diff options
| author | Werner Koch <wk@gnupg.org> | 2022-02-26 17:24:33 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2022-02-27 12:26:38 +0100 |
| commit | 890e9849b58e91fb7e0ad8d3b11d19363fca2d8a (patch) | |
| tree | 84ac03a4a297501c0b46aa65adf0efc0282d9a6e /dirmngr/validate.c | |
| parent | gpg: Clarify a call of ask_for_detached_datafile. (diff) | |
| download | gnupg2-890e9849b58e91fb7e0ad8d3b11d19363fca2d8a.tar.xz gnupg2-890e9849b58e91fb7e0ad8d3b11d19363fca2d8a.zip | |
dirmngr: Support ECDSA for OCSP.
* dirmngr/validate.c (pk_algo_from_sexp): Make public. Support ECC.
* dirmngr/ocsp.c (check_signature): Remove hash preparation out to ...
(check_signature_core): here. This changes the arg s_hash to md.
Support ECDSA.
--
The test was done with my qualified signature certificate from the
Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr .
See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf
Diffstat (limited to 'dirmngr/validate.c')
| -rw-r--r-- | dirmngr/validate.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/dirmngr/validate.c b/dirmngr/validate.c index 901c165ec..984901917 100644 --- a/dirmngr/validate.c +++ b/dirmngr/validate.c @@ -858,7 +858,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, /* Return the public key algorithm id from the S-expression PKEY. FIXME: libgcrypt should provide such a function. Note that this implementation uses the names as used by libksba. */ -static int +int pk_algo_from_sexp (gcry_sexp_t pkey) { gcry_sexp_t l1, l2; @@ -879,6 +879,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey) algo = GCRY_PK_RSA; else if (n==3 && !memcmp (name, "dsa", 3)) algo = GCRY_PK_DSA; + else if (n==3 && !memcmp (name, "ecc", 3)) + algo = GCRY_PK_ECC; else if (n==13 && !memcmp (name, "ambiguous-rsa", 13)) algo = GCRY_PK_RSA; else |