diff options
| author | Werner Koch <wk@gnupg.org> | 2020-07-03 15:47:55 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2020-07-03 16:15:29 +0200 |
| commit | 969abcf40cdfc65f3ee859c5e62889e1a8ccde91 (patch) | |
| tree | 85bb8618a5c78574db04cad63d91328cba652ffd /sm/keylist.c | |
| parent | scd:nks: Implement writecert for the Signature card v2. (diff) | |
| download | gnupg2-969abcf40cdfc65f3ee859c5e62889e1a8ccde91.tar.xz gnupg2-969abcf40cdfc65f3ee859c5e62889e1a8ccde91.zip | |
sm: Exclude rsaPSS from de-vs compliance mode.
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS. Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags. Pass algo flags along.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'sm/keylist.c')
| -rw-r--r-- | sm/keylist.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sm/keylist.c b/sm/keylist.c index 4b39e7416..39ae8e0f4 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -395,7 +395,10 @@ print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits, int indent = 0; int hashalgo; - if (gnupg_pk_is_compliant (CO_DE_VS, algo, NULL, nbits, NULL)) + /* Note that we do not need to test for PK_ALGO_FLAG_RSAPSS because + * that is not a property of the key but one of the created + * signature. */ + if (gnupg_pk_is_compliant (CO_DE_VS, algo, 0, NULL, nbits, NULL)) { hashalgo = gcry_md_map_name (ksba_cert_get_digest_algo (cert)); if (gnupg_digest_is_compliant (CO_DE_VS, hashalgo)) |