security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

sm: Exclude rsaPSS from de-vs compliance mode.

Browse source 
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS.  Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags.  Pass algo flags along.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2020-07-03 15:47:55 +02:00
parent c1663c690b
commit 969abcf40c
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
16 changed files with 175 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

5
sm/keylist.c
View file

@ -395,7 +395,10 @@ print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits,
int indent = 0;
int hashalgo;
if (gnupg_pk_is_compliant (CO_DE_VS, algo, NULL, nbits, NULL))
/* Note that we do not need to test for PK_ALGO_FLAG_RSAPSS because
* that is not a property of the key but one of the created
* signature. */
if (gnupg_pk_is_compliant (CO_DE_VS, algo, 0, NULL, nbits, NULL))
{
hashalgo = gcry_md_map_name (ksba_cert_get_digest_algo (cert));
if (gnupg_digest_is_compliant (CO_DE_VS, hashalgo))