Implemented the chain model for X.509 validation.

2025-07-02 22:46:30 +02:00 · 2007-08-10 16:52:05 +00:00 · 2007-08-10 16:52:05 +00:00 · 74d344a521
commit 74d344a521
parent ebd36b6344
60 changed files with 16887 additions and 12516 deletions
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -343,13 +343,17 @@ gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)

 int
 gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
-                           gcry_md_hd_t md, int algo)
+                           gcry_md_hd_t md, int mdalgo, int *r_pkalgo)
 {
  int rc;
  ksba_sexp_t p;
  gcry_mpi_t frame;
  gcry_sexp_t s_sig, s_hash, s_pkey;
  size_t n;
+  int pkalgo;
+
+  if (r_pkalgo)
+    *r_pkalgo = 0;

  n = gcry_sexp_canon_len (sigval, 0, NULL, NULL);
  if (!n)
@ -385,8 +389,10 @@ gpgsm_check_cms_signature (ksba_cert_t cert, ksba_const_sexp_t sigval,
      return rc;
    }

-
-  rc = do_encode_md (md, algo, pk_algo_from_sexp (s_pkey),
+  pkalgo = pk_algo_from_sexp (s_pkey);
+  if (r_pkalgo)
+    *r_pkalgo = pkalgo;
+  rc = do_encode_md (md, mdalgo, pkalgo,
                     gcry_pk_get_nbits (s_pkey), s_pkey, &frame);
  if (rc)
    {