sm: Exclude rsaPSS from de-vs compliance mode.

* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New. * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and test rsaPSS. Adjust all callers. (gnupg_pk_is_allowed): Ditto. * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function. (gpgsm_get_hash_algo_from_sigval): New. * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS. * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to also get the algo flags. Pass algo flags along. Signed-off-by: Werner Koch <[email protected]>
author: Werner Koch <[email protected]> 2020-07-03 13:47:55 +0000
committer: Werner Koch <[email protected]> 2020-07-03 14:15:29 +0000
commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91 (patch)
tree: 85bb8618a5c78574db04cad63d91328cba652ffd /g10/mainproc.c
parent: scd:nks: Implement writecert for the Signature card v2. (diff)
download: gnupg-969abcf40cdfc65f3ee859c5e62889e1a8ccde91.tar.gz
gnupg-969abcf40cdfc65f3ee859c5e62889e1a8ccde91.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 1d48d574c..e675e853a 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -702,8 +702,8 @@ proc_encrypted (CTX c, PACKET *pkt)
           memset (pk, 0, sizeof *pk);
           pk->pubkey_algo = i->pubkey_algo;
           if (get_pubkey (c->ctrl, pk, i->keyid) != 0
-              || ! gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
-                                          nbits_from_pk (pk), NULL))
+              || ! gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0,
+                                          pk->pkey, nbits_from_pk (pk), NULL))
             compliant = 0;
           release_public_key_parts (pk);
         }
@@ -2449,7 +2449,7 @@ check_sig_and_print (CTX c, kbnode_t node)
 
       /* Print compliance warning for Good signatures.  */
       if (!rc && pk && !opt.quiet
-          && !gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo,
+          && !gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo, 0,
                                      pk->pkey, nbits_from_pk (pk), NULL))
         {
           log_info (_("WARNING: This key is not suitable for signing"
@@ -2534,7 +2534,7 @@ check_sig_and_print (CTX c, kbnode_t node)
 
       /* Compute compliance with CO_DE_VS.  */
       if (pk && is_status_enabled ()
-          && gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, pk->pkey,
+          && gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey,
                                     nbits_from_pk (pk), NULL)
           && gnupg_digest_is_compliant (CO_DE_VS, sig->digest_algo))
         write_status_strings (STATUS_VERIFICATION_COMPLIANCE_MODE,
author	Werner Koch <[email protected]>	2020-07-03 13:47:55 +0000
committer	Werner Koch <[email protected]>	2020-07-03 14:15:29 +0000
commit	969abcf40cdfc65f3ee859c5e62889e1a8ccde91 (patch)
tree	85bb8618a5c78574db04cad63d91328cba652ffd /g10/mainproc.c
parent	scd:nks: Implement writecert for the Signature card v2. (diff)
download	gnupg-969abcf40cdfc65f3ee859c5e62889e1a8ccde91.tar.gz gnupg-969abcf40cdfc65f3ee859c5e62889e1a8ccde91.zip