gpg,gpgsm: Add option --min-rsa-length.

* common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
2025-07-03 22:56:33 +02:00 · 2021-11-18 20:44:14 +01:00 · 2021-11-18 20:44:14 +01:00 · 6ee01c1d26
commit 6ee01c1d26
parent f453d52e53
8 changed files with 59 additions and 9 deletions
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -156,6 +156,7 @@ enum cmd_and_opt_values {
  oDisablePolicyChecks,
  oEnablePolicyChecks,
  oAutoIssuerKeyRetrieve,
+  oMinRSALength,

  oWithFingerprint,
  oWithMD5Fingerprint,
@ -404,6 +405,9 @@ static ARGPARSE_OPTS opts[] = {
  ARGPARSE_s_s (oDisablePubkeyAlgo,  "disable-pubkey-algo", "@"),
  ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
  ARGPARSE_s_n (oNoRandomSeedFile,  "no-random-seed-file", "@"),
+
+  ARGPARSE_p_u (oMinRSALength, "min-rsa-length", "@"),
+
  ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"),
  ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"),
  ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
@ -1381,6 +1385,8 @@ main ( int argc, char **argv)
          }
          break;

+        case oMinRSALength: opt.min_rsa_length = pargs.r.ret_ulong; break;
+
        default:
          if (configname)
            pargs.err = ARGPARSE_PRINT_WARNING;
@ -1477,6 +1483,7 @@ main ( int argc, char **argv)
  gcry_control (GCRYCTL_RESUME_SECMEM_WARN);

  set_debug ();
+  gnupg_set_compliance_extra_info (opt.min_rsa_length);

  /* Although we always use gpgsm_exit, we better install a regualr
     exit handler so that at least the secure memory gets wiped
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -130,6 +130,8 @@ struct
                               the integrity of the software at
                               runtime. */

+  unsigned int min_rsa_length;   /* Used for compliance checks.  */
+
  strlist_t keyserver;

  /* A list of certificate extension OIDs which are ignored so that