security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

Allow for 4k ssh keys and better error reporting.

Browse Source
This commit is contained in:
Werner Koch 2006-08-29 13:12:01 +00:00
parent 6434e92379
commit 6870dcf05d
3 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
agent/ChangeLog
View File

@ -1,3 +1,11 @@
2006-08-29 Werner Koch <wk@g10code.com>
* command-ssh.c (stream_read_mpi): Sanity check for early
detecting of too large keys.
* gpg-agent.c (my_gcry_outofcore_handler): New.
(main): Register it.
(main): No allocate 32k secure memory (was 16k).
2006-07-31 Werner Koch <wk@g10code.com>
* preset-passphrase.c (make_hexstring): For conistency use

9
agent/command-ssh.c
View File

@ -526,6 +526,15 @@ stream_read_mpi (estream_t stream, unsigned int secure, gcry_mpi_t *mpint)
if (err)
goto out;
/* To avoid excessive use of secure memory we check that an MPI is
not too large. */
if (mpi_data_size > 520)
{
log_error (_("ssh keys greater than %d bits are not supported\n"), 4096);
err = GPG_ERR_TOO_LARGE;
goto out;
}
err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_STD, mpi_data, mpi_data_size, NULL);
if (err)
goto out;

27
agent/gpg-agent.c
View File

@ -285,6 +285,28 @@ my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
}
/* This function is called by libgcrypt if it ran out of core and
there is no way to return that error to the caller. We do our own
function here to make use of our logging functions. */
static int
my_gcry_outofcore_handler ( void *opaque, size_t req_n, unsigned int flags)
{
static int been_here; /* Used to protect against recursive calls. */
if (!been_here)
{
been_here = 1;
if ( (flags & 1) )
log_fatal (_("out of core in secure memory "
"while allocating %lu bytes"), (unsigned long)req_n);
else
log_fatal (_("out of core while allocating %lu bytes"),
(unsigned long)req_n);
}
return 0; /* Let libgcrypt call its own fatal error handler. */
}
/* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL
only the active debug flags are propagated to the subsystems. With
DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
@ -489,6 +511,7 @@ main (int argc, char **argv )
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
gcry_set_log_handler (my_gcry_logger, NULL);
gcry_set_outofcore_handler (my_gcry_outofcore_handler, NULL);
gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
may_coredump = disable_core_dumps ();
@ -546,8 +569,8 @@ main (int argc, char **argv )
opt.homedir = pargs.r.ret_str;
}
/* initialize the secure memory. */
gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
/* Initialize the secure memory. */
gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
maybe_setuid = 0;
/*