security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

Fix bug 1091. 

Doc fixes.
Replace assert by error message.
This commit is contained in:
Werner Koch 2009-07-20 11:02:20 +00:00
parent d56084296c
commit 7ae15f0027
4 changed files with 35 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
g10/ChangeLog
View File

@ -1,3 +1,13 @@
2009-07-20 Werner Koch <wk@g10code.com>
* keygen.c (generate_keypair): Allow Elgamal > 3072 in BOTH mode.
Reported by Jeroen Schot. Fixes bug#1091.
2009-07-17 Werner Koch <wk@g10code.com>
* keyring.c (keyring_rebuild_cache): Replace the assert by a
proper error message and allow to delete a bad keyblock.
2009-07-13 Werner Koch <wk@g10code.com>
* exec.c: Fix function name indentation.

17
g10/keygen.c
View File

@ -3123,7 +3123,7 @@ generate_keypair (const char *fname, const char *card_serialno,
nbits = 0;
}
nbits = ask_keysize (algo, nbits);
nbits = ask_keysize (both? subkey_algo : algo, nbits);
r = xmalloc_clear( sizeof *r + 20 );
r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
sprintf( r->u.value, "%u", nbits);
@ -3400,6 +3400,15 @@ do_generate_keypair (struct para_data_s *para,
if (!timestamp)
timestamp = make_timestamp ();
/* Note that, depending on the backend (i.e. the used scdaemon
version), the card key generation may update TIMESTAMP for each
key. Thus we need to pass TIMESTAMP to all signing function to
make sure that the binding signature is done using the timestamp
of the corresponding (sub)key and not that of the primary key.
An alternative implementation could tell the signing function the
node of the subkey but that is more work than just to pass the
current timestamp. */
if (!card)
{
rc = do_create (get_parameter_algo( para, pKEYTYPE ),
@ -3413,8 +3422,6 @@ do_generate_keypair (struct para_data_s *para,
}
else
{
/* Note, that depending on the backend, the card key generation
may update TIMESTAMP. */
rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root, NULL,
&timestamp,
get_parameter_u32 (para, pKEYEXPIRE), para);
@ -3450,8 +3457,6 @@ do_generate_keypair (struct para_data_s *para,
if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
{
/* Note, that depending on the backend, the card key generation
may update TIMESTAMP. */
rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL,
&timestamp,
get_parameter_u32 (para, pKEYEXPIRE), para);
@ -3493,8 +3498,6 @@ do_generate_keypair (struct para_data_s *para,
}
else
{
/* Note, that depending on the backend, the card key
generation may update TIMESTAMP. */
rc = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, sec_root,
NULL,
&timestamp,

15
g10/keyring.c
View File

@ -1440,7 +1440,20 @@ keyring_rebuild_cache (void *token,int noisy)
log_error ("keyring_get_keyblock failed: %s\n", g10_errstr(rc));
goto leave;
}
assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
{
/* We had a few reports about corrupted keyrings; if we have
been called directly from the command line we delete such
a keyblock instead of bailing out. */
log_error ("unexpected keyblock found (pkttype=%d)%s\n",
keyblock->pkt->pkttype, noisy? " - deleted":"");
if (noisy)
continue;
log_info ("Hint: backup your keys and try running `%s'\n",
"gpg --rebuild-keydb-caches");
rc = gpg_error (GPG_ERR_INV_KEYRING);
goto leave;
}
/* check all signature to set the signature's cache flags */
for (node=keyblock; node; node=node->next)

2
g10/misc.c
View File

@ -1207,7 +1207,7 @@ parse_options(char *str,unsigned int *options,
/* Check whether the string has characters not valid in an RFC-822
address. To cope with OpenPGP we ignore allow non-ascii characters
address. To cope with OpenPGP we ignore non-ascii characters
so that for example umlauts are legal in an email address. An
OpenPGP user ID must be utf-8 encoded but there is no strict
requirement for RFC-822. Thus to avoid IDNA encoding we put the