aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--g10/ChangeLog2
-rw-r--r--g10/passphrase.c4
-rw-r--r--sm/ChangeLog4
-rw-r--r--sm/call-agent.c10
4 files changed, 13 insertions, 7 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 4bf4b4601..0d008ca44 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -54,7 +54,7 @@
* keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list.
Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224.
- (gen_dsa): Use a 256 bit Q for 2048 bit P. Runt to FIPS allowed
+ (gen_dsa): Use a 256 bit Q for 2048 bit P. Round to FIPS allowed
values in non-expert mode.
2009-07-07 Werner Koch <[email protected]>
diff --git a/g10/passphrase.c b/g10/passphrase.c
index d34f5fa92..83a6b0cf8 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -88,6 +88,10 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
count = len2;
}
+ /* Fixme: To avoid DoS attacks by sending an sym-encrypted
+ packet with a very high S2K count, we should either cap
+ the iteration count or CPU seconds based timeout. */
+
/* A little bit complicated because we need a ulong for count. */
while ( count > len2 ) /* maybe iterated+salted */
{
diff --git a/sm/ChangeLog b/sm/ChangeLog
index 4cf1f6703..a88b07919 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,7 @@
+2009-07-30 Werner Koch <[email protected]>
+
+ * call-agent.c (learn_cb): Do not store as ephemeral.
+
2009-07-29 Marcus Brinkmann <[email protected]>
* keylist.c (print_capabilities): Print a trailing colon.
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 47e45aba3..190931f42 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -875,13 +875,11 @@ learn_cb (void *opaque, const void *buffer, size_t length)
return 0;
}
+ /* We do not store a certifciate with missing issuers as ephemeral
+ because we can assume that the --learn-card command has been used
+ on purpose. */
rc = gpgsm_basic_cert_check (parm->ctrl, cert);
- if (gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
- { /* For later use we store it in the ephemeral database. */
- log_info ("issuer certificate missing - storing as ephemeral\n");
- keydb_store_cert (cert, 1, NULL);
- }
- else if (rc)
+ if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT)
log_error ("invalid certificate: %s\n", gpg_strerror (rc));
else
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-04 15:59:35 +0000