From f5c3f13609361dfeb03722161b1fc93f5a33dcae Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 15 Nov 2022 16:31:46 +0100 Subject: [PATCH] gpgsm: Fix colon outout of ECC encryption certificates * sm/keylist.c (print_capabilities): Add arg algo and use it to check for ECC capabilities. (list_cert_colon): Call with algo. -- This will mark certificates with only keyAgreement usage correctly in the --with-colons listing. --- sm/keylist.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sm/keylist.c b/sm/keylist.c index 9e2c79cbc..fb2c3bad5 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -300,7 +300,7 @@ print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp) static void -print_capabilities (ksba_cert_t cert, estream_t fp) +print_capabilities (ksba_cert_t cert, int algo, estream_t fp) { gpg_error_t err; unsigned int use; @@ -352,7 +352,7 @@ print_capabilities (ksba_cert_t cert, estream_t fp) /* We need to returned the faked key usage to frontends so that they * can select the right key. Note that we don't do this for the * human readable keyUsage. */ - if ((opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR) + if ((algo == GCRY_PK_ECC || (opt.compat_flags & COMPAT_ALLOW_KA_TO_ENCR)) && (use & KSBA_KEYUSAGE_KEY_AGREEMENT)) is_encr = 1; @@ -599,7 +599,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, /* Field 11, signature class - not used */ es_putc (':', fp); /* Field 12, capabilities: */ - print_capabilities (cert, fp); + print_capabilities (cert, algo, fp); es_putc (':', fp); /* Field 13, not used: */ es_putc (':', fp);