sm: Flag Brainpool curves as compliant for all other operations.

* sm/fingerprint.c (gpgsm_get_key_algo_info2): Rename to (gpgsm_get_key_algo_info): this. Remove the old wrapper. Adjust all callers. * sm/decrypt.c (gpgsm_decrypt): Pass the curve to the compliance checker. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/sign.c (gpgsm_sign): Ditto. * sm/verify.c (gpgsm_verify): Ditto. -- GnuPG-bug-id: 6253
2025-07-03 22:56:33 +02:00 · 2023-10-24 14:51:16 +02:00 · 2023-10-24 14:51:16 +02:00 · f0e127defb
commit f0e127defb
parent afacacec12
7 changed files with 25 additions and 23 deletions
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@ -777,11 +777,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
      unsigned char *encval;
      unsigned int nbits;
      int pk_algo;
+      char *curve = NULL;

      /* Check compliance.  */
-      pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits);
+      pk_algo = gpgsm_get_key_algo_info (cl->cert, &nbits, &curve);
      if (!gnupg_pk_is_compliant (opt.compliance, pk_algo, 0,
-                                  NULL, nbits, NULL))
+                                  NULL, nbits, curve))
        {
          char  kidstr[10+1];

@ -796,9 +797,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, estream_t out_fp)
      /* Fixme: When adding ECC we need to provide the curvename and
       * the key to gnupg_pk_is_compliant.  */
      if (compliant
-          && !gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0, NULL, nbits, NULL))
+          && !gnupg_pk_is_compliant (CO_DE_VS, pk_algo, 0, NULL, nbits, curve))
        compliant = 0;

+      xfree (curve);
+      curve = NULL;
+
      rc = encrypt_dek (dek, cl->cert, pk_algo, &encval);
      if (rc)
        {