[svn] GnuPG - r5102 - in trunk: g10 sm

svn author wk cvs at cvs.gnupg.org
Thu Jul 30 18:45:06 CEST 2009 

Author: wk
Date: 2009-07-30 18:45:06 +0200 (Thu, 30 Jul 2009)
New Revision: 5102

Modified:
   trunk/g10/ChangeLog
   trunk/g10/passphrase.c
   trunk/sm/ChangeLog
   trunk/sm/call-agent.c
Log:
Comment changes.
Changed --learn-card.


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-07-29 16:19:48 UTC (rev 5101)
+++ trunk/g10/ChangeLog	2009-07-30 16:45:06 UTC (rev 5102)
@@ -54,7 +54,7 @@
 
 	* keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list.
 	Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
-	(gen_dsa): Use a 256 bit Q for 2048 bit P.  Runt to FIPS allowed
+	(gen_dsa): Use a 256 bit Q for 2048 bit P.  Round to FIPS allowed
 	values in non-expert mode.
 
 2009-07-07  Werner Koch  <wk at g10code.com>

Modified: trunk/sm/ChangeLog
===================================================================
--- trunk/sm/ChangeLog	2009-07-29 16:19:48 UTC (rev 5101)
+++ trunk/sm/ChangeLog	2009-07-30 16:45:06 UTC (rev 5102)
@@ -1,3 +1,7 @@
+2009-07-30  Werner Koch  <wk at g10code.com>
+
+	* call-agent.c (learn_cb): Do not store as ephemeral.
+
 2009-07-29  Marcus Brinkmann  <marcus at g10code.com>
 
 	* keylist.c (print_capabilities): Print a trailing colon.

Modified: trunk/g10/passphrase.c
===================================================================
--- trunk/g10/passphrase.c	2009-07-29 16:19:48 UTC (rev 5101)
+++ trunk/g10/passphrase.c	2009-07-30 16:45:06 UTC (rev 5102)
@@ -88,6 +88,10 @@
                 count = len2;
 	    }
 
+          /* Fixme: To avoid DoS attacks by sending an sym-encrypted
+             packet with a very high S2K count, we should either cap
+             the iteration count or CPU seconds based timeout.  */
+
           /* A little bit complicated because we need a ulong for count. */
           while ( count > len2 )  /* maybe iterated+salted */
             { 

Modified: trunk/sm/call-agent.c
===================================================================
--- trunk/sm/call-agent.c	2009-07-29 16:19:48 UTC (rev 5101)
+++ trunk/sm/call-agent.c	2009-07-30 16:45:06 UTC (rev 5102)
@@ -875,13 +875,11 @@
       return 0;
     }
 
+  /* We do not store a certifciate with missing issuers as ephemeral
+     because we can assume that the --learn-card command has been used
+     on purpose.  */
   rc = gpgsm_basic_cert_check (parm->ctrl, cert);
-  if (gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
-    { /* For later use we store it in the ephemeral database. */
-      log_info ("issuer certificate missing - storing as ephemeral\n");
-      keydb_store_cert (cert, 1, NULL);
-    }
-  else if (rc)
+  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT)
     log_error ("invalid certificate: %s\n", gpg_strerror (rc));
   else
     {

More information about the Gnupg-commits mailing list