security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

sm: Fix compliance checking for ECC signature verification.

Browse source 
* common/compliance.c (gnupg_pk_is_compliant): Also consider the
gcrypt vids for ECDSA et al.
(gnupg_pk_is_allowed): Ditto.
* sm/verify.c (gpgsm_verify): Consider the curve.  Print a compliance
notice for a non-compliant key.

* sm/certchain.c (gpgsm_validate_chain): Silence the "switching to
chain model".
--

Backported-from-master: 338a5ecaa1
This commit is contained in:
Werner Koch 2023-01-12 20:52:27 +01:00
parent 818051432c
commit f2d25b04d7
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 34 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
sm/certchain.c
View file

@ -2149,7 +2149,11 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
&& !(flags & VALIDATE_FLAG_CHAIN_MODEL)
&& (rootca_flags.valid && rootca_flags.chain_model))
{
do_list (0, listmode, listfp, _("switching to chain model"));
/* The root CA indicated that the chain model is to be used but
* we have not yet used it. Thus do the validation again using
* the chain model. */
if (opt.verbose)
do_list (0, listmode, listfp, _("switching to chain model"));
rc = do_validate_chain (ctrl, cert, checktime,
r_exptime, listmode, listfp,
(flags |= VALIDATE_FLAG_CHAIN_MODEL),