security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpgsm: Remove conditional compilation for older libksba versions. 

* sm/sign.c (add_signed_attribute): Return an error because the option
--attribute is not yet working.

--

We require libskba 1.6 anyway.
This commit is contained in:
Werner Koch 2023-03-31 09:31:02 +02:00
parent ab35d756d8
commit 4b9346492e
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 31 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
doc/DETAILS
View File

@ -1695,6 +1695,7 @@ Description of some debug flags:
- RFC-1750 :: Randomness Recommendations for Security
- RFC-1991 :: PGP Message Exchange Formats (obsolete)
- RFC-2144 :: The CAST-128 Encryption Algorithm
- RFC-2253 :: UTF-8 String Representation of Distinguished Names.
- RFC-2279 :: UTF-8, a transformation format of ISO 10646
- RFC-2440 :: OpenPGP (obsolete).
- RFC-3156 :: MIME Security with Pretty Good Privacy (PGP).
@ -1813,3 +1814,27 @@ Description of some debug flags:
it is also possible to set them direct: Use a "=" character
directly followed by a combination of "a" (for authentication), "s"
(for signing), or "c" (for certification).
** extendedKeyUsage and keyUsage in gpgsm
This table describes how the extended KeyUsage masks the KeyUsage.
| ExtKeyUsage | Valid KeyUsages |
|-----------------+------------------|
| serverAuth | digitalSignature |
| | keyEncipherment |
| | keyAgreement |
|-----------------+------------------|
| clientAuth | digitalSignature |
| | keyAgreement |
|-----------------+------------------|
| codeSigning | digitalSignature |
|-----------------+------------------|
| emailProtection | digitalSignature |
| | nonRepudiation |
| | keyEncipherment |
| | keyAgreement |
|-----------------+------------------|
| timeStamping | digitalSignature |
| | nonRepudiation |
|-----------------+------------------|

2
doc/gpg.texi
View File

@ -622,7 +622,7 @@ outputs an endless stream of hex-encoded octets. The special level
@item --gen-prime @var{mode} @var{bits}
@opindex gen-prime
Use the source, Luke :-). The output format is subject to change
with ant release.
with any release.
@item --enarmor

8
sm/decrypt.c
View File

@ -37,14 +37,6 @@
#include "../common/tlv.h"
#include "../common/compliance.h"
/* We can provide an enum value which is only availabale with KSBA
* 1.6.0 so that we can compile even against older versions. Some
* calls will of course return an error in this case. This value is
* currently not used because the cipher mode is sufficient here. */
/* #if KSBA_VERSION_NUMBER < 0x010600 /\* 1.6.0 *\/ */
/* # define KSBA_CT_AUTHENVELOPED_DATA 10 */
/* #endif */
struct decrypt_filter_parm_s
{

15
sm/sign.c
View File

@ -300,7 +300,6 @@ add_certificate_list (ctrl_t ctrl, ksba_cms_t cms, ksba_cert_t cert)
}
#if KSBA_VERSION_NUMBER >= 0x010400 && 0 /* 1.4.0 */
static gpg_error_t
add_signed_attribute (ksba_cms_t cms, const char *attrstr)
{
@ -378,7 +377,12 @@ add_signed_attribute (ksba_cms_t cms, const char *attrstr)
}
/* Store the data in the CMS object for all signers. */
#if 0
err = ksba_cms_add_attribute (cms, -1, fields[0], 0, der, derlen);
#else
(void)cms;
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
#endif
if (err)
{
log_error ("invalid attribute specification '%s': %s\n",
@ -391,7 +395,6 @@ add_signed_attribute (ksba_cms_t cms, const char *attrstr)
xfree (fields);
return err;
}
#endif /*ksba >= 1.4.0 */
@ -474,9 +477,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if (!err)
err = ksba_cms_set_content_type
(cms, 1,
#if KSBA_VERSION_NUMBER >= 0x010400 && 0
opt.authenticode? KSBA_CT_SPC_IND_DATA_CTX :
#endif
KSBA_CT_DATA
);
if (err)
@ -758,8 +759,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
}
}
/* We can add signed attributes only when build against libksba 1.4. */
#if KSBA_VERSION_NUMBER >= 0x010400 && 0 /* 1.4.0 */
{
strlist_t sl;
@ -767,10 +766,6 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
if ((err = add_signed_attribute (cms, sl->d)))
goto leave;
}
#else
if (opt.attributes)
log_info ("Note: option --attribute is ignored by this version\n");
#endif /*ksba >= 1.4.0 */
/* We need to write at least a minimal list of our capabilities to