[Bug 1371766] [NEW] Latest CVE-2014-5270 patch breaks ElGamal keys of 16k

Fri, 19 Sep 2014 12:11:49 -0700 

Public bug reported:

I'm currenty using Ubuntu 12.04.5 LTS, 32-bit.

This is what i get with GnuPG version 1.4.11-3ubuntu2.6 using Enigmail
(correct behavior):

2014-09-19 13:44:09.630 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 
--display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt 
--encrypt-to 0x135C7291 -
r 0x0B7D1987135C7291 -u 0x135C7291
2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: 
uiFlags=16, sendFlags=00000142, outputLen=5768
2014-09-19 13:44:40.545 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status 
message: 
gpg: 0x0B7D1987135C7291: skipped: public key already present
[GNUPG:] BEGIN_ENCRYPTION 2 9
[GNUPG:] END_ENCRYPTION

2014-09-19 13:44:40.548 [DEBUG] enigmailCommon.jsm: parseErrorOutput: 
statusFlags = 80000000
2014-09-19 13:44:40.549 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.keySelection(): return toAddrStr="0x0B7D1987135C7291" bccAddrStr=""
2014-09-19 13:44:40.550 [DEBUG] enigmailMsgComposeOverlay.js: hasAttachments = 
false
2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.editorGetContentAs
2014-09-19 13:44:40.551 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.replaceEditorText:
2014-09-19 13:44:40.556 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.editorInsertText
2014-09-19 13:44:40.569 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.editorInsertText
2014-09-19 13:44:40.573 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.editorGetContentAs
2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.editorGetCharset
2014-09-19 13:44:40.574 [DEBUG] enigmailMsgComposeOverlay.js: 
Enigmail.msg.encryptMsg: charset=utf-8
2014-09-19 13:44:40.575 [DEBUG] enigmail.js: Enigmail.encryptMessage: 9 bytes 
from 0x135C7291 to 0x0B7D1987135C7291 (67)
2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: encryptMessageStart: 
uiFlags=1, from 0x135C7291 to 0x0B7D1987135C7291, hashAlgorithm=null (00000043)
2014-09-19 13:44:40.575 [DEBUG] enigmailCommon.jsm: getEncryptCommand: 
hashAlgorithm=null
2014-09-19 13:44:40.577 enigmailCommon.jsm: execStart: command = /usr/bin/gpg 
--charset utf-8 --display-charset utf-8 --batch --no-tty --status-fd 2 -a -t 
--encrypt --sign --encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291, 
needPassphrase=1, domWindow=[object ChromeWindow], listener=[object Object]
2014-09-19 13:44:40.577 [DEBUG] enigmailCommon.jsm: getPassphrase:
2014-09-19 13:44:40.578 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 
--display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign 
--encrypt-to 0x135C7291 -r 0x0B7D1987135C7291 -u 0x135C7291 --use-agent
2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: 
uiFlags=1, sendFlags=00000043, outputLen=5906
2014-09-19 13:45:15.448 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status 
message: 
[GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby <ci...@autistici.org>
[GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0
[GNUPG:] GOOD_PASSPHRASE
gpg: 0x0B7D1987135C7291: skipped: public key already present
[GNUPG:] BEGIN_SIGNING
[GNUPG:] SIG_CREATED S 17 10 01 1411152280 
D0178161A8FA6E506BD07C000B7D1987135C7291
[GNUPG:] BEGIN_ENCRYPTION 2 9
[GNUPG:] END_ENCRYPTION


This is what i get with GnuPG version 1.4.11-3ubuntu2.7 using Enigmail 
(incorrect behavior):

2014-09-18 22:41:19.504 [CONSOLE] enigmail> /usr/bin/gpg --charset utf-8 
--display-charset utf-8 --batch --no-tty --status-fd 2 -a -t --encrypt --sign 
--encrypt-to 0x135
C7291 -r 0x834AC0577A169C63 -u 0x135C7291 --use-agent
2014-09-18 22:41:37.732 [DEBUG] enigmailCommon.jsm: encryptMessageEnd: 
uiFlags=1, sendFlags=00000043, outputLen=0
2014-09-18 22:41:37.733 [DEBUG] enigmailCommon.jsm: parseErrorOutput: status 
message: 
[GNUPG:] USERID_HINT 0B7D1987135C7291 Ciaby <ci...@autistici.org>
[GNUPG:] NEED_PASSPHRASE 0B7D1987135C7291 0B7D1987135C7291 17 0
[GNUPG:] GOOD_PASSPHRASE
gpg: out of secure memory while allocating 2048 bytes
gpg: (this may be caused by too many secret keys used simultaneously or due to 
excessive large key sizes)

Obviously, the latest security patch breaks ElGamal encryption with large keys 
(in this case, 16384 bytes).
Although GnuPG doesn't allow to generate these keys, the PGP standard (and 
GnuPG itself) supports large key sizes.
Please review the latest patch and make sure that all key sizes are supported.

** Affects: gnupg (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1371766

Title:
  Latest CVE-2014-5270 patch breaks ElGamal keys of 16k

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1371766/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to