From 0fca6c1d0d6088ff4558a6ffc3bc220998699392 Mon Sep 17 00:00:00 2001
From: DongHun Kwak <dh0128.kwak@samsung.com>
Date: Fri, 16 Sep 2022 07:45:06 +0900
Subject: Imported Upstream version 2.2.33

---
 sm/gpgsm.c   | 7 +++++++
 sm/gpgsm.h   | 2 ++
 sm/keylist.c | 8 +++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'sm')

diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 5c1f0bb..4af639f 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -156,6 +156,7 @@ enum cmd_and_opt_values {
   oDisablePolicyChecks,
   oEnablePolicyChecks,
   oAutoIssuerKeyRetrieve,
+  oMinRSALength,
 
   oWithFingerprint,
   oWithMD5Fingerprint,
@@ -404,6 +405,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oDisablePubkeyAlgo,  "disable-pubkey-algo", "@"),
   ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
   ARGPARSE_s_n (oNoRandomSeedFile,  "no-random-seed-file", "@"),
+
+  ARGPARSE_p_u (oMinRSALength, "min-rsa-length", "@"),
+
   ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"),
   ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
   ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
@@ -1381,6 +1385,8 @@ main ( int argc, char **argv)
           }
           break;
 
+        case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break;
+
         default:
           if (configname)
             pargs.err = ARGPARSE_PRINT_WARNING;
@@ -1477,6 +1483,7 @@ main ( int argc, char **argv)
   gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
 
   set_debug ();
+  gnupg_set_compliance_extra_info (opt.min_rsa_length);
 
   /* Although we always use gpgsm_exit, we better install a regualr
      exit handler so that at least the secure memory gets wiped
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 9d9a303..21c677e 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -130,6 +130,8 @@ struct
                                the integrity of the software at
                                runtime. */
 
+  unsigned int min_rsa_length;   /* Used for compliance checks.  */
+
   strlist_t keyserver;
 
   /* A list of certificate extension OIDs which are ignored so that
diff --git a/sm/keylist.c b/sm/keylist.c
index e0b681f..4f2d009 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -1363,6 +1363,7 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
                  estream_t fp, int with_validation)
 {
   ksba_cert_t next = NULL;
+  int depth = 0;
 
   if (raw_mode)
     list_cert_raw (ctrl, hd, cert, fp, 0, with_validation);
@@ -1371,8 +1372,13 @@ list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,
   ksba_cert_ref (cert);
   while (!gpgsm_walk_cert_chain (ctrl, cert, &next))
     {
-      ksba_cert_release (cert);
       es_fputs ("Certified by\n", fp);
+      if (++depth > 50)
+        {
+          es_fputs (_("certificate chain too long\n"), fp);
+          break;
+        }
+      ksba_cert_release (cert);
       if (raw_mode)
         list_cert_raw (ctrl, hd, next, fp, 0, with_validation);
       else
-- 
cgit v1.2.3