gpgsm: Support ECDSA in de-vs mode.

* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--

GnuPG-bug-id: 6802

3 files changed, 5 insertions, 3 deletions

diff --git a/sm/decrypt.c b/sm/decrypt.c
index 787e2f5e6..6d63189b8 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -1318,7 +1318,8 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
                   /* Check compliance.  */
                   if (!gnupg_pk_is_allowed (opt.compliance,
                                             PK_USE_DECRYPTION,
-                                            pk_algo, 0, NULL, nbits, curve))
+                                            pk_algo, PK_ALGO_FLAG_ECC18,
+                                            NULL, nbits, curve))
                     {
                       char  kidstr[10+1];
 
diff --git a/sm/sign.c b/sm/sign.c
index cd0ddceb3..3e8f26cbd 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -835,8 +835,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
           goto leave;
         }
 
-      if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo, 0,
-                                NULL, nbits, curve))
+      if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_SIGNING, pk_algo,
+                                PK_ALGO_FLAG_ECC18, NULL, nbits, curve))
         {
           char  kidstr[10+1];
 
diff --git a/sm/verify.c b/sm/verify.c
index 1f5c1d378..e83a24f44 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -503,6 +503,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, estream_t out_fp)
       audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo);
 
       /* Check compliance.  */
+      pkalgoflags |= PK_ALGO_FLAG_ECC18;
       if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
                                  pkalgo, pkalgoflags, NULL, nbits, pkcurve))
         {