@ -715,6 +716,7 @@ static gpgrt_opt_t opts[] = {
 #endif
  ARGPARSE_s_s (oAddDesigRevoker, "add-desig-revoker", "@"),
  ARGPARSE_s_s (oAssertSigner,    "assert-signer", "@"),
+  ARGPARSE_s_s (oAssertPubkeyAlgo,"assert-pubkey-algo", "@"),

  ARGPARSE_header ("Input", N_("Options controlling the input")),

@ -1044,9 +1046,12 @@ static struct compatibility_flags_s compatibility_flags [] =

 /* Can be set to true to force gpg to return with EXIT_FAILURE.  */
 int g10_errors_seen = 0;
-/* If opt.assert_signer_list is used and this variabale is not true
+/* If opt.assert_signer_list is used and this variable is not true
 * gpg will be forced to return EXIT_FAILURE.  */
 int assert_signer_true = 0;
+/* If opt.assert_pubkey_algo is used and this variable is not true
+ * gpg will be forced to return EXIT_FAILURE.  */
+int assert_pubkey_algo_false = 0;


 static int utf8_strings =
@ -3770,6 +3775,18 @@ main (int argc, char **argv)
            add_to_strlist (&opt.assert_signer_list, pargs.r.ret_str);
 	    break;

+          case oAssertPubkeyAlgo:
+            if (!opt.assert_pubkey_algos)
+              opt.assert_pubkey_algos = xstrdup (pargs.r.ret_str);
+            else
+              {
+                char *tmp = opt.assert_pubkey_algos;
+                opt.assert_pubkey_algos = xstrconcat (tmp, ",",
+                                                      pargs.r.ret_str, NULL);
+                xfree (tmp);
+              }
+	    break;
+
          case oKbxBufferSize:
            keybox_set_buffersize (pargs.r.ret_ulong, 0);
            break;
@ -5472,6 +5489,17 @@ emergency_cleanup (void)
 void
 g10_exit( int rc )
 {
+  if (rc)
+    ;
+  else if (log_get_errorcount(0))
+    rc = 2;
+  else if (g10_errors_seen)
+    rc = 1;
+  else if (opt.assert_signer_list && !assert_signer_true)
+    rc = 1;
+  else if (opt.assert_pubkey_algos && assert_pubkey_algo_false)
+    rc = 1;
+
  /* If we had an error but not printed an error message, do it now.
   * Note that write_status_failure will never print a second failure
   * status line. */
@ -5496,15 +5524,6 @@ g10_exit( int rc )
  gnupg_block_all_signals ();
  emergency_cleanup ();

-  if (rc)
-    ;
-  else if (log_get_errorcount(0))
-    rc = 2;
-  else if (g10_errors_seen)
-    rc = 1;
-  else if (opt.assert_signer_list && !assert_signer_true)
-    rc = 1;
-
  exit (rc);
 }