gpg: Add option --assert-pubkey_algo.

* g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
author: Werner Koch <[email protected]> 2024-02-10 13:24:50 +0000
committer: Werner Koch <[email protected]> 2024-02-10 13:26:55 +0000
commit: 302afcb6f6af1dc88357acacfaa6829f0717b1c6 (patch)
tree: f198426cf8c1713df2c7f0ae6939fc9fad12667e /g10/mainproc.c
parent: doc: Suggest the use of a fingerprint for --default-key. (diff)
download: gnupg-302afcb6f6af1dc88357acacfaa6829f0717b1c6.tar.gz
gnupg-302afcb6f6af1dc88357acacfaa6829f0717b1c6.zip
1 files changed, 11 insertions, 8 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 430d7ff08..5f3f6df86 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1876,6 +1876,8 @@ check_sig_and_print (CTX c, kbnode_t node)
   const void *extrahash = NULL;
   size_t extrahashlen = 0;
   kbnode_t included_keyblock = NULL;
+  char pkstrbuf[PUBKEY_STRING_SIZE] = { 0 };
+
 
   if (opt.skip_verify)
     {
@@ -2409,8 +2411,14 @@ check_sig_and_print (CTX c, kbnode_t node)
             show_notation (sig, 0, 2, 0);
         }
 
+      /* Fill PKSTRBUF with the algostring in case we later need it.  */
+      if (pk)
+        pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
+
       /* For good signatures print the VALIDSIG status line.  */
-      if (!rc && (is_status_enabled () || opt.assert_signer_list) && pk)
+      if (!rc && (is_status_enabled ()
+                  || opt.assert_signer_list
+                  || opt.assert_pubkey_algos) && pk)
         {
           char pkhex[MAX_FINGERPRINT_LEN*2+1];
           char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
@@ -2432,6 +2440,8 @@ check_sig_and_print (CTX c, kbnode_t node)
                                mainpkhex);
           /* Handle the --assert-signer option.  */
           check_assert_signer_list (mainpkhex, pkhex);
+          /* Handle the --assert-pubkey-algo option.  */
+          check_assert_pubkey_algo (pkstrbuf, pkhex);
 	}
 
       /* Print compliance warning for Good signatures.  */
@@ -2464,13 +2474,6 @@ check_sig_and_print (CTX c, kbnode_t node)
 
       if (opt.verbose)
         {
-          char pkstrbuf[PUBKEY_STRING_SIZE];
-
-          if (pk)
-            pubkey_string (pk, pkstrbuf, sizeof pkstrbuf);
-          else
-            *pkstrbuf = 0;
-
           log_info (_("%s signature, digest algorithm %s%s%s\n"),
                     sig->sig_class==0x00?_("binary"):
                     sig->sig_class==0x01?_("textmode"):_("unknown"),
author	Werner Koch <[email protected]>	2024-02-10 13:24:50 +0000
committer	Werner Koch <[email protected]>	2024-02-10 13:26:55 +0000
commit	302afcb6f6af1dc88357acacfaa6829f0717b1c6 (patch)
tree	f198426cf8c1713df2c7f0ae6939fc9fad12667e /g10/mainproc.c
parent	doc: Suggest the use of a fingerprint for --default-key. (diff)
download	gnupg-302afcb6f6af1dc88357acacfaa6829f0717b1c6.tar.gz gnupg-302afcb6f6af1dc88357acacfaa6829f0717b1c6.zip