Allow for Null hash algo parameters on rsaPSS and add pss flag.

Authored by werner on Apr 14 2020, 4:22 PM.

Description

Allow for Null hash algo parameters on rsaPSS and add pss flag.

* src/ber-help.c (_ksba_parse_optional_null): New.
* src/ber-help.h (parse_optional_null): New macro.
* src/crl.c (ksba_crl_get_sig_val): Insert a "pss" flag.
* src/keyinfo.c (cryptval_to_sexp): Ditto.
(_ksba_keyinfo_get_pss_info): Allow for NULL parameter.

The "pss" flag is needed for CMS because there we do not get the hash
algorithm first but use the announced one (similar but still different
to CRLs). Thus we cannot check for the rsaPSS OID but need to have
another way to detect rsaPSS. Using a different algo name than "rsa"
would have been possible but would also require updates at a lot of
other places - which we don't want to do.

  • GnuPG-bug-id: T4538
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Committed
wernerApr 14 2020, 4:22 PM
Parents
rKe6e9858970ed: Support rsaPSS also for CRLs.
Branches
Unknown
Tags
Unknown
Tasks
T4538: Support PSS signed CRLs