security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

gpg: Limit keysize for unattended key generation to useful values. 

* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
This commit is contained in:
Werner Koch 2014-06-25 20:25:28 +02:00
parent c0d1e7fca9
commit 03f0b51fe4
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
g10/keygen.c
View File

@ -1378,11 +1378,16 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
assert (is_ELGAMAL (algo));
if (nbits < 512)
if (nbits < 1024)
{
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
else if (nbits > 4096)
{
nbits = 4096;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
if ((nbits % 32))
{
@ -1428,7 +1433,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
char nbitsstr[35];
char qbitsstr[35];
if ( nbits < 512)
if (nbits < 768)
{
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
@ -1562,6 +1567,11 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
else if (nbits > 4096)
{
nbits = 4096;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
if ((nbits % 32))
{