mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. -- It was possible to create 16k RSA keys in batch mode. In addition to the silliness of such keys, they have the major drawback that under GnuPG and Libgcrypt, with their limited amount of specially secured memory areas, the use of such keys may lead to an "out of secure memory" condition.
This commit is contained in:
parent
045c979a76
commit
48d92bcc88
14
g10/keygen.c
14
g10/keygen.c
@ -1170,11 +1170,16 @@ gen_elg (int algo, unsigned int nbits,
|
||||
|
||||
assert( is_ELGAMAL(algo) );
|
||||
|
||||
if (nbits < 512)
|
||||
if (nbits < 1024)
|
||||
{
|
||||
nbits = 2048;
|
||||
log_info (_("keysize invalid; using %u bits\n"), nbits );
|
||||
}
|
||||
else if (nbits > 4096)
|
||||
{
|
||||
nbits = 4096;
|
||||
log_info (_("keysize invalid; using %u bits\n"), nbits );
|
||||
}
|
||||
|
||||
if ((nbits % 32))
|
||||
{
|
||||
@ -1281,7 +1286,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
||||
gcry_sexp_t misc_key_info;
|
||||
unsigned int qbits;
|
||||
|
||||
if ( nbits < 512)
|
||||
if (nbits < 768)
|
||||
{
|
||||
nbits = 2048;
|
||||
log_info(_("keysize invalid; using %u bits\n"), nbits );
|
||||
@ -1437,6 +1442,11 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
||||
nbits = 2048;
|
||||
log_info (_("keysize invalid; using %u bits\n"), nbits );
|
||||
}
|
||||
else if (nbits > 4096)
|
||||
{
|
||||
nbits = 4096;
|
||||
log_info (_("keysize invalid; using %u bits\n"), nbits );
|
||||
}
|
||||
|
||||
if ((nbits % 32))
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user