gpgsm: New option --compatibility-flags.

* sm/gpgsm.c (oCompatibilityFlags): New option. (compatibility_flags): new. (main): Parse and print them in verbose mode. * sm/gpgsm.h (opt): Add field compat_glags.: (COMPAT_ALLOW_KA_TO_ENCR): New. * sm/keylist.c (print_capabilities): Take care of the new flag. * sm/certlist.c (cert_usage_p): Ditto. * common/miscellaneous.c (parse_compatibility_flags): New. * common/util.h (struct compatibility_flags_s): New. -- Backported-from-master: f0b373cec9 Backported-from-master: ce63eaa4f8
2025-07-03 22:56:33 +02:00 · 2022-06-13 17:46:40 +02:00 · 2022-06-13 17:46:40 +02:00 · 77b6896f7a
commit 77b6896f7a
parent b356eddf3d
7 changed files with 164 additions and 9 deletions
--- a/sm/certlist.c
+++ b/sm/certlist.c
@ -52,9 +52,11 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
 {
  gpg_error_t err;
  unsigned int use;
+  unsigned int encr_bits, sign_bits;
  char *extkeyusages;
  int have_ocsp_signing = 0;

+
  err = ksba_cert_get_ext_key_usages (cert, &extkeyusages);
  if (gpg_err_code (err) == GPG_ERR_NO_DATA)
    err = 0; /* no policy given */
@ -158,10 +160,13 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
    }

-  if ((use & ((mode&1)?
-              (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT):
-              (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
-      )
+  encr_bits = (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT);
+  if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR))
+    encr_bits |= KSBA_KEYUSAGE_KEY_AGREEMENT;
+
+  sign_bits = (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION);
+
+  if ((use & ((mode&1)? encr_bits : sign_bits)))
    return 0;

  if (!silent)