[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.24-6-g505f0a6
by Werner Koch
cvs at cvs.gnupg.org
Fri Jun 27 10:17:23 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 505f0a642f899ede411837ad69a442b0d4f427fa (commit)
via 48d92bcc8870f5750fb66351f3623f9d874d08fa (commit)
from 045c979a7673112bdb4e04f1bc7d3d4afbc775f8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 505f0a642f899ede411837ad69a442b0d4f427fa
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 25 20:25:28 2014 +0200
scd: Support reader Gemalto IDBridge CT30
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
reader.
(GEMPC_CT30): New product id.
--
GnuPG-bug-id: 1638
Resolved conflicts:
scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 962128d..6e0bc55 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -227,6 +227,7 @@ enum {
#define CHERRY_ST2000 0x003e
#define VASCO_920 0x0920
#define GEMPC_PINPAD 0x3478
+#define GEMPC_CT30 0x3437
#define VEGA_ALPHA 0x0008
#define CYBERJACK_GO 0x0504
@@ -998,6 +999,11 @@ parse_ccid_descriptor (ccid_driver_t handle,
handle->max_ifsd = 48;
}
+ if (handle->id_vendor == VENDOR_GEMPC && handle->id_product == GEMPC_CT30)
+ {
+ DEBUGOUT ("enabling product quirk: disable non-null NAD\n");
+ handle->nonnull_nad = 0;
+ }
return 0;
}
commit 48d92bcc8870f5750fb66351f3623f9d874d08fa
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jun 25 20:25:28 2014 +0200
gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
diff --git a/g10/keygen.c b/g10/keygen.c
index a786beb..6d3dfa6 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1170,11 +1170,16 @@ gen_elg (int algo, unsigned int nbits,
assert( is_ELGAMAL(algo) );
- if (nbits < 512)
+ if (nbits < 1024)
{
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096)
+ {
+ nbits = 4096;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
if ((nbits % 32))
{
@@ -1281,7 +1286,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
gcry_sexp_t misc_key_info;
unsigned int qbits;
- if ( nbits < 512)
+ if (nbits < 768)
{
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
@@ -1437,6 +1442,11 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096)
+ {
+ nbits = 4096;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
if ((nbits % 32))
{
-----------------------------------------------------------------------
Summary of changes:
g10/keygen.c | 14 ++++++++++++--
scd/ccid-driver.c | 6 ++++++
2 files changed, 18 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list