sm: Exclude rsaPSS from de-vs compliance mode.

* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. * common/util.c (pubkey_algo_to_string): New. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Change some of the info output to be more like current master. -- Signed-off-by: Werner Koch <wk@gnupg.org> This backport from master commit 969abcf40c also includes some changes taken from commit a759fa963a (sm: Improve readability of the data verification output.) Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2020-07-03 15:47:55 +02:00 · 2020-07-03 15:47:55 +02:00 · 4a36adaa64
commit 4a36adaa64
parent daca1a011b
19 changed files with 286 additions and 122 deletions
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -164,7 +164,7 @@ check_signature2 (ctrl_t ctrl,
  else if (get_pubkey_for_sig (ctrl, pk, sig, forced_pk))
    rc = gpg_error (GPG_ERR_NO_PUBKEY);
  else if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
-                                 pk->pubkey_algo, pk->pkey,
+                                 pk->pubkey_algo, 0, pk->pkey,
                                 nbits_from_pk (pk),
                                 NULL))
    {