diff options
| author | DongHun Kwak <dh0128.kwak@samsung.com> | 2022-09-16 07:45:06 +0900 |
|---|---|---|
| committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2022-09-16 07:45:06 +0900 |
| commit | 0fca6c1d0d6088ff4558a6ffc3bc220998699392 (patch) | |
| tree | 5ad579861ad3c47c4b979abe4ad39a3dfa16dd38 /sm | |
| parent | 7d11ec500fb7d108b774995dade388ae5807a28e (diff) | |
| download | gpg2-0fca6c1d0d6088ff4558a6ffc3bc220998699392.tar.gz gpg2-0fca6c1d0d6088ff4558a6ffc3bc220998699392.tar.bz2 gpg2-0fca6c1d0d6088ff4558a6ffc3bc220998699392.zip | |
Imported Upstream version 2.2.33upstream/2.2.33
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/gpgsm.c | 7 | ||||
| -rw-r--r-- | sm/gpgsm.h | 2 | ||||
| -rw-r--r-- | sm/keylist.c | 8 |
3 files changed, 16 insertions, 1 deletions
@@ -156,6 +156,7 @@ enum cmd_and_opt_values { oDisablePolicyChecks, oEnablePolicyChecks, oAutoIssuerKeyRetrieve, + oMinRSALength, oWithFingerprint, oWithMD5Fingerprint, @@ -404,6 +405,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"), + + ARGPARSE_p_u (oMinRSALength, "min-rsa-length", "@"), + ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"), ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"), ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"), @@ -1381,6 +1385,8 @@ main ( int argc, char **argv) } break; + case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break; + default: if (configname) pargs.err = ARGPARSE_PRINT_WARNING; @@ -1477,6 +1483,7 @@ main ( int argc, char **argv) gcry_control (GCRYCTL_RESUME_SECMEM_WARN); set_debug (); + gnupg_set_compliance_extra_info (opt.min_rsa_length); /* Although we always use gpgsm_exit, we better install a regualr exit handler so that at least the secure memory gets wiped @@ -130,6 +130,8 @@ struct the integrity of the software at runtime. */ + unsigned int min_rsa_length; /* Used for compliance checks. */ + strlist_t keyserver; /* A list of certificate extension OIDs which are ignored so that diff --git a/sm/keylist.c b/sm/keylist.c index e0b681f..4f2d009 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -1363,6 +1363,7 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd, estream_t fp, int with_validation) { ksba_cert_t next = NULL; + int depth = 0; if (raw_mode) list_cert_raw (ctrl, hd, cert, fp, 0, with_validation); @@ -1371,8 +1372,13 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd, ksba_cert_ref (cert); while (!gpgsm_walk_cert_chain (ctrl, cert, &next)) { - ksba_cert_release (cert); es_fputs ("Certified by\n", fp); + if (++depth > 50) + { + es_fputs (_("certificate chain too long\n"), fp); + break; + } + ksba_cert_release (cert); if (raw_mode) list_cert_raw (ctrl, hd, next, fp, 0, with_validation); else |