From cf8fb052100998cd5dc0aff0fe4f6bd4c2cb3999 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Tue, 21 Sep 2021 16:57:55 +0200
Subject: [PATCH] Don't set a policy implicitly.

---
 card-functionality/src/tests.rs  | 20 ++++++++++++++++----
 openpgp-card-sequoia/src/util.rs | 12 ++++++------
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/card-functionality/src/tests.rs b/card-functionality/src/tests.rs
index f7e1f10..bbfe1bb 100644
--- a/card-functionality/src/tests.rs
+++ b/card-functionality/src/tests.rs
@@ -65,8 +65,14 @@ pub fn test_decrypt(
 
     ca.verify_pw1("123456")?;
 
-    let res =
-        openpgp_card_sequoia::util::decrypt(&mut ca, &cert, msg.into_bytes())?;
+    let p = StandardPolicy::new();
+
+    let res = openpgp_card_sequoia::util::decrypt(
+        &mut ca,
+        &cert,
+        msg.into_bytes(),
+        &p,
+    )?;
     let plain = String::from_utf8_lossy(&res);
 
     assert_eq!(plain, "Hello world!\n");
@@ -85,9 +91,15 @@ pub fn test_sign(
 
     let cert = Cert::from_str(param[0])?;
 
+    let p = StandardPolicy::new();
+
     let msg = "Hello world, I am signed.";
-    let sig =
-        openpgp_card_sequoia::util::sign(&mut ca, &cert, &mut msg.as_bytes())?;
+    let sig = openpgp_card_sequoia::util::sign(
+        &mut ca,
+        &cert,
+        &mut msg.as_bytes(),
+        &p,
+    )?;
 
     // validate sig
     assert!(util::verify_sig(&cert, msg.as_bytes(), sig.as_bytes())?);
diff --git a/openpgp-card-sequoia/src/util.rs b/openpgp-card-sequoia/src/util.rs
index b4a831d..defa580 100644
--- a/openpgp-card-sequoia/src/util.rs
+++ b/openpgp-card-sequoia/src/util.rs
@@ -19,7 +19,7 @@ use openpgp::packet::{
     Key, UserID,
 };
 use openpgp::parse::{stream::DecryptorBuilder, Parse};
-use openpgp::policy::StandardPolicy;
+use openpgp::policy::Policy;
 use openpgp::serialize::stream::{Message, Signer};
 use openpgp::types::{KeyFlags, PublicKeyAlgorithm, SignatureType, Timestamp};
 use openpgp::{Cert, Packet};
@@ -263,11 +263,11 @@ pub fn sign(
     ca: &mut CardApp,
     cert: &Cert,
     input: &mut dyn io::Read,
+    p: &dyn Policy,
 ) -> Result<String> {
     let mut armorer = armor::Writer::new(vec![], armor::Kind::Signature)?;
     {
-        let p = StandardPolicy::new();
-        let s = signer::CardSigner::new(ca, cert, &p)?;
+        let s = signer::CardSigner::new(ca, cert, p)?;
 
         let message = Message::new(&mut armorer);
         let mut message = Signer::new(message, s).detached().build()?;
@@ -288,16 +288,16 @@ pub fn decrypt(
     ca: &mut CardApp,
     cert: &Cert,
     msg: Vec<u8>,
+    p: &dyn Policy,
 ) -> Result<Vec<u8>> {
     let mut decrypted = Vec::new();
     {
         let reader = io::BufReader::new(&msg[..]);
 
-        let p = StandardPolicy::new();
-        let d = decryptor::CardDecryptor::new(ca, cert, &p)?;
+        let d = decryptor::CardDecryptor::new(ca, cert, p)?;
 
         let db = DecryptorBuilder::from_reader(reader)?;
-        let mut decryptor = db.with_policy(&p, None, d)?;
+        let mut decryptor = db.with_policy(p, None, d)?;
 
         // Read all data from decryptor and store in decrypted
         io::copy(&mut decryptor, &mut decrypted)?;