security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpgsm: New option --compatibility-flags.

Browse source 
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.

* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--

Backported-from-master: f0b373cec9
Backported-from-master: ce63eaa4f8
This commit is contained in:
Werner Koch 2022-06-13 17:46:40 +02:00
parent b356eddf3d
commit 77b6896f7a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
7 changed files with 164 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

28
sm/keylist.c
View file

@ -251,9 +251,11 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
{
gpg_error_t err;
unsigned int use;
unsigned int is_encr, is_sign, is_cert;
size_t buflen;
char buffer[1];
err = ksba_cert_get_user_data (cert, "is_qualified",
&buffer, sizeof (buffer), &buflen);
if (!err && buflen)
@ -285,17 +287,33 @@ print_capabilities (ksba_cert_t cert, estream_t fp)
return;
}
is_encr = is_sign = is_cert = 0;
if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
is_encr = 1;
if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
is_sign = 1;
if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
is_cert = 1;
/* We need to returned the faked key usage to frontends so that they
* can select the right key. Note that we don't do this for the
* human readable keyUsage. */
if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)
&& (use & KSBA_KEYUSAGE_KEY_AGREEMENT))
is_encr = 1;
if (is_encr)
es_putc ('e', fp);
if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
if (is_sign)
es_putc ('s', fp);
if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
if (is_cert)
es_putc ('c', fp);
if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))
if (is_encr)
es_putc ('E', fp);
if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))
if (is_sign)
es_putc ('S', fp);
if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))
if (is_cert)
es_putc ('C', fp);
}