security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: Support ECDSA for OCSP.

Browse source 
* dirmngr/validate.c (pk_algo_from_sexp): Make public.  Support ECC.
* dirmngr/ocsp.c (check_signature): Remove hash preparation out to ...
(check_signature_core): here.  This changes the arg s_hash to md.
Support ECDSA.
--

The test was done with my qualified signature certificate from the
Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr .
See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf

(cherry picked from commit 890e9849b5)
This commit is contained in:
Werner Koch 2022-02-26 17:24:33 +01:00
parent 502d43ac30
commit afaed3c122
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 107 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

4
dirmngr/validate.c
View file

@ -859,7 +859,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* Return the public key algorithm id from the S-expression PKEY.
FIXME: libgcrypt should provide such a function. Note that this
implementation uses the names as used by libksba. */
static int
int
pk_algo_from_sexp (gcry_sexp_t pkey)
{
gcry_sexp_t l1, l2;
@ -880,6 +880,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey)
algo = GCRY_PK_RSA;
else if (n==3 && !memcmp (name, "dsa", 3))
algo = GCRY_PK_DSA;
else if (n==3 && !memcmp (name, "ecc", 3))
algo = GCRY_PK_ECC;
else if (n==13 && !memcmp (name, "ambiguous-rsa", 13))
algo = GCRY_PK_RSA;
else