[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-26-g03f0b51

by Werner Koch cvs at cvs.gnupg.org
Thu Jun 26 22:01:21 CEST 2014 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  03f0b51fe454f8dbe77c302897f7a5899c4c5380 (commit)
      from  c0d1e7fca95629e1cddd7d129fa51b9a6556cb70 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 03f0b51fe454f8dbe77c302897f7a5899c4c5380
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 20:25:28 2014 +0200

    gpg: Limit keysize for unattended key generation to useful values.
    
    * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
    (gen_rsa): Enforce keysize 1024 to 4096.
    (gen_dsa): Enforce keysize 768 to 3072.
    --
    
    It was possible to create 16k RSA keys in batch mode. In addition to the
    silliness of such keys, they have the major drawback that under GnuPG
    and Libgcrypt, with their limited amount of specially secured memory
    areas, the use of such keys may lead to an "out of secure memory"
    condition.

diff --git a/g10/keygen.c b/g10/keygen.c
index af54c3f..54d37d0 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1378,11 +1378,16 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
 
   assert (is_ELGAMAL (algo));
 
-  if (nbits < 512)
+  if (nbits < 1024)
     {
       nbits = 2048;
       log_info (_("keysize invalid; using %u bits\n"), nbits );
     }
+  else if (nbits > 4096)
+    {
+      nbits = 4096;
+      log_info (_("keysize invalid; using %u bits\n"), nbits );
+    }
 
   if ((nbits % 32))
     {
@@ -1428,7 +1433,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
   char nbitsstr[35];
   char qbitsstr[35];
 
-  if ( nbits < 512)
+  if (nbits < 768)
     {
       nbits = 2048;
       log_info(_("keysize invalid; using %u bits\n"), nbits );
@@ -1562,6 +1567,11 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
       nbits = 2048;
       log_info (_("keysize invalid; using %u bits\n"), nbits );
     }
+  else if (nbits > 4096)
+    {
+      nbits = 4096;
+      log_info (_("keysize invalid; using %u bits\n"), nbits );
+    }
 
   if ((nbits % 32))
     {

-----------------------------------------------------------------------

Summary of changes:
 g10/keygen.c |   14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list