Bug#739424: [Pkg-gnupg-maint] Bug#739424: Bug#739424: gnupg dies with "gpg: out of secure memory [...]" since 1.4.16-1

Thu, 02 Oct 2014 13:09:53 -0700 

On Thu 2014-10-02 15:23:10 -0400, Daniel Kahn Gillmor wrote:
> it sounds like you might be willing to consider a combination of the two
> patches.  What would you think about the following proposal?
>
>  * ./configure --enable-large-rsa doubles the secmem size
>
>  * gpg --enable-large-rsa option (acceptable either on the command line
> or in the config file) (a) produces a warning when built without the
> ./configure option, or (b) bumps the upper limit to 8192 bits during
> --batch --key-gen

Attached is a patch (a third variant) for gpg's 1.4 stable branch that
does what i've outlined above.  let me know what you think.

Note: with this patch, for aesthetic reasons, i've also changed the
configure option to --enable-large-rsa, so that the build-time and
run-time options are symmetric.

     --dkg


From c09b57360a57e47d6fac120b7bec88e8eb27a34e Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Date: Thu, 2 Oct 2014 10:58:54 -0400
Subject: [PATCH] add build and runtime support for larger RSA keys

* configure.ac: added --enable-large-rsa option
* g10/options.h: add opt.flags.large_rsa
* g10/gpg.c: contingent on configure option: adjust secmem size,
             add gpg --enable-large-rsa, bound to opt.flags.large_rsa
* g10/keygen.c: adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: document --enable-large-rsa

--

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-rsa-keys will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424
---
 configure.ac  | 16 ++++++++++++++++
 doc/gpg.texi  |  9 +++++++++
 g10/gpg.c     | 26 +++++++++++++++++++++++++-
 g10/keygen.c  |  5 +++--
 g10/options.h |  1 +
 5 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index ae63a4a..0648679 100644
--- a/configure.ac
+++ b/configure.ac
@@ -158,6 +158,7 @@ use_exec=yes
 card_support=yes
 agent_support=yes
 disable_keyserver_path=no
+large_rsa_support=no
 
 AC_ARG_ENABLE(minimal,
    AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]),
@@ -177,6 +178,21 @@ AC_ARG_ENABLE(minimal,
    agent_support=no)
 
 
+AC_MSG_CHECKING([whether larger RSA keys should be supported])
+AC_ARG_ENABLE(large-rsa,
+              AC_HELP_STRING([--enable-large-rsa],
+                             [enable large RSA keys]),
+              large_rsa_support=$enableval, large_rsa_support=no)
+AC_MSG_RESULT($large_rsa_support)
+
+if test "$large_rsa_support" = yes ; then
+  AC_DEFINE(SECMEM_BUFFER_SIZE,65536,[Size of secure memory buffer])
+  AC_DEFINE(LARGE_RSA_KEYS,1,[Define to support large RSA keys])
+else
+  AC_DEFINE(SECMEM_BUFFER_SIZE,32768,[Size of secure memory buffer])
+fi
+
+
 AC_MSG_CHECKING([whether OpenPGP card support is requested])
 AC_ARG_ENABLE(card-support,
               AC_HELP_STRING([--disable-card-support],
diff --git a/doc/gpg.texi b/doc/gpg.texi
index ded69ce..ae86809 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1104,6 +1104,15 @@ the opposite meaning. The options are:
   validation. This option is only meaningful if pka-lookups is set.
 @end table
 
+@item --enable-large-rsa
+@itemx --disable-large-rsa
+@opindex enable-large-rsa
+@opindex disable-large-rsa
+With --gen-key and --batch, enable the creation of larger RSA secret
+keys than is generally recommended (up to 8192 bits).  These large
+keys are more expensive to use, and their signatures and
+certifications are also larger.
+
 @item --enable-dsa2
 @itemx --disable-dsa2
 @opindex enable-dsa2
diff --git a/g10/gpg.c b/g10/gpg.c
index 1b0a364..1fe6caf 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -372,6 +372,8 @@ enum cmd_and_opt_values
     oAutoKeyLocate,
     oNoAutoKeyLocate,
     oAllowMultisigVerification,
+    oEnableLargeRSA,
+    oDisableLargeRSA,
     oEnableDSA2,
     oDisableDSA2,
     oAllowMultipleMessages,
@@ -719,6 +721,8 @@ static ARGPARSE_OPTS opts[] = {
     { oDebugCCIDDriver, "debug-ccid-driver", 0, "@"},
 #endif
     { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
+    { oEnableLargeRSA, "enable-large-rsa", 0, "@"},
+    { oDisableLargeRSA, "disable-large-rsa", 0, "@"},
     { oEnableDSA2, "enable-dsa2", 0, "@"},
     { oDisableDSA2, "disable-dsa2", 0, "@"},
     { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"},
@@ -1948,6 +1952,10 @@ main (int argc, char **argv )
 	    set_homedir ( pargs.r.ret_str );
 	else if( pargs.r_opt == oNoPermissionWarn )
 	    opt.no_perm_warn=1;
+	else if( pargs.r_opt == oEnableLargeRSA )
+	    opt.flags.large_rsa=1;
+	else if( pargs.r_opt == oDisableLargeRSA )
+	    opt.flags.large_rsa=0;
 	else if (pargs.r_opt == oStrict )
 	  {
 	    opt.strict=1;
@@ -1995,7 +2003,7 @@ main (int argc, char **argv )
     }
 #endif
     /* initialize the secure memory. */
-    got_secmem=secmem_init( 32768 );
+    got_secmem=secmem_init( 65536 );
     maybe_setuid = 0;
     /* Okay, we are now working under our real uid */
 
@@ -2851,6 +2859,22 @@ main (int argc, char **argv )
 	    release_akl();
 	    break;
 
+	  case oEnableLargeRSA:
+#ifdef LARGE_RSA_KEYS
+            opt.flags.large_rsa=1;
+#else
+            if (configname)
+              log_info(_("%s:%d: WARNING: gpg not built with large RSA key "
+                         "support.  Ignoring enable-large-rsa\n"),
+                        configname,configlineno);
+            else
+              log_info(_("WARNING: gpg not built with large RSA key "
+                         "support.  Ignoring --enable-large-rsa\n"));
+#endif /* ENABLE_LARGE_RSA */
+            break;
+	  case oDisableLargeRSA: opt.flags.large_rsa=0;
+            break;
+
 	  case oEnableDSA2: opt.flags.dsa2=1; break;
 	  case oDisableDSA2: opt.flags.dsa2=0; break;
 
diff --git a/g10/keygen.c b/g10/keygen.c
index 84f852f..9020908 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1253,6 +1253,7 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
     PKT_public_key *pk;
     MPI skey[6];
     MPI *factors;
+    const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
 
     assert( is_RSA(algo) );
 
@@ -1260,8 +1261,8 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
 	nbits = 2048;
 	log_info(_("keysize invalid; using %u bits\n"), nbits );
     }
-    else if (nbits > 4096) {
-        nbits = 4096;
+    else if (nbits > maxsize) {
+        nbits = maxsize;
         log_info(_("keysize invalid; using %u bits\n"), nbits );
     }
 
diff --git a/g10/options.h b/g10/options.h
index d6326d8..670cf64 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -231,6 +231,7 @@ struct
     unsigned int utf8_filename:1;
     unsigned int dsa2:1;
     unsigned int allow_multiple_messages:1;
+    unsigned int large_rsa:1;
   } flags;
 
   /* Linked list of ways to find a key if the key isn't on the local
-- 
2.1.0

Attachment: pgpVvwFg9ddhm.pgp
Description: PGP signature

Reply via email to