| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* g10/keygen.c (ask_keysize): It's 768 only for DSA.
--
(forwardport of
1.4 commit ca1fc596267b42a894a3fc85c3733007c672ed1f)
GnuPG-bug-id: 2238
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
This fixes sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.
(back ported from commit 2183683bd633818dd031b090b5530951de76f392)
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/keygen.c (ask_algo): Add list of strings.
--
Signed-off-by: Werner Koch <[email protected]>
(backported from commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7)
|
|
* g10/keygen.c (generate_subkeypair): Release DEK soon.
--
This fixes the out_of_core error in the test case of adding
RSA-4096 subkey to RSA-4096 primary key with configuration:
s2k-cipher-algo S10
Debian-bug-id: 772780
Cherry-picked da66ad5bba4215b9ddd0cb927a89aa75355632aa from
STABLE-BRANCH-1-4 branch.
|
|
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against STABLE-BRANCH-2-0
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
|
|
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
|
|
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
|
|
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--
This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.
GnuPG-bug-id: 1639
|
|
* g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/
to gcry_pk_algo_name by a call to this function.
(map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
(openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
GCRY_PK_ELG_E. Return an error for ECC algos.
(openpgp_pk_test_algo2): Return an error for ECC algos.
* g10/gpg.c (build_list): Avoid printing ECC two times.
* include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
--
Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg
--version" printed two question marks. This patches fixes that and
also make sure that gpg does advertise any ECC features. The patch in
build_list is not really needed.
Signed-off-by: Werner Koch <[email protected]>
|
|
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
(cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
|
|
--
|
|
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.
Signed-off-by: Werner Koch <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
Note that msgmerge 0.17 is completely broken as it always
prepends a fuzzy null entry to all po files.
|
|
|
|
Doc fixes.
Replace assert by error message.
|
|
|
|
|
|
|
|
|
|
Improved card key generation prompts.
|
|
Add some not yet code to app-nks.c
Changed batch mode expiration time computation
|
|
Cleanups.
Allow utf-8 in email addresses.
|
|
Fix SIG_ID computation.
|
|
Add trustdb chnages from 1.4.
Check algo usage for batch key generation.
|
|
|
|
|
|
|
|
|
|
Other minor buf fixes.
|
|
Reveal less information about timings while generating a key.
|
|
Removed intl/.
|
|
g10/
* passphrase.c (passphrase_get): Set the cancel flag on all error
from the agent. Fixes a bug reported by Tom Duerbusch.
sm/
* gpgsm.c (main): Let --gen-key print a more informative error
message.
|
|
reading even for corrupted packets.
* keygen.c (generate_user_id): Need to allocate one byte more.
Reported by Felix von Leitner.
|
|
|
|
|
|
good chance that gpg2 will now work.
Other cleanups.
Updated gettext.
|
|
|
|
|
|
Migrated the gpg regression tests.
Some changes tp the gpg code to fix bugs and
for the use in testing.
make distcheck works now with gpg enabled.
|
|
shows no prblems. Needs more testing of course.
|
|
|
|
|
|
|
|
keygen_add_std_prefs, proc_parameter_file): Add --default-keyserver-url to
specify a keyserver URL at key generation time, and "Keyserver:" keyword
for doing the same through a batch file.
|
|
(not a copy) of the stub secret key for the secret key we just
generated on the card. (generate_card_subkeypair): Use it here so
that the signing key on the card can use the card to generate the 0x19
backsig on the primary key. Noted by Janko Heilgeist and Jonas Oberg.
|
