[svn] GnuPG - r4229 - trunk/agent
svn author wk
cvs at cvs.gnupg.org
Tue Aug 29 15:12:02 CEST 2006
Author: wk
Date: 2006-08-29 15:12:01 +0200 (Tue, 29 Aug 2006)
New Revision: 4229
Modified:
trunk/agent/ChangeLog
trunk/agent/command-ssh.c
trunk/agent/gpg-agent.c
Log:
Allow for 4k ssh keys and better error reporting.
Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog 2006-08-27 15:33:56 UTC (rev 4228)
+++ trunk/agent/ChangeLog 2006-08-29 13:12:01 UTC (rev 4229)
@@ -1,3 +1,11 @@
+2006-08-29 Werner Koch <wk at g10code.com>
+
+ * command-ssh.c (stream_read_mpi): Sanity check for early
+ detecting of too large keys.
+ * gpg-agent.c (my_gcry_outofcore_handler): New.
+ (main): Register it.
+ (main): No allocate 32k secure memory (was 16k).
+
2006-07-31 Werner Koch <wk at g10code.com>
* preset-passphrase.c (make_hexstring): For conistency use
Modified: trunk/agent/command-ssh.c
===================================================================
--- trunk/agent/command-ssh.c 2006-08-27 15:33:56 UTC (rev 4228)
+++ trunk/agent/command-ssh.c 2006-08-29 13:12:01 UTC (rev 4229)
@@ -526,6 +526,15 @@
if (err)
goto out;
+ /* To avoid excessive use of secure memory we check that an MPI is
+ not too large. */
+ if (mpi_data_size > 520)
+ {
+ log_error (_("ssh keys greater than %d bits are not supported\n"), 4096);
+ err = GPG_ERR_TOO_LARGE;
+ goto out;
+ }
+
err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_STD, mpi_data, mpi_data_size, NULL);
if (err)
goto out;
Modified: trunk/agent/gpg-agent.c
===================================================================
--- trunk/agent/gpg-agent.c 2006-08-27 15:33:56 UTC (rev 4228)
+++ trunk/agent/gpg-agent.c 2006-08-29 13:12:01 UTC (rev 4229)
@@ -285,6 +285,28 @@
}
+/* This function is called by libgcrypt if it ran out of core and
+ there is no way to return that error to the caller. We do our own
+ function here to make use of our logging functions. */
+static int
+my_gcry_outofcore_handler ( void *opaque, size_t req_n, unsigned int flags)
+{
+ static int been_here; /* Used to protect against recursive calls. */
+
+ if (!been_here)
+ {
+ been_here = 1;
+ if ( (flags & 1) )
+ log_fatal (_("out of core in secure memory "
+ "while allocating %lu bytes"), (unsigned long)req_n);
+ else
+ log_fatal (_("out of core while allocating %lu bytes"),
+ (unsigned long)req_n);
+ }
+ return 0; /* Let libgcrypt call its own fatal error handler. */
+}
+
+
/* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
only the active debug flags are propagated to the subsystems. With
DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
@@ -489,6 +511,7 @@
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
gcry_set_log_handler (my_gcry_logger, NULL);
+ gcry_set_outofcore_handler (my_gcry_outofcore_handler, NULL);
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps ();
@@ -546,8 +569,8 @@
opt.homedir = pargs.r.ret_str;
}
- /* initialize the secure memory. */
- gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+ /* Initialize the secure memory. */
+ gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
maybe_setuid = 0;
/*
More information about the Gnupg-commits
mailing list