Merge branch 'STABLE-BRANCH-2-4'

-- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
2025-07-02 22:46:30 +02:00 · 2024-03-12 16:00:55 +01:00 · 2024-03-12 16:00:55 +01:00 · 4485930f9f
commit 4485930f9f
parent 79d0e52b2d 609b1ec0c6
103 changed files with 1485 additions and 1135 deletions
--- a/g10/verify.c
+++ b/g10/verify.c
@ -335,7 +335,7 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
              assert_signer_true = 1;
              write_status_text (STATUS_ASSERT_SIGNER, item->d);
              if (!opt.quiet)
-                log_info ("signer '%s' matched\n", item->d);
+                log_info ("asserted signer '%s'\n", item->d);
              goto leave;
            }
        }
@ -390,7 +390,7 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
                  assert_signer_true = 1;
                  write_status_text (STATUS_ASSERT_SIGNER, p);
                  if (!opt.quiet)
-                    log_info ("signer '%s' matched '%s', line %d\n",
+                    log_info ("asserted signer '%s' (%s:%d)\n",
                              p, fname, lnr);
                  goto leave;
                }
@ -407,3 +407,32 @@ check_assert_signer_list (const char *mainpkhex, const char *pkhex)
 leave:
  es_fclose (fp);
 }
+
+
+/* This function shall be called with the signer's public key
+ * algorithm ALGOSTR iff a signature is fully valid.  If the option
+ * --assert-pubkey-algo is active the functions checks whether the
+ * signing key's algo is valid according to that list; in this case a
+ * global flag is set.  */
+void
+check_assert_pubkey_algo (const char *algostr, const char *pkhex)
+{
+  if (!opt.assert_pubkey_algos)
+    return;  /* Nothing to do.  */
+
+  if (compare_pubkey_string (algostr, opt.assert_pubkey_algos))
+    {
+      write_status_strings (STATUS_ASSERT_PUBKEY_ALGO,
+                            pkhex, " 1 ", algostr, NULL);
+      if (!opt.quiet)
+        log_info ("asserted signer '%s' with algo %s\n", pkhex, algostr);
+    }
+  else
+    {
+      if (!opt.quiet)
+        log_info ("denied signer '%s' with algo %s\n", pkhex, algostr);
+      assert_pubkey_algo_false = 1;
+      write_status_strings (STATUS_ASSERT_PUBKEY_ALGO,
+                            pkhex, " 0 ", algostr, NULL);
+    }
+}