Include the library version in the compliance checks.

* common/compliance.c (gnupg_gcrypt_is_compliant): New. (gnupg_rng_is_compliant): Also check library version. * g10/mainproc.c (proc_encrypted): Use new function. (check_sig_and_print): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/verify.c (gpgsm_verify): Ditto -- This will eventually allow us to declare Libgcrypt 1.9 to be de-vs compliant. GnuPG can use this information then for its own checks. As of now GnuPG tests the version of the used library but that is a bit cumbersome to maintain. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2021-01-28 15:48:08 +01:00 · 2021-01-28 15:48:08 +01:00 · 90c514868f
commit 90c514868f
parent 1e197c29ed
6 changed files with 69 additions and 17 deletions
--- a/sm/verify.c
+++ b/sm/verify.c
@ -516,6 +516,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
      /* Check compliance with CO_DE_VS.  */
      if (gnupg_pk_is_compliant (CO_DE_VS, pkalgo, pkalgoflags,
                                 NULL, nbits, NULL)
+          && gnupg_gcrypt_is_compliant (CO_DE_VS)
          && gnupg_digest_is_compliant (CO_DE_VS, sigval_hash_algo))
        gpgsm_status (ctrl, STATUS_VERIFICATION_COMPLIANCE_MODE,
                      gnupg_status_compliance_flag (CO_DE_VS));